Overview

overview

8

Static

static

1

ubuntu2404...uk.ps1

windows10-2004-x64

8

Resubmissions

20-12-2024 21:06

241220-zxvl6stpcv 3

15-12-2024 03:29

241215-d2ekvssngx 4

15-12-2024 03:28

241215-d1lb1ssnft 4

06-12-2024 20:12

241206-yy9baavnft 4

06-12-2024 20:12

241206-yyyjsavnd1 3

06-12-2024 20:02

241206-ysa7asvkfv 8

06-12-2024 20:02

241206-yr3vxs1kbr 3

06-12-2024 19:59

241206-yqe3gavjft 4

06-12-2024 19:58

241206-yp89xs1jdk 3

Analysis

  • max time kernel
    1794s
  • max time network
    1147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ubuntu2404-amd64-20240523-uk.ps1

  • Size

    1B

  • MD5

    f1290186a5d0b1ceab27f4e77c0c5d68

  • SHA1

    aff024fe4ab0fece4091de044c58c9ae4233383a

  • SHA256

    50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

  • SHA512

    aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

Score
8/10
discoveryevasionexecutionpersistencephishingprivilege_escalationtrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 53 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 22 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • System Time Discovery 1 TTPs 2 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 19 IoCs
  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of UnmapMainImage 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ubuntu2404-amd64-20240523-uk.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4296
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffa39c846f8,0x7ffa39c84708,0x7ffa39c84718
      2⤵
        PID:4576
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
        2⤵
          PID:460
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4064
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
          2⤵
            PID:728
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
            2⤵
              PID:2804
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
              2⤵
                PID:2216
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
                2⤵
                  PID:4528
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                  2⤵
                    PID:3100
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
                    2⤵
                      PID:2252
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2736
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                      2⤵
                        PID:4216
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
                        2⤵
                          PID:4912
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                          2⤵
                            PID:3996
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                            2⤵
                              PID:4372
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                              2⤵
                                PID:5188
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                2⤵
                                  PID:5524
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                                  2⤵
                                    PID:5532
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                                    2⤵
                                      PID:5744
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                                      2⤵
                                        PID:5828
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                                        2⤵
                                          PID:1312
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                                          2⤵
                                            PID:5176
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                            2⤵
                                              PID:5224
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5508 /prefetch:8
                                              2⤵
                                                PID:5056
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                                                2⤵
                                                  PID:4040
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 /prefetch:8
                                                  2⤵
                                                    PID:2176
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
                                                    2⤵
                                                      PID:5700
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1976,441336563901803897,18251682094736714135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4664
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:856
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:2756
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:3928
                                                        • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                          "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Checks whether UAC is enabled
                                                          • Drops file in Program Files directory
                                                          • System Location Discovery: System Language Discovery
                                                          • Enumerates system info in registry
                                                          • Modifies Internet Explorer settings
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:4564
                                                          • C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                            MicrosoftEdgeWebview2Setup.exe /silent /install
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:2752
                                                            • C:\Program Files (x86)\Microsoft\Temp\EU88FC.tmp\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\Temp\EU88FC.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                              3⤵
                                                              • Event Triggered Execution: Image File Execution Options Injection
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Checks system information in the registry
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:5772
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • System Location Discovery: System Language Discovery
                                                                • Modifies registry class
                                                                PID:3964
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • System Location Discovery: System Language Discovery
                                                                • Modifies registry class
                                                                PID:4568
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Modifies registry class
                                                                  PID:5596
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Modifies registry class
                                                                  PID:5316
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Modifies registry class
                                                                  PID:956
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxRUQ2REUtM0NGNi00NjQ1LUEzNDctMEY2MjhDRThERUNBfSIgdXNlcmlkPSJ7NDgzOTE2NkYtNDY3Ni00N0U0LUIxRjYtMTA1QTEzMkY5Q0NCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBRDY4MjQ4Ri03MjVGLTQ2MzItQjM5MC0yODQzNEE0Mjc0NjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDUwMTQxNDc0IiBpbnN0YWxsX3RpbWVfbXM9IjQ4NyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks system information in the registry
                                                                • System Location Discovery: System Language Discovery
                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                PID:2008
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B61ED6DE-3CF6-4645-A347-0F628CE8DECA}" /silent
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • System Location Discovery: System Language Discovery
                                                                PID:1716
                                                          • C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
                                                            "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4564
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious use of NtCreateThreadExHideFromDebugger
                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of UnmapMainImage
                                                            PID:880
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc37b9eddh0a4bh4be0h9207h7e187ad3f1bb
                                                          1⤵
                                                            PID:5012
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa39c846f8,0x7ffa39c84708,0x7ffa39c84718
                                                              2⤵
                                                                PID:1664
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,5319084029394597159,3969794679642779094,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
                                                                2⤵
                                                                  PID:3432
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,5319084029394597159,3969794679642779094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:5420
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,5319084029394597159,3969794679642779094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3060 /prefetch:8
                                                                  2⤵
                                                                    PID:2800
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:3384
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:5016
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                                                                      1⤵
                                                                      • Drops desktop.ini file(s)
                                                                      • Checks processor information in registry
                                                                      PID:4392
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault43eed16eh2de2h47d0hb22bh7efc05d1abe5
                                                                      1⤵
                                                                        PID:3928
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa39c846f8,0x7ffa39c84708,0x7ffa39c84718
                                                                          2⤵
                                                                            PID:5624
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11912114464839498320,6549937799561341850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
                                                                            2⤵
                                                                              PID:3648
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11912114464839498320,6549937799561341850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:704
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11912114464839498320,6549937799561341850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
                                                                              2⤵
                                                                                PID:5480
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:5916
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:4652
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                  1⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Modifies data under HKEY_USERS
                                                                                  PID:2996
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxRUQ2REUtM0NGNi00NjQ1LUEzNDctMEY2MjhDRThERUNBfSIgdXNlcmlkPSJ7NDgzOTE2NkYtNDY3Ni00N0U0LUIxRjYtMTA1QTEzMkY5Q0NCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMkRGRUUzNS1EQTM5LTQ0RjctQTFCQi0zNTY3QjFGNjM4ODZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwNTU2ODEzMDQiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Checks system information in the registry
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                    PID:1120
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\MicrosoftEdge_X64_131.0.2903.86.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:5560
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\EDGEMITMP_A306B.tmp\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\EDGEMITMP_A306B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                      3⤵
                                                                                      • Checks computer location settings
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Program Files directory
                                                                                      PID:1172
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\EDGEMITMP_A306B.tmp\setup.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\EDGEMITMP_A306B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{184DA916-8BB5-4989-920A-442A23747E4C}\EDGEMITMP_A306B.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6c8f32918,0x7ff6c8f32924,0x7ff6c8f32930
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:5160
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxRUQ2REUtM0NGNi00NjQ1LUEzNDctMEY2MjhDRThERUNBfSIgdXNlcmlkPSJ7NDgzOTE2NkYtNDY3Ni00N0U0LUIxRjYtMTA1QTEzMkY5Q0NCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMjFGNTQ5Qy1GQ0E5LTRBQjMtODAyOS00NzY1NUMyNEI1RDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy44NiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA2NDUwMTMzNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwNjQ1MjEzODIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Mjk0NDIxNDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wOTcwNWViMi0xY2Y0LTQ2YmYtYmQxMi04MTA5YjMwYzMyMjc_UDE9MTczNDEyMDI4NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1LWGJtODJhTFElMmZpOXNnQk1VNE0yRzJFVEsyJTJmcmljbmtkWFZUVWJXZXBEMWpMNTJSQzI3cWEwcEpnckVMelNMJTJiTTNRc2RrV3FyZExiSkVpMG9YYmRvZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NjY3NjQwOCIgdG90YWw9IjE3NjY3NjQwOCIgZG93bmxvYWRfdGltZV9tcz0iMTYxNDIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Mjk0NTExNDU4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjMwODI5MTQwMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjkxODU2MTUxOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjYwMyIgZG93bmxvYWRfdGltZV9tcz0iMjI5OTQiIGRvd25sb2FkZWQ9IjE3NjY3NjQwOCIgdG90YWw9IjE3NjY3NjQwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjEwMjQiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Checks system information in the registry
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                    PID:3464
                                                                                • C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe"
                                                                                  1⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of UnmapMainImage
                                                                                  PID:2512
                                                                                • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                                  "C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
                                                                                  1⤵
                                                                                  • Executes dropped EXE
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Enumerates system info in registry
                                                                                  PID:3828
                                                                                  • C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_8A3BD\RobloxStudioInstaller.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_8A3BD\RobloxStudioInstaller.exe
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    • Checks whether UAC is enabled
                                                                                    • Drops file in Program Files directory
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Enumerates system info in registry
                                                                                    • Modifies Internet Explorer settings
                                                                                    • Modifies registry class
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:1332
                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe
                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Checks whether UAC is enabled
                                                                                      • Enumerates connected drives
                                                                                      • Enumerates system info in registry
                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:1356
                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe
                                                                                        "C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T200749Z_Studio_A35ED_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T200749Z_Studio_A35ED_last.log --attachment=attachment_log_0.653.0.6530693_20241206T200749Z_Studio_A35ED_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T200749Z_Studio_A35ED_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T200749Z_Studio_A35ED_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T200749Z_Studio_A35ED_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=3300163029566100853 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x418,0x41c,0x420,0x414,0x3ec,0x7ff65663d128,0x7ff65663d140,0x7ff65663d158
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        PID:944
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --mojo-named-platform-channel-pipe=1356.1984.8474134113063526491
                                                                                        4⤵
                                                                                        • Checks computer location settings
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        • Checks system information in the registry
                                                                                        • Enumerates system info in registry
                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                        • System policy modification
                                                                                        PID:2092
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.86 --initial-client-data=0x17c,0x180,0x184,0x158,0x134,0x7ffa34116070,0x7ffa3411607c,0x7ffa34116088
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          PID:3444
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1708,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:2
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          PID:5868
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2036,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          PID:3648
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2336,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          PID:6048
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3844,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:1
                                                                                          5⤵
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          PID:4212
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4212,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1
                                                                                          5⤵
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          PID:444
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4420,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:1
                                                                                          5⤵
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          PID:3684
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5024,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:1836
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5288,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5584
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5372,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5580
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5548,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5984
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5528,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:4364
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5252,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5684
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4740,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
                                                                                          5⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:624
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=5808,i,5937900908495692619,6572079622963121448,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1
                                                                                          5⤵
                                                                                          • Checks computer location settings
                                                                                          • Executes dropped EXE
                                                                                          PID:4740
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/account/signupredir?ReturnUrl=https%3A%2F%2Fapis.roblox.com%2Foauth%2Fv1%2Fauthorize%3Fclient_id%3D7968549422692352298%26response_type%3Dcode%26redirect_uri%3Droblox-studio-auth%253a%252f%26scope%3Dopenid%2Bcredentials%2Bprofile%2Bage%2Broles%2Bpremium%26state%3DeyJyYW5kb21fc3RyaW5nIjoiZ1hBcGxUOFM0ejRjT0t2cGdieVlLempqYjFZV2xkZS1EMC1OQWw5MmdSUSIsInBpZCI6IjEzNTYifQ%253d%253d%26nonce%3Did-roblox%26code_challenge%3DLtXeKsnL2V5nUr6wP2DQUtRdH8irLJyWfQxD8lvDdAM%26code_challenge_method%3DS256%26rlt%3Dq0ukRZfyumCRE9nip2mktNfQPSUWRD1uBiMvHT29momFmWQR1e_VekQ9LbMVk85unLDLHOEIkr5i1q4QGa4AzfvzyDc0oKi4KCbcx_Sqoqf7i0ZKK9gmf3FRRE95HuMm4mwugBIZxdGX2A6Wah_O8w
                                                                                        4⤵
                                                                                        • Enumerates system info in registry
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                        • Suspicious use of SendNotifyMessage
                                                                                        PID:4280
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa39c846f8,0x7ffa39c84708,0x7ffa39c84718
                                                                                          5⤵
                                                                                            PID:4104
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
                                                                                            5⤵
                                                                                              PID:4388
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2724 /prefetch:3
                                                                                              5⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:956
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
                                                                                              5⤵
                                                                                                PID:1504
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
                                                                                                5⤵
                                                                                                  PID:5944
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
                                                                                                  5⤵
                                                                                                    PID:6032
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
                                                                                                    5⤵
                                                                                                      PID:1752
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                                                                                                      5⤵
                                                                                                        PID:5692
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                                                                                                        5⤵
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:2252
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                                                                                                        5⤵
                                                                                                          PID:3816
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                                                                                                          5⤵
                                                                                                            PID:2228
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                                                                                                            5⤵
                                                                                                              PID:5184
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3960 /prefetch:8
                                                                                                              5⤵
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:2332
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5548 /prefetch:8
                                                                                                              5⤵
                                                                                                                PID:3372
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5552 /prefetch:8
                                                                                                                5⤵
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:1552
                                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe
                                                                                                                "C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" roblox-studio-auth:/?code=G7Urbu5FXxPVrk_Jx8OX2CwG_3aRw1SU3rebjQSUys5vcIvXm2wnr_wzTC8hOk164sOO2rlNL37QQK-E9s3WPhzxaaCP7NFAWoOMuOkH80qKhI78L2dgmA0HhdPcRKAB66_4DGyPG4mZLDCFHGKvsjuBSNU3DxShfDCTq2BwG64yNgtXN2Qz5Gmx8s1aQ0W5pALAzk8g9PsEjE8FBS3Yhfjydsc6hDJgWGKLJmf2Si-w7BucpG3YTfTFkUkdkgqQReBAt8jkM930GNlZq7hE41P2nRfDMRPEjTqHrLy4YrSphgiyqQhtBMNV0xYPK7Y6ThvP4oYV55al5Nu9wmurYR93hFO78dMsnA5-h-hv8U4&state=eyJyYW5kb21fc3RyaW5nIjoiZ1hBcGxUOFM0ejRjT0t2cGdieVlLempqYjFZV2xkZS1EMC1OQWw5MmdSUSIsInBpZCI6IjEzNTYifQ%3d%3d
                                                                                                                5⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Enumerates system info in registry
                                                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:5172
                                                                                                                • C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe
                                                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T200901Z_Studio_819FE_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T200901Z_Studio_819FE_last.log --attachment=attachment_log_0.653.0.6530693_20241206T200901Z_Studio_819FE_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T200901Z_Studio_819FE_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T200901Z_Studio_819FE_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T200901Z_Studio_819FE_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=3691939946411036946 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x40c,0x410,0x414,0x3f0,0x418,0x7ff65663d128,0x7ff65663d140,0x7ff65663d158
                                                                                                                  6⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:2728
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17816670199394199920,8609548585463520544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                                                                                                                5⤵
                                                                                                                  PID:3764
                                                                                                        • C:\Windows\System32\GameBarPresenceWriter.exe
                                                                                                          "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                                                                                          1⤵
                                                                                                          • Network Service Discovery
                                                                                                          PID:5408
                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                          1⤵
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:116
                                                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                                                          C:\Windows\system32\AUDIODG.EXE 0x50c 0x410
                                                                                                          1⤵
                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                          PID:3536
                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                          1⤵
                                                                                                            PID:5560
                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                            1⤵
                                                                                                              PID:1704
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:4192
                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                                                                                                                1⤵
                                                                                                                • Checks processor information in registry
                                                                                                                PID:5440
                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                1⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Checks system information in the registry
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:4608
                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                1⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Checks system information in the registry
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                • Modifies data under HKEY_USERS
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                PID:5980
                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DD0E6BC4-FFA2-4A8F-889E-6F90FFE10462}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DD0E6BC4-FFA2-4A8F-889E-6F90FFE10462}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{869000B1-86E3-451D-8679-74EF398B5B4F}"
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:3524
                                                                                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6A02.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Temp\EU6A02.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{869000B1-86E3-451D-8679-74EF398B5B4F}"
                                                                                                                    3⤵
                                                                                                                    • Event Triggered Execution: Image File Execution Options Injection
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Checks system information in the registry
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    PID:4916
                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                      4⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Modifies registry class
                                                                                                                      PID:2332
                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                      4⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Modifies registry class
                                                                                                                      PID:5164
                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                        5⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Modifies registry class
                                                                                                                        PID:1016
                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                        5⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Modifies registry class
                                                                                                                        PID:1056
                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                        5⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Modifies registry class
                                                                                                                        PID:3336
                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODY5MDAwQjEtODZFMy00NTFELTg2NzktNzRFRjM5OEI1QjRGfSIgdXNlcmlkPSJ7NDgzOTE2NkYtNDY3Ni00N0U0LUIxRjYtMTA1QTEzMkY5Q0NCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RTJCQTIxQjAtMUMwQy00MTMyLUEzNzAtRTAwOEYxOTNFQUFFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzMzNTE1NDgxIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjUxNzMwOTc5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                      4⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Checks system information in the registry
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                      PID:5252
                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODY5MDAwQjEtODZFMy00NTFELTg2NzktNzRFRjM5OEI1QjRGfSIgdXNlcmlkPSJ7NDgzOTE2NkYtNDY3Ni00N0U0LUIxRjYtMTA1QTEzMkY5Q0NCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0NTEzMkQ1Ri05MkM1LTRGMzUtOTlCMy04M0EyNjgyOUZEODR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjE5MTgxMDkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMTkyMjEwMjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMjgyNzEwNzEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDEyMDU5OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1kdFpnSmlpUnlRQk9RU0x1WkkwaUQzSjZPdE1CR253c2FqZTFRWkljNTB6Y282ZzFTQVZraTBBdHUzcEhiUWVERVIwdVM4JTJib2JON1BjbVA5Y2kzaVpRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIyODI4MDk5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMTdiNzUyMjMtYTM1ZS00NDRhLTgwZDQtYmI5ODljY2YyZjczP1AxPTE3MzQxMjA1OTkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZHRaZ0ppaVJ5UUJPUVNMdVpJMGlEM0o2T3RNQkdud3NhamUxUVpJYzUwemNvNmcxU0FWa2kwQXR1M3BIYlFlREVSMHVTOCUyYm9iTjdQY21QOWNpM2laUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NTMzMjgiIHRvdGFsPSIxNjUzMzI4IiBkb3dubG9hZF90aW1lX21zPSI4MjEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIyODMwMDk5MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjMzNTc1ODc5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Nzk4OTI4MDc0NjExNTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuODYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1NDUiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc3OTg5Mjc0NTQ5NDg2MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7OUQ1MjMzODAtOTBGNC00MkM5LUJEODAtNDlFQzI5RDBEMUI3fSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Checks system information in the registry
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                  PID:2812
                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                                                                                                                1⤵
                                                                                                                • Checks processor information in registry
                                                                                                                PID:5084
                                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
                                                                                                                "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe"
                                                                                                                1⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                • Suspicious use of UnmapMainImage
                                                                                                                PID:3040
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault32d26ad9h7640h4275h96b8hfc8e166d56d0
                                                                                                                1⤵
                                                                                                                  PID:3772
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa39c846f8,0x7ffa39c84708,0x7ffa39c84718
                                                                                                                    2⤵
                                                                                                                      PID:1940
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,7796968168377463371,6886343582604863639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
                                                                                                                      2⤵
                                                                                                                        PID:5688
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,7796968168377463371,6886343582604863639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
                                                                                                                        2⤵
                                                                                                                          PID:5676
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,7796968168377463371,6886343582604863639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:5616
                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:5356
                                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                            1⤵
                                                                                                                              PID:5868
                                                                                                                            • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                                                                              "C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 1
                                                                                                                              1⤵
                                                                                                                              • System Time Discovery
                                                                                                                              PID:5656
                                                                                                                            • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                                                                              "C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 1
                                                                                                                              1⤵
                                                                                                                                PID:4088
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k LocalService -p -s tzautoupdate
                                                                                                                                1⤵
                                                                                                                                  PID:5920
                                                                                                                                • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                                                                                  "C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 0
                                                                                                                                  1⤵
                                                                                                                                    PID:2540
                                                                                                                                  • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                                                                                    "C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 0
                                                                                                                                    1⤵
                                                                                                                                    • System Time Discovery
                                                                                                                                    PID:5628
                                                                                                                                  • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                                                                                                    "C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
                                                                                                                                    1⤵
                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                    PID:5772
                                                                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe
                                                                                                                                    "C:\Program Files (x86)\Roblox\Versions\version-a2fb906f52d742c1\RobloxPlayerBeta.exe"
                                                                                                                                    1⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                    • Suspicious use of UnmapMainImage
                                                                                                                                    PID:1280

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Reconnaissance

                                                                                                                                  Resource Development

                                                                                                                                  Initial Access

                                                                                                                                  Execution

                                                                                                                                  Command and Scripting Interpreter

                                                                                                                                  1
                                                                                                                                  T1059

                                                                                                                                  PowerShell

                                                                                                                                  1
                                                                                                                                  T1059.001

                                                                                                                                  Persistence

                                                                                                                                  Event Triggered Execution

                                                                                                                                  2
                                                                                                                                  T1546

                                                                                                                                  Component Object Model Hijacking

                                                                                                                                  1
                                                                                                                                  T1546.015

                                                                                                                                  Image File Execution Options Injection

                                                                                                                                  1
                                                                                                                                  T1546.012

                                                                                                                                  Privilege Escalation

                                                                                                                                  Event Triggered Execution

                                                                                                                                  2
                                                                                                                                  T1546

                                                                                                                                  Component Object Model Hijacking

                                                                                                                                  1
                                                                                                                                  T1546.015

                                                                                                                                  Image File Execution Options Injection

                                                                                                                                  1
                                                                                                                                  T1546.012

                                                                                                                                  Defense Evasion

                                                                                                                                  Modify Registry

                                                                                                                                  2
                                                                                                                                  T1112

                                                                                                                                  Credential Access

                                                                                                                                  Discovery

                                                                                                                                  Browser Information Discovery

                                                                                                                                  1
                                                                                                                                  T1217

                                                                                                                                  Network Service Discovery

                                                                                                                                  1
                                                                                                                                  T1046

                                                                                                                                  Network Share Discovery

                                                                                                                                  1
                                                                                                                                  T1135

                                                                                                                                  Peripheral Device Discovery

                                                                                                                                  1
                                                                                                                                  T1120

                                                                                                                                  Query Registry

                                                                                                                                  6
                                                                                                                                  T1012

                                                                                                                                  System Information Discovery

                                                                                                                                  7
                                                                                                                                  T1082

                                                                                                                                  System Location Discovery

                                                                                                                                  1
                                                                                                                                  T1614

                                                                                                                                  System Language Discovery

                                                                                                                                  1
                                                                                                                                  T1614.001

                                                                                                                                  System Network Configuration Discovery

                                                                                                                                  1
                                                                                                                                  T1016

                                                                                                                                  Internet Connection Discovery

                                                                                                                                  1
                                                                                                                                  T1016.001

                                                                                                                                  System Time Discovery

                                                                                                                                  1
                                                                                                                                  T1124

                                                                                                                                  Lateral Movement

                                                                                                                                  Collection

                                                                                                                                  Command and Control

                                                                                                                                  Exfiltration

                                                                                                                                  Impact

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Installer\setup.exe
                                                                                                                                    Filesize

                                                                                                                                    6.6MB

                                                                                                                                    MD5

                                                                                                                                    69221ee7ef83d7eb340857b5833eea14

                                                                                                                                    SHA1

                                                                                                                                    d7f27c64b62eefe2c204a323cc812fa56f58ce1e

                                                                                                                                    SHA256

                                                                                                                                    ad14d7268ee8a9c3c89e7cf62a8a9b713c9f37069fe85b3f8fe525dcda8cdfc9

                                                                                                                                    SHA512

                                                                                                                                    8df73f03d7438082b9e8793f5346a7385c91139d879703dd8c32acfdacb200c18231a5a9cedd7836c892ebb7a8888857c68653728b9027ca1f483a1751fbe2e3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.39\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
                                                                                                                                    Filesize

                                                                                                                                    1.6MB

                                                                                                                                    MD5

                                                                                                                                    2516fc0d4a197f047e76f210da921f98

                                                                                                                                    SHA1

                                                                                                                                    2a929920af93024e8541e9f345d623373618b249

                                                                                                                                    SHA256

                                                                                                                                    fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c

                                                                                                                                    SHA512

                                                                                                                                    1606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                    Filesize

                                                                                                                                    201KB

                                                                                                                                    MD5

                                                                                                                                    4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                                    SHA1

                                                                                                                                    494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                                    SHA256

                                                                                                                                    87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                                    SHA512

                                                                                                                                    320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                                                                                    Filesize

                                                                                                                                    7.1MB

                                                                                                                                    MD5

                                                                                                                                    e577d441afe20df31cc18ff84f607ee6

                                                                                                                                    SHA1

                                                                                                                                    68bce38c9f919f5a5b0e8de87c70cc0e377032bb

                                                                                                                                    SHA256

                                                                                                                                    adeda7d3636b45f5f4e5012fe8a43cf323de8a3f119961d3367e6a426916b45c

                                                                                                                                    SHA512

                                                                                                                                    f0debbe13fd22f2131f852f2156425f2b50e052be8b221059bd236fdd91e922fb908939d56c03e538a73b71a94628421827ef53d5bdcc06e71a8959f41222a8d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\MsEdgeCrashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    280B

                                                                                                                                    MD5

                                                                                                                                    8cb1fc4ebfebfb016df69c1b7b5c93a9

                                                                                                                                    SHA1

                                                                                                                                    991a59c09f1e9f0335b4a2380e4436083a2a0424

                                                                                                                                    SHA256

                                                                                                                                    8192244141491e0957f65209163ce8c6be02a83f690270fd2fdb84f1ad76a639

                                                                                                                                    SHA512

                                                                                                                                    557a679fa921f4e552bd4448987b8dba3f3e616e6e7e693a356e965395391750a33c721aec0de711812138049339aced658b50dde3a280b88cafc6e0be564a66

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_1129281780\manifest.json
                                                                                                                                    Filesize

                                                                                                                                    76B

                                                                                                                                    MD5

                                                                                                                                    ba25fcf816a017558d3434583e9746b8

                                                                                                                                    SHA1

                                                                                                                                    be05c87f7adf6b21273a4e94b3592618b6a4a624

                                                                                                                                    SHA256

                                                                                                                                    0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                                                                                                                                    SHA512

                                                                                                                                    3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_409826985\manifest.json
                                                                                                                                    Filesize

                                                                                                                                    43B

                                                                                                                                    MD5

                                                                                                                                    af3a9104ca46f35bb5f6123d89c25966

                                                                                                                                    SHA1

                                                                                                                                    1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                                                    SHA256

                                                                                                                                    81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                                                    SHA512

                                                                                                                                    6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_589764498\manifest.fingerprint
                                                                                                                                    Filesize

                                                                                                                                    66B

                                                                                                                                    MD5

                                                                                                                                    0c9218609241dbaa26eba66d5aaf08ab

                                                                                                                                    SHA1

                                                                                                                                    31f1437c07241e5f075268212c11a566ceb514ec

                                                                                                                                    SHA256

                                                                                                                                    52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

                                                                                                                                    SHA512

                                                                                                                                    5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_589764498\manifest.json
                                                                                                                                    Filesize

                                                                                                                                    134B

                                                                                                                                    MD5

                                                                                                                                    58d3ca1189df439d0538a75912496bcf

                                                                                                                                    SHA1

                                                                                                                                    99af5b6a006a6929cc08744d1b54e3623fec2f36

                                                                                                                                    SHA256

                                                                                                                                    a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                                                                                                                                    SHA512

                                                                                                                                    afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_590241072\hyph-as.hyb
                                                                                                                                    Filesize

                                                                                                                                    703B

                                                                                                                                    MD5

                                                                                                                                    8961fdd3db036dd43002659a4e4a7365

                                                                                                                                    SHA1

                                                                                                                                    7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                                                                                                                    SHA256

                                                                                                                                    c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                                                                                                                    SHA512

                                                                                                                                    531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_590241072\hyph-hi.hyb
                                                                                                                                    Filesize

                                                                                                                                    687B

                                                                                                                                    MD5

                                                                                                                                    0807cf29fc4c5d7d87c1689eb2e0baaa

                                                                                                                                    SHA1

                                                                                                                                    d0914fb069469d47a36d339ca70164253fccf022

                                                                                                                                    SHA256

                                                                                                                                    f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                                                                                                                    SHA512

                                                                                                                                    5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_590241072\hyph-nb.hyb
                                                                                                                                    Filesize

                                                                                                                                    141KB

                                                                                                                                    MD5

                                                                                                                                    677edd1a17d50f0bd11783f58725d0e7

                                                                                                                                    SHA1

                                                                                                                                    98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                                                                                                                    SHA256

                                                                                                                                    c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                                                                                                                    SHA512

                                                                                                                                    c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2092_590241072\manifest.json
                                                                                                                                    Filesize

                                                                                                                                    82B

                                                                                                                                    MD5

                                                                                                                                    2617c38bed67a4190fc499142b6f2867

                                                                                                                                    SHA1

                                                                                                                                    a37f0251cd6be0a6983d9a04193b773f86d31da1

                                                                                                                                    SHA256

                                                                                                                                    d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

                                                                                                                                    SHA512

                                                                                                                                    b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

                                                                                                                                    Download Submit

                                                                                                                                  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    MD5

                                                                                                                                    a6df200ec78733f60671cd89543d7e31

                                                                                                                                    SHA1

                                                                                                                                    3f31c1272a623234197820766c7d62f4904a8668

                                                                                                                                    SHA256

                                                                                                                                    ed31cbe0c8dd60a04646e4fb9a845cef35ee1ad1c5daff73573d51da8432aa85

                                                                                                                                    SHA512

                                                                                                                                    689e6369cb62586eabfc47975f10cffe29b8fcc87fc8f32abd6c246186fbebd014c03c731018b95ec65b4ebec570a3c666da14bb6933b2f851e1d67ac6d84e49

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    fd9cd92fb3675d4eee4ee5a858667718

                                                                                                                                    SHA1

                                                                                                                                    17e74af8aaaa9043cbe578d6a981b20d9b6a9513

                                                                                                                                    SHA256

                                                                                                                                    a29650ba449cfe9d0998e23667fa7a87011ee86fe60a8eb2b98d3e35dfaf964b

                                                                                                                                    SHA512

                                                                                                                                    32a0a47bc4e71f6ae541b4feabd756b56f283b539fd81704ee0f51332576e34f0608a052b19f7c14582c9901bf4c280f4c01fad4cfaac6859f8906bbed55d922

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    77c7dacc54f402e53b9aa4d183557af2

                                                                                                                                    SHA1

                                                                                                                                    f488f0da6f2a76957c6fa6231492fd96a1025b7e

                                                                                                                                    SHA256

                                                                                                                                    b05bf60dbc7b100ee25819db46f20cbb5ecea53ac0c0ce8a91c2c2ae1f05e810

                                                                                                                                    SHA512

                                                                                                                                    21d2a3e6bf1aa3f1cb6c4c9d21c917ac2d2805b4ff1d6646fd9df7cd7cd9dc120d38ba4d8f4038b866fa73bdd0456a4fd4ea1a522561e2f64386e63dba3d2c72

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    c2d9eeb3fdd75834f0ac3f9767de8d6f

                                                                                                                                    SHA1

                                                                                                                                    4d16a7e82190f8490a00008bd53d85fb92e379b0

                                                                                                                                    SHA256

                                                                                                                                    1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

                                                                                                                                    SHA512

                                                                                                                                    d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    e55832d7cd7e868a2c087c4c73678018

                                                                                                                                    SHA1

                                                                                                                                    ed7a2f6d6437e907218ffba9128802eaf414a0eb

                                                                                                                                    SHA256

                                                                                                                                    a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

                                                                                                                                    SHA512

                                                                                                                                    897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    fec6f16f171f3ba55568802a7592f7fc

                                                                                                                                    SHA1

                                                                                                                                    d679be0b4270bfd7d811bc8d028052a267160eab

                                                                                                                                    SHA256

                                                                                                                                    770fad00532e966f5f2e2a77afb0a177187a92b72c5b55890b3907300f91a652

                                                                                                                                    SHA512

                                                                                                                                    c7e88c90b615c353bef4f425d84c8e128d53d12f9a07cc1261b38bcbc3187f47ae63e38a614f2287f22b3ab08dcfa48b317c6f53d8cf391f3502df3966a2381e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    37128b4e4883085adb70212099d33acf

                                                                                                                                    SHA1

                                                                                                                                    9c716ed5401e9dc2c6879b03f0a34d824d2ede99

                                                                                                                                    SHA256

                                                                                                                                    91c7f07e7aa52f1e4d6751b4ba31d098072197bf3ba6a4549d213f9fe1de1ab7

                                                                                                                                    SHA512

                                                                                                                                    3e3851dbdec3560fc5eb18be51de362acb4bdb889c66d1794b97f29a8a3a86aca900406360778819ace767653d083be45a21673e232be205e81ff36ddd9f63ec

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0248cc87-5dcc-4883-a6ab-d4bf0659cd92.tmp
                                                                                                                                    Filesize

                                                                                                                                    1B

                                                                                                                                    MD5

                                                                                                                                    5058f1af8388633f609cadb75a75dc9d

                                                                                                                                    SHA1

                                                                                                                                    3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                    SHA256

                                                                                                                                    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                    SHA512

                                                                                                                                    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    e81c241cd9dcc286fc6b9e3e6cc307c7

                                                                                                                                    SHA1

                                                                                                                                    a43fec37182b31a3b14334bc56a5a53ae53a27d3

                                                                                                                                    SHA256

                                                                                                                                    612be780286b71803b75c1152d41923666b6dab3e6262005d03190207effc289

                                                                                                                                    SHA512

                                                                                                                                    f2df36d1157a852337ed5beb66fcf8f2524e6ee6e4625c8926738f77edf5247d0c0c39e51f2f9515b324e9b0c48b90ff13934761f6335ce659ccac20ab83fbd5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    64ae5a711a7bb71bcddc4f00f497bc50

                                                                                                                                    SHA1

                                                                                                                                    8d23f522d53bae9c5de0b4f8946d2e97d0c646cf

                                                                                                                                    SHA256

                                                                                                                                    46bc20cc8f71973372954c05a91d7b03ca4e67c64781fdfbd50f59a95fa5f59f

                                                                                                                                    SHA512

                                                                                                                                    7274e0bc16ba7e8605b61f32176873b87f1943d52619884478760950033951923a4c4051b2c82f10347be0a84fdd4581bda72e5c89ffd4b9c02561e9a8e76605

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    ee9962e8ba2a9a444e7948b996c46bf6

                                                                                                                                    SHA1

                                                                                                                                    6ce3e18ad8dad3901011fe547ec25cac9c78ab0d

                                                                                                                                    SHA256

                                                                                                                                    dd97867022967c6205ba5c902ac078aad635a6fd5de016b72e300623d9a27179

                                                                                                                                    SHA512

                                                                                                                                    a884f8e5a8673758440cfa31dbd6e98dd045c2edbffa81c9f31d08cbef21041aae55527d734184047c61f52d35e4bbf26977421fd3facfb3b38d2b979a1ee7ab

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    a41cde381afbd7dfb74b5c7372cb0df9

                                                                                                                                    SHA1

                                                                                                                                    f83efd3a0d4cb17d06da071271252b46fb4832b2

                                                                                                                                    SHA256

                                                                                                                                    33c2604dee6e24ce552bbb7d77f5b14de12cffd994adebe75c1a23533c6487a6

                                                                                                                                    SHA512

                                                                                                                                    4dad521da009757131d6a0f005db919fab4145887c38b0452bcafd07b3a443269528c83d1e63ffd37dce49255f22eb2a1052344d994213f13ef30ebb124af32d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
                                                                                                                                    Filesize

                                                                                                                                    28KB

                                                                                                                                    MD5

                                                                                                                                    b6cf75e1a8b2f41ae40b5b752dbc2268

                                                                                                                                    SHA1

                                                                                                                                    468fb1db6cd2cdd5a70535c1334fe50dd23dae7f

                                                                                                                                    SHA256

                                                                                                                                    413ea0608f5008c77a3c0e8cf15e1999913362d2afcb3927c31c698bf8b71c01

                                                                                                                                    SHA512

                                                                                                                                    2654811c7d62b2b5202017943e15ef82026bf98a2af6937d89347a9161b9c6cb79dec94bb0c6f7afb79b69bbed51e78dd31a79e258a85574e5fff31c1f52e6e1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                                                                                    Filesize

                                                                                                                                    124KB

                                                                                                                                    MD5

                                                                                                                                    b8692b725c8d8199403e870ed9dfe6e4

                                                                                                                                    SHA1

                                                                                                                                    4ec6d8a15bbf4178e65bd2e9d732f0f4a630f123

                                                                                                                                    SHA256

                                                                                                                                    6feaa4658aa1be49d40750533e78f283d5d20cc1afe15302501715436c2787ff

                                                                                                                                    SHA512

                                                                                                                                    6a3c9426ce66c162be89f5ead024918fe20a79867a9ae376c6937be25fd7000db5624b7e4239cdcb731adc406196497806398317808371086f5b4f33b2d1a449

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    7010e4c9ebe7d480bb5e0e4bf1381b6f

                                                                                                                                    SHA1

                                                                                                                                    45767476ca86e671621f9c39c9b2a95db6ea77ea

                                                                                                                                    SHA256

                                                                                                                                    a57848be7a22fffdf38173a79a75463eab684403531e09fde207ed579468fda2

                                                                                                                                    SHA512

                                                                                                                                    d1c06c82645480ade325e4edaf934a197f07eaae1f08714460e84cd1a5455044361836edcb816e7be6ed6a08f55472962d1488553f113bce68291caad84131f6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    40562cfe9c250bf2355ee1b8bc6a19cc

                                                                                                                                    SHA1

                                                                                                                                    fc9b549583dc4f4cd475d771c8ed5cbcc32da72d

                                                                                                                                    SHA256

                                                                                                                                    86e5fb4a18c21bcb223b20bc8991b77493abc784f5e929feb8efb4119caf11a2

                                                                                                                                    SHA512

                                                                                                                                    6b6b8dfeed0e96ca051ba261ec90df2553df487d558a5e369d4cba596817a5c8bfbf730075846ae30cee94939dbab592d95ba0a0c338a150e1d45cfa71e96697

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    61B

                                                                                                                                    MD5

                                                                                                                                    4df4574bfbb7e0b0bc56c2c9b12b6c47

                                                                                                                                    SHA1

                                                                                                                                    81efcbd3e3da8221444a21f45305af6fa4b71907

                                                                                                                                    SHA256

                                                                                                                                    e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                                                                                                                                    SHA512

                                                                                                                                    78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    1b45c3b0176545fdda6d4d5fdcb6ccea

                                                                                                                                    SHA1

                                                                                                                                    bf3bf185948563e21dc1c81562ae395eebff594f

                                                                                                                                    SHA256

                                                                                                                                    ba052192ea42d82d288a3267e5460783afb21db34df881096de11d854d16336d

                                                                                                                                    SHA512

                                                                                                                                    d764784b50b1d73a213859a8d4280783f711dc6fed0c804c4767299dadc563d69aedc96d3a05e16960e2eb8bf693fa99ca60eb89e449dc6631136ea526c51306

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    24ca8bc66dc6b7b94a1664349ec78759

                                                                                                                                    SHA1

                                                                                                                                    eb690b84bde00efc102a09c1e21e6c18e904b04e

                                                                                                                                    SHA256

                                                                                                                                    567c0aa594215121ed4beaa1b550b1433848e1100d6a633d5356edbc88685efc

                                                                                                                                    SHA512

                                                                                                                                    79c760d3a35345953dbfba3c8d38bbdc646a5e88c89fc9fc05da750f637cf1b2dd6cddba5d42ab0df74fbcaca4ad959757729d09dafc2d7b14f221fe9bd6d044

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    a80f39b816d68652e627cf2abad21e92

                                                                                                                                    SHA1

                                                                                                                                    be0926296e46ff1c8bfc047e060fdc9bfae64f03

                                                                                                                                    SHA256

                                                                                                                                    063040a048aad22b8467ae8f07cda2bd3e9de22accda252d9705500e037be364

                                                                                                                                    SHA512

                                                                                                                                    0be0d1880431d11cecdce48eb707fd79d56d0e8750277c284b3996a294715e21188a9612e44eb39ab95ffd35adf92863771243270cf59792d8e403e065865c94

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    e1da9ed30c6c55d8484c7fe67710086b

                                                                                                                                    SHA1

                                                                                                                                    01789979e698311f3339871d51597a71c01477eb

                                                                                                                                    SHA256

                                                                                                                                    533aff4d69fbc5b3717a7dd332f18f959d9407304beaa0efb2a267809ad88508

                                                                                                                                    SHA512

                                                                                                                                    03746bf85035bdcbde0315820a3e50207075622cebcf8431c92a061801e3312252404c250b5637bad4d9a1a420b816282d1ae140e74743755afb9e81630c0f7f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    b374bd5395e6d94d231a4e9789e0ad50

                                                                                                                                    SHA1

                                                                                                                                    00a5a47b9816f58c31ebd81f3908d8eae57c03e7

                                                                                                                                    SHA256

                                                                                                                                    2cf0d892fcf6c5ec1020cacd9b835c07db1b322a10209c11a8093cdaaad22f4e

                                                                                                                                    SHA512

                                                                                                                                    a7dbb03a6fde1f0d2a6f526d358c5dd421753afafba5cc69cbb542cf7df0baf7b813603ba68251fc478c0d4d8adc219b5823128f0d42a6ef4e3d95c32b669674

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    69ed387ae6e5a01f83d2edd29dc99179

                                                                                                                                    SHA1

                                                                                                                                    b7172ace61c6ec4f0f5c15c3a4a70eaffff66e9f

                                                                                                                                    SHA256

                                                                                                                                    d627ab2a35426cc70ae09a8a6d3ea4df7c30e95f5c2d99bb8690203892d9bb99

                                                                                                                                    SHA512

                                                                                                                                    421db61595c6fc82c103c36badf3c4502a88150b5ab33727542dfa451f98185aeb155a667b746b5c9ab2c20188a7302a7b60c9206d59b58705d72ca7e91315a7

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    c985b70400f4dc06117c4f40abe1c23a

                                                                                                                                    SHA1

                                                                                                                                    80547f8538a88d5b8b15a9c52f823ad22ea28bbe

                                                                                                                                    SHA256

                                                                                                                                    0f3fa24150097c5ebb1d8ec8ca5b70febeda5becfff56dd3542072cd95df2cc2

                                                                                                                                    SHA512

                                                                                                                                    fdf24817561749522f53aaa081039b6071ca75bceaeaf74196ba5d4916b9bc492ebb42977bbd652cb676d196c24706198c040428be7dcba07a75a550e515fb82

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    405ac5c6c93e92c2765279c83874c542

                                                                                                                                    SHA1

                                                                                                                                    c025cd2378f193654c3dd0f501593807f79074c2

                                                                                                                                    SHA256

                                                                                                                                    fdb0d671d4e34db548999c6049739b40f4db317f6dd8fd7df89cfe2cb76452a0

                                                                                                                                    SHA512

                                                                                                                                    6ea8621f48d0fa0e859229fff77955ce3912790fc09f1d46a7bbc20f50a5485ac605244691484c0a593d75000cd1c2c9bd0b4cc2892ab5dc0a7f74ca24f57567

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    7614d33f996776f378fa6a61efb16347

                                                                                                                                    SHA1

                                                                                                                                    63b72629bc3ecf81c853b2fae07e05d6629e64ff

                                                                                                                                    SHA256

                                                                                                                                    5ec6164e37f129192db1283eef238a901eb4f69bbbedb9584cc01ce0ef7a9a1d

                                                                                                                                    SHA512

                                                                                                                                    0d96825f0b979495851e47f77c3b751d3ca2a180fff8fc96964b4c316276013dc2be2f191c2f30cc68188241956c4b50292d11efa139dec11aebe330386d2aa1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    dc6751627682e5a553c4354fae371e61

                                                                                                                                    SHA1

                                                                                                                                    6464abf06a776ca02f1c99173c0abc08b3aa6e0a

                                                                                                                                    SHA256

                                                                                                                                    f17bcc6f31de41dce1ee3cc52da719ca9ae0ba0fa3ba33dca1f5fcc29a5a8a02

                                                                                                                                    SHA512

                                                                                                                                    a740727560733b3187e817288683e923c8f3f6d9bd5762f56ccab1e0dcdc700d4998c1ad35d7e8d726ff2d50f4cff0a37d2804c83001329f8e7d96b86052c958

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
                                                                                                                                    Filesize

                                                                                                                                    184B

                                                                                                                                    MD5

                                                                                                                                    02e76569ff5b61f2a15c99503b6dea4e

                                                                                                                                    SHA1

                                                                                                                                    2c32a8ee7885c8e6e9bd97bda13b4bb32c67cab3

                                                                                                                                    SHA256

                                                                                                                                    c933fe00412ae271199e48af96ed5f660ed79c42fe28bed408d510784041e8e2

                                                                                                                                    SHA512

                                                                                                                                    61fade75014946eec173b0878626a12d639d11c9dd82618999ff09e3e3fae76e9d1d23cd09737a520e1526e9a6411c5eae9c88ddff36b0c7a79ef0c66eb3a454

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                                                                                    Filesize

                                                                                                                                    347B

                                                                                                                                    MD5

                                                                                                                                    ebc15cafe7c2da8c06eff9df55a272e9

                                                                                                                                    SHA1

                                                                                                                                    80634881dd6af8fb637d45edf3da217aa51e7a1c

                                                                                                                                    SHA256

                                                                                                                                    378ffe4b9db7edcd04431b670b3426e2be1dee6b83ca653efffa72b9747570ad

                                                                                                                                    SHA512

                                                                                                                                    249fa47d23cd7bb4a5f19f4733346818cfc4b6215588cd0cc24e21b2ac5ee22142ae2bf84f962cc603e19e8b91e79c412e2660e3c0c852ea4f825b8f64067d30

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                                    Filesize

                                                                                                                                    326B

                                                                                                                                    MD5

                                                                                                                                    a3bf9fd38de05c3d6d9a839712aec71a

                                                                                                                                    SHA1

                                                                                                                                    0a98509128d5accfd49bf76b874f31b6eb2006f0

                                                                                                                                    SHA256

                                                                                                                                    3fc3afa1948454194a9286a418a4287c6f8e4160dbf365a8731f1a3532285b44

                                                                                                                                    SHA512

                                                                                                                                    1406966e1bb7e7d455dcb6616d9c523d63f0a1747ebcbdddea839c327be9d9f82f38b54dcc503eae85028798a04eecc5e228518e85247542edc5886e0b3d2ada

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    cbd007ecefb060cbcac36f467a7fbbbc

                                                                                                                                    SHA1

                                                                                                                                    f50698929ccf1419638dd0f20981b2447197eb84

                                                                                                                                    SHA256

                                                                                                                                    df093e627944841b33e4b45834b624fd9d3c409b70df44042d933a1c9ad8c0cd

                                                                                                                                    SHA512

                                                                                                                                    a31a796938aed9bbe390edeb565e009cfde337d4d80f0b183d82c755f9df4a6e6d262c7647b336b0ef44cf9e7b2a91fa776185adfae3be066048b8b760726ce7

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    8e153fe3a0234defa6a9db0465aad4be

                                                                                                                                    SHA1

                                                                                                                                    ae269624acd340c9824323e8db9913e4be936d22

                                                                                                                                    SHA256

                                                                                                                                    90f38298eb401867d9b497d8ba4aa18c28feac7dded364d7c741d6273c750de2

                                                                                                                                    SHA512

                                                                                                                                    cb6f22ea8c8575c5b261a2f7f0cea01095e708da45198ee83d712fb48a5dc9ae0c12fd096eeb4a3f216968f8423337105b75610ab765d053c01a167b652a3ce1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    bd1cbcdfd0998bab591592467beeaa21

                                                                                                                                    SHA1

                                                                                                                                    7343c737aa6d9a2c4f64caadb262f57363c9df12

                                                                                                                                    SHA256

                                                                                                                                    63fd4d331ed4885b503b9a565b0c660ff3cb1e70991cbe52441ae4b95dd6ec00

                                                                                                                                    SHA512

                                                                                                                                    623021444d34796f33187e9033f0cb647fea89e57c744eee58a4d7680468a5b708d204e5ce8e774e820d5f48882a966ae87e808a413cd0d43e147a38182ba4b6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    630bd8421f9f6237e3736162b086fae8

                                                                                                                                    SHA1

                                                                                                                                    de45051f78a4c5b8ffe45eda47e7d7867e1f1b64

                                                                                                                                    SHA256

                                                                                                                                    26b6cdb581627a04de9edee6cbbcf5e325519773e5f686ffcd2ee254f289bf5f

                                                                                                                                    SHA512

                                                                                                                                    28a21f7dd050e63fc930d7995e5cde0b5d9e40dc6966c7ed7df3e44e69a33eb22331669334c9f3914f64dc26d18ab50b479622afe027aea5101bd4d8a56eec7c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    8766574482a48cd27d7b05965509d9a1

                                                                                                                                    SHA1

                                                                                                                                    757063d0711b4f7c4b1733ab5128b0f7dca10568

                                                                                                                                    SHA256

                                                                                                                                    01d1c7fd9f80d9fa6154a612ba972c25a8a37a3df38ab58960bdb653528c4137

                                                                                                                                    SHA512

                                                                                                                                    15a330290fb14628bb103068dbfc810b894fc2f8e38b6b3432fd620156eca8a659b2800f51fbfe34e521a1ccf3d62697e5728a066ea2a207c8e392572ec0cab6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    b6474ba9520340a33ed08cb67a57bb2a

                                                                                                                                    SHA1

                                                                                                                                    bf2c84fe6323f17ab040b4426a1b851556b41728

                                                                                                                                    SHA256

                                                                                                                                    1a3fea4509ff9d5a5ef69e97313a51f60c3484076051da93afe515638a327a22

                                                                                                                                    SHA512

                                                                                                                                    ded1c50ca2b363f2813d6f0733f4c8be9c4f5757525ee163249775a349bc7153b2cd95eb09508d24358adcbd3aa3e5aa974c8fbf063e449099c83e131d1bf9e5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    accfa1fa78ea35c85ba54f82c0871dc7

                                                                                                                                    SHA1

                                                                                                                                    c1ad4a76d0fbf8ea76bcd121ba4935b13cbbbc3a

                                                                                                                                    SHA256

                                                                                                                                    3f57a64358b62a5f697ba934f54a9a027c0c8f37846bb8679f0523b4f1ad67a2

                                                                                                                                    SHA512

                                                                                                                                    042860d62b65f8cc69b47029047b337a13fd2bd33b3111f0c5fdebdf8714900bdd3b7c3db98b9004e5bf4a8284a6ce73a3626e2405aea329134b5cb6e0721411

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    5638223d32c0a1d0ece7a4d2b79fcdde

                                                                                                                                    SHA1

                                                                                                                                    8d936a1d56870b92aa14fd3747630fe06efcf118

                                                                                                                                    SHA256

                                                                                                                                    60cf3956c903e20c5524596108734cf10f7226bcbfa9857cb22466562ec6ad72

                                                                                                                                    SHA512

                                                                                                                                    04d11520d6948db9b9f0cbdacce4ed813beb366493c3247118eddc9f8172f36c11406f810bb126bb8c875b729a8998dd140a0d21667aea05fb497e47f26ca3db

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    aa7155eee4d4a228a2934976c7bf51ec

                                                                                                                                    SHA1

                                                                                                                                    cd0edf44149b18da2abd6b0f3fe39975d8e40eba

                                                                                                                                    SHA256

                                                                                                                                    ae6d68f37d40f30ec7dbabd4d76bfcaf19a1a74b3e3a09de66c736753371eb99

                                                                                                                                    SHA512

                                                                                                                                    4cdcad7fe3064c5947cd46678bbef9ef2d2a4a190b39bc97626032529df08577ef9c53bceabe9661497b6cf262d1e2d6d71c12c62a3231c8d474d6329c1b34e6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5877cb.TMP
                                                                                                                                    Filesize

                                                                                                                                    538B

                                                                                                                                    MD5

                                                                                                                                    7c830c8d45613d731574d10a57fd92f1

                                                                                                                                    SHA1

                                                                                                                                    3562c05e2123c23ff643933f6abe84f86fe31298

                                                                                                                                    SHA256

                                                                                                                                    21b2520f9452fe9fa0133d046939d4d8933682124c6dd04b866b13089e751215

                                                                                                                                    SHA512

                                                                                                                                    a2b3d8f61b2a748f89872042ed5665deab8884d1c7643b7a7167041da4c261088d29f9d6fbea314171b6942383dfc19bb4397472d78ba87d566111e0256072f9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    MD5

                                                                                                                                    0ceda795a891da532a7ee5389238c046

                                                                                                                                    SHA1

                                                                                                                                    284de7487b0ec8f907950afcac2a947d1cc1528c

                                                                                                                                    SHA256

                                                                                                                                    c6baf1e231654b403aaf404bdc1f5ef6b62882b3fc3391b66cbb7f288ec25790

                                                                                                                                    SHA512

                                                                                                                                    6396b9d5c237309db9d15f7eb834dc71ecd408209139dad5bf1e9d24be3fcfa5b8ea14ac0d98782f61ea54001a51493d9b84bc5f4d56fde299b50beea46fa15a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
                                                                                                                                    Filesize

                                                                                                                                    116KB

                                                                                                                                    MD5

                                                                                                                                    ffb0907d1eaa3f4c80f59a3cc6e8d5e0

                                                                                                                                    SHA1

                                                                                                                                    4b565e3ca567ee8d297858febfce3e65ae8daa20

                                                                                                                                    SHA256

                                                                                                                                    0a652d7ec41d1059f1beb6f58f5b5cdf9f34b3a58f8e20085bae03e9d8661572

                                                                                                                                    SHA512

                                                                                                                                    3b9c5ec7e6d97130d50995a9e248db098595c14cb609ed1bbc1e856031cdec0077ddd2d0dc756650e77e5b66e7005a2070845b7b2dd99e0743501a65e0a5e3dc

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                    Filesize

                                                                                                                                    16B

                                                                                                                                    MD5

                                                                                                                                    aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                    SHA1

                                                                                                                                    dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                    SHA256

                                                                                                                                    4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                    SHA512

                                                                                                                                    b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                    Filesize

                                                                                                                                    16B

                                                                                                                                    MD5

                                                                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                                                                    SHA1

                                                                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                    SHA256

                                                                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                    SHA512

                                                                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                                                                                    Filesize

                                                                                                                                    44KB

                                                                                                                                    MD5

                                                                                                                                    4362af072d85304f43e6cb2295645514

                                                                                                                                    SHA1

                                                                                                                                    433b52e96d94f2a74e95ded5ace64814bac2cebc

                                                                                                                                    SHA256

                                                                                                                                    21533f55984dc7e2de72d977d68564559a16cd28aaae47f5ba990ab1756ab997

                                                                                                                                    SHA512

                                                                                                                                    dee5d411108fcde584e2f0c6264ec387822f7b56e8c76307e61579d71c385cba766e74f2801fe74df7060d6c15ae2420ab265abb43db4439bfbb95a4ca1b065e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                                                                                    Filesize

                                                                                                                                    264KB

                                                                                                                                    MD5

                                                                                                                                    35b1198586faff439030bf2aa8e79ef5

                                                                                                                                    SHA1

                                                                                                                                    c66333ff2b4a6239ddbd6116f54b26b2f01472f2

                                                                                                                                    SHA256

                                                                                                                                    215058daff192131455257f0a6c8ba2f2755bc21309792c19421a1450510013f

                                                                                                                                    SHA512

                                                                                                                                    c79f50f5a5ec20b9f493f680301105d65c7cb690e384c4d66ddb7eaca86c18f76fdf7d9c5c4e9b66d6323e591e8c8b0b6f92c953756c30bfe2938bb60a9be0ed

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                                                                                    Filesize

                                                                                                                                    4.0MB

                                                                                                                                    MD5

                                                                                                                                    20a654fe33e52e206bffd1e9a609b15b

                                                                                                                                    SHA1

                                                                                                                                    5cd626a784c05bfe9ac87f10a32c0f6c58d081ca

                                                                                                                                    SHA256

                                                                                                                                    22de91f9311b6983e6ab4ffffeb92497c286f15a338a80105c41354f98506f17

                                                                                                                                    SHA512

                                                                                                                                    0822d701aae1d45218d7cd4bc635daa4c352e37571f96b64c13f36cf075ed2cf6ad0a5cda40be36a40dd1e480209999540206446c061bb72071fef4b656a6b36

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
                                                                                                                                    Filesize

                                                                                                                                    22KB

                                                                                                                                    MD5

                                                                                                                                    1ac9e744574f723e217fb139ef1e86a9

                                                                                                                                    SHA1

                                                                                                                                    4194dce485bd10f2a030d2499da5c796dd12630f

                                                                                                                                    SHA256

                                                                                                                                    4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

                                                                                                                                    SHA512

                                                                                                                                    b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
                                                                                                                                    Filesize

                                                                                                                                    16KB

                                                                                                                                    MD5

                                                                                                                                    a33b3a3fdf5161be5bd861804961f557

                                                                                                                                    SHA1

                                                                                                                                    68a57897f1686a3e62ce9808165e18f31661d077

                                                                                                                                    SHA256

                                                                                                                                    ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

                                                                                                                                    SHA512

                                                                                                                                    c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
                                                                                                                                    Filesize

                                                                                                                                    16KB

                                                                                                                                    MD5

                                                                                                                                    507e84952813ee5c7b57489b277d2082

                                                                                                                                    SHA1

                                                                                                                                    3bc9052a4b23bbce030f8f9f48646461fa88c106

                                                                                                                                    SHA256

                                                                                                                                    0b7d5c2bd00d3eea03c36a6b1c072a307debfe892010c78c11cea5138d8eba07

                                                                                                                                    SHA512

                                                                                                                                    6ee8e67f81fda20d1a0aaabd9fde522981589210e4569476c23aa973b12ea16348041b7166efbded04cf71dbaf76e7284fe5b72db715d8cd77e43abec8b8ac06

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
                                                                                                                                    Filesize

                                                                                                                                    17KB

                                                                                                                                    MD5

                                                                                                                                    d22cb8682c6c279a568ed39bdc634f0f

                                                                                                                                    SHA1

                                                                                                                                    677360e899085b1fe7af0098575842261a6d854a

                                                                                                                                    SHA256

                                                                                                                                    78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0

                                                                                                                                    SHA512

                                                                                                                                    2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
                                                                                                                                    Filesize

                                                                                                                                    19KB

                                                                                                                                    MD5

                                                                                                                                    224859ff4912ea771c591c6c0d6b8c76

                                                                                                                                    SHA1

                                                                                                                                    bca46136f55b29816ec41e0a72f6925a865c2c2e

                                                                                                                                    SHA256

                                                                                                                                    ad78e3585c8ca04d3cdaf44c8eae4b16325c72c08385445d9015052732aca099

                                                                                                                                    SHA512

                                                                                                                                    d74648fc75b852c78292392214c7b3471fd3cd0d320adea1f7ff50dca716b44137f39f4e6ff0cc42267661f5380535adf06d1ad592b0cce6c05d8a9b463cde9e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
                                                                                                                                    Filesize

                                                                                                                                    31KB

                                                                                                                                    MD5

                                                                                                                                    2f1ec27c2803176aa1f7cb1dfe10ad06

                                                                                                                                    SHA1

                                                                                                                                    5b93f0a2a9322f1b34f1a63b356e3acdc836c99d

                                                                                                                                    SHA256

                                                                                                                                    f8bd05774df8f324683471354366e3160cacce57fb7b8aecf061722ec75f6532

                                                                                                                                    SHA512

                                                                                                                                    f8139ae2e0375bf05bc94c8631dd980bae5be9714ea78730d9e7f0c3c2438ea4d2fae17601c04649bef2c95a684062cea826efe0e08336ea2a8a35aa420c39ab

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
                                                                                                                                    Filesize

                                                                                                                                    20KB

                                                                                                                                    MD5

                                                                                                                                    2970f91a2131c8ea581a746d3aeb52e9

                                                                                                                                    SHA1

                                                                                                                                    0ccf977d08808e3d73aec0240ef5f9af6a52fb14

                                                                                                                                    SHA256

                                                                                                                                    7251c74c77db5045d87a7ccd9ff613bf0da824b9da2a173378a5ac6100562134

                                                                                                                                    SHA512

                                                                                                                                    4d6a8fdae5b29e4b72bf023c86793037b0c6a237aae901b5ad4f25812896f569850f4bf73dacc10747f61a23225de8a6b62bafe31eb8c214f7cb0ad9fd04cd6d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008
                                                                                                                                    Filesize

                                                                                                                                    17KB

                                                                                                                                    MD5

                                                                                                                                    78b845a727e6751ef45c17f4752e2f9f

                                                                                                                                    SHA1

                                                                                                                                    a1fb93a39d5b7e32fe74bd752674782d782a60bd

                                                                                                                                    SHA256

                                                                                                                                    779d84f3cd34ba020735153eef58ba58e5cbe7fcded74c96c0e86581df331f97

                                                                                                                                    SHA512

                                                                                                                                    88e3dc1803bfaeb466c4c78c6afbb40cbcfdb1078f007b186104afda07b230561c781f4c92b087d056e95f7eadb88d3864bc05dac77ab69ff2367f84ebbd83e2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009
                                                                                                                                    Filesize

                                                                                                                                    19KB

                                                                                                                                    MD5

                                                                                                                                    b50d79065d40bf4e01c10287198226af

                                                                                                                                    SHA1

                                                                                                                                    ea6ac2809615082a492aa7a59b44423951e34295

                                                                                                                                    SHA256

                                                                                                                                    ec964754ee1b8fe45d5da3d21af49c697ba26fd40fc4b04737e78b6822d08192

                                                                                                                                    SHA512

                                                                                                                                    e70fcfb2413bd84cc6be293f7c45327f2e364a9247e8b558799461428c42314a4784d1119ed5f1da925f73d67fc1d3a8ad69c1fdfffb2b657e4e6faf1aab34ce

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a
                                                                                                                                    Filesize

                                                                                                                                    17KB

                                                                                                                                    MD5

                                                                                                                                    fc97b88a7ce0b008366cd0260b0321dc

                                                                                                                                    SHA1

                                                                                                                                    4eae02aecb04fa15f0bb62036151fa016e64f7a9

                                                                                                                                    SHA256

                                                                                                                                    6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

                                                                                                                                    SHA512

                                                                                                                                    889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b
                                                                                                                                    Filesize

                                                                                                                                    16KB

                                                                                                                                    MD5

                                                                                                                                    f3737cdf0f15bc6fa219937068e9dc9b

                                                                                                                                    SHA1

                                                                                                                                    6def46a79cbdf6447950641591360138e56b92fa

                                                                                                                                    SHA256

                                                                                                                                    52062268695290be6f7dac4d39b5ca6a1cdb5092f6c0694a613661920ad0c81c

                                                                                                                                    SHA512

                                                                                                                                    f123b4fb9542a553c0b31bc64d931a207282ceb3a74204e7331cd9229e2e4db0fcfd48929056e9d72d8ba80010808a74fc526ae40c0296e546dada2e13f1cf5c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c
                                                                                                                                    Filesize

                                                                                                                                    16KB

                                                                                                                                    MD5

                                                                                                                                    f55234db88c6538e3f4ad45c114435f1

                                                                                                                                    SHA1

                                                                                                                                    c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

                                                                                                                                    SHA256

                                                                                                                                    bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

                                                                                                                                    SHA512

                                                                                                                                    8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d
                                                                                                                                    Filesize

                                                                                                                                    19KB

                                                                                                                                    MD5

                                                                                                                                    3ec20f00a772d639978e1d890b0ad168

                                                                                                                                    SHA1

                                                                                                                                    34dd2f0add1d59492e31da27417aa940899d9a67

                                                                                                                                    SHA256

                                                                                                                                    af24bf1e1b1c40e8288ea76a04f429e91030ee8c554fa2ccb0d143c8918a745c

                                                                                                                                    SHA512

                                                                                                                                    3e90f549962394cdb9cc840cf1864e6855c2cbe1d5ee5a1806f1836eb071fe8b6554a3dc5d0ca06ab52325f3b2584b92eeac0aac20a5b19a5dbe6d4f3dfa2353

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e
                                                                                                                                    Filesize

                                                                                                                                    16KB

                                                                                                                                    MD5

                                                                                                                                    bb8508b1f315e3da5f8663ded69b22dc

                                                                                                                                    SHA1

                                                                                                                                    d05efdc01769b64a3e578f9f0921e6e10a373f32

                                                                                                                                    SHA256

                                                                                                                                    3ff611197ce09fb9883a0bb0f809bcd7d469a05bf6a41e443f4dffdea47e9d5d

                                                                                                                                    SHA512

                                                                                                                                    ff84e49f689b60bdb58efde65fed19639ef8e00af5f37f46ef34b4848c2321221513780c75ada1aa353816d20616065c3d6226d4bff16ade59f17876d6c598bd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f
                                                                                                                                    Filesize

                                                                                                                                    18KB

                                                                                                                                    MD5

                                                                                                                                    767402b2b0e1ab41cb828360a2403d9f

                                                                                                                                    SHA1

                                                                                                                                    7cc33a9b60b5587c5aa64b3601752b47c8a90bac

                                                                                                                                    SHA256

                                                                                                                                    8a68a417ec1dede58073167964e0a9baf8c24faf4bfe83d2bcfede4fcf4f223e

                                                                                                                                    SHA512

                                                                                                                                    afb4677edbc4cd621ae5aef1f07186ca1c63c8bf0471e58b8cb786a7a3bd02f1b789fd132ad7447d27d9bd49b585fd5e6ba56136e6b1cc1c97baf8609d7d092a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                                                                                    Filesize

                                                                                                                                    11B

                                                                                                                                    MD5

                                                                                                                                    838a7b32aefb618130392bc7d006aa2e

                                                                                                                                    SHA1

                                                                                                                                    5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                                                                    SHA256

                                                                                                                                    ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                                                                    SHA512

                                                                                                                                    9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    11KB

                                                                                                                                    MD5

                                                                                                                                    0ed497718f6d0adb2a921423b1988a5b

                                                                                                                                    SHA1

                                                                                                                                    b8037ac2a5126c12e3fff98d47866b06291a5a09

                                                                                                                                    SHA256

                                                                                                                                    220a890f5340e20edac4cf0a8523c4fd4a5cd8195eb4820a75c1d02cbaf5169e

                                                                                                                                    SHA512

                                                                                                                                    45e749613d36f9a9df0960de6eaea79f1f8d0adcb38fff4e9e307b27634e6a27a0b1bf533970300f08026898ceefd8ffcaffa56abbd69280e255ebbe45709248

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    11KB

                                                                                                                                    MD5

                                                                                                                                    6a49ed56f92d27ea0514d17f22db8ff2

                                                                                                                                    SHA1

                                                                                                                                    f55af8ed6c0feeb6236260ef2861a79c20733055

                                                                                                                                    SHA256

                                                                                                                                    95b79d9e0212d40f3024e0514b9bf2bd23cc066b12c7284b81128ea62d5a062d

                                                                                                                                    SHA512

                                                                                                                                    0a5279c59ab2dc7cf88fa99bba870d5b8a1dd91d070f5f684a2144bc44818506aa7b0a6d03ce404391a923bbaec70d2964fb33874730c0c7865b27c9c683ee24

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    816729222fd5693d5edeb6f87ef37608

                                                                                                                                    SHA1

                                                                                                                                    772f5f54a83ede22d9d7eb9f4154928816610fdb

                                                                                                                                    SHA256

                                                                                                                                    4d64d8f06c559cb900112ecf1876db9b3ea5d452b1607d48f66bc98e0e578494

                                                                                                                                    SHA512

                                                                                                                                    468810216d76ae8e1e8ea680d736da7d1dda418301b79ef133d6755a5b781e47da2f0fc714977a9934af1857b1003c293d2f5eba00c083c107941eb00bfc5e79

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    12KB

                                                                                                                                    MD5

                                                                                                                                    87897538a03f10c43be8c92a8ea3d085

                                                                                                                                    SHA1

                                                                                                                                    2ce4a6c526b9f0bd93b4f694753e115e134e47cd

                                                                                                                                    SHA256

                                                                                                                                    b6455bef4c883fa0c675804d162b42e07637297ae62eaf7f2da38915b386ff83

                                                                                                                                    SHA512

                                                                                                                                    d37e3969050e64f8e822674eac7d5c5387ae4653aeba57a652c13286d5d89dcfb0c702d49bb4f75f7f08df05b01713d2e47ee20ab9c9aa9f8ca843f4c193d4d4

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                                                    Filesize

                                                                                                                                    264KB

                                                                                                                                    MD5

                                                                                                                                    4fc15cd35768b7c8df7224821a6e73ef

                                                                                                                                    SHA1

                                                                                                                                    71f4c4bf38ef68e28ee4bce10d70b3ad8287c5ad

                                                                                                                                    SHA256

                                                                                                                                    9c4563b733d9aa6b1106aa2567797883a3fdd5fcbe726277f5125aea4e85b213

                                                                                                                                    SHA512

                                                                                                                                    32107da5a2dfab2440f00d4cfa1e30811e8b63f37f21b88a66e4753d496a4732e3990cb3b798305acba3545d828b8e81ea19637b7ed12d310fa835f3fda7865a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
                                                                                                                                    Filesize

                                                                                                                                    4B

                                                                                                                                    MD5

                                                                                                                                    e09f61118b4be1386d24242390fb563f

                                                                                                                                    SHA1

                                                                                                                                    ab5fb1c699c36b4510743fa24f0b06dc70ab8397

                                                                                                                                    SHA256

                                                                                                                                    99c931f38383eb00b3322318221f1f28e4272264eaac7da21afacf5cb4eda814

                                                                                                                                    SHA512

                                                                                                                                    ea751bfaa5cf483325bead5716ac726716089c6d7966f7da32c8bc4559d7e898f50b8ab7a6f936968981f18dc6aa987594c4dcdf8d6ea6de11bea57a278eb0f1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\b69eb474a8542d9a80ee416b81b90593
                                                                                                                                    Filesize

                                                                                                                                    7.3MB

                                                                                                                                    MD5

                                                                                                                                    b69eb474a8542d9a80ee416b81b90593

                                                                                                                                    SHA1

                                                                                                                                    9d156ab2187e37953bc482e6caad85afdb5b6c49

                                                                                                                                    SHA256

                                                                                                                                    58b35665b82ef1fbab76b291ec26d83868430083799f402304541ef54755f522

                                                                                                                                    SHA512

                                                                                                                                    3a50f7567d05e013919e45d8de651b1e32608406b7f8a4e88dd2e147ddb0de55ba6375a40faba241bb8c8a20c02ee31d62e7294bd87d9990129b678560a748b6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    6bbb18bb210b0af189f5d76a65f7ad80

                                                                                                                                    SHA1

                                                                                                                                    87b804075e78af64293611a637504273fadfe718

                                                                                                                                    SHA256

                                                                                                                                    01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                                                                                                                                    SHA512

                                                                                                                                    4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    280B

                                                                                                                                    MD5

                                                                                                                                    38188729a661682ff2b0ac4e7f73cfb5

                                                                                                                                    SHA1

                                                                                                                                    dc6f6f64605a074a91aa8035e10f31d6e6187085

                                                                                                                                    SHA256

                                                                                                                                    73dd1803f59b27a6c1749d5ec53431592e2dc2f45eed7ee2359125b60bbef582

                                                                                                                                    SHA512

                                                                                                                                    ae277d420a928c56c5bcca97b3539565188169e944dfc6f1ddfe971bedb4ac7ce6f1c0962c0a4391a77ecf18d5c0cf75d1290936eb249498ccd5b3379800d4e2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    280B

                                                                                                                                    MD5

                                                                                                                                    d565f006dc85b2533e065246784b21aa

                                                                                                                                    SHA1

                                                                                                                                    1942c92269f82815937ab93b1335c9fd4400f228

                                                                                                                                    SHA256

                                                                                                                                    aada8c50b5c1b2e74ee770447118d033967a4bd2442089d02d4fe18cf83971c3

                                                                                                                                    SHA512

                                                                                                                                    73a53bd53eab1d864ce5f5a0f2716c1ead9941d8f4db6a8e2ad7904e8782e686c61444b7f4e3e93332982f28b1762471ac5ba2633bceefe957a7ca7353908d4f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\5837d2b6-a54a-4b61-b6c6-b7b3ef3614bc.tmp
                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    8ec1a2c0748bcad850bfc163820b924c

                                                                                                                                    SHA1

                                                                                                                                    9633a40984b0c2fce97c8a9d945c82e360a4a43f

                                                                                                                                    SHA256

                                                                                                                                    93b028b0ab897500db951cdd9f1dde05fa4a854c1b4f5d90864e0bd2fe2b4b4c

                                                                                                                                    SHA512

                                                                                                                                    5f25847ecd99e8981206bed6a797beb762f0f2da4247692b5487edd1b411f65753bc3fbb4e2b383e9a68dc6d648397b4717cb8257eb4f83feadd5a5f88e93b0f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    65c4f012523d766e86febe4871a8df69

                                                                                                                                    SHA1

                                                                                                                                    0395cfa0b9df01b8caa714b792296cda2fc973c2

                                                                                                                                    SHA256

                                                                                                                                    2230e03bb89fc32a6a6b513b0651a42de2433d5ad335bc9c0726bdd3152b3900

                                                                                                                                    SHA512

                                                                                                                                    dd345eec3a33650b9b9b48f8188d16a6bc7802d748c9a7dc61e47c8e5c679c5a25097e83569567ac94e8e103767b9dd9591609bb349e6fd314e11d79aae47a1d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    32b3347faf3107b5c69ef63cc75b7a1f

                                                                                                                                    SHA1

                                                                                                                                    a0eff0f5c7d2cde245151c1a214e8c5d4cb22406

                                                                                                                                    SHA256

                                                                                                                                    339b281cae7f2889f9d0d89bb66198463d666b28c59ca2612b11f1343aac1034

                                                                                                                                    SHA512

                                                                                                                                    59ce131b0feb3e07a1c46c328b13901a23b30f97a7b2493b548214038c1d33e8639b18c2e7e08c8019dde21648aeeb388971966e817ea433c78045d53ff87298

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    abab347fcba38abc674080afa805418f

                                                                                                                                    SHA1

                                                                                                                                    7ee8a7ecca67c857ca57084d95faacafe2f46a65

                                                                                                                                    SHA256

                                                                                                                                    e802de4b4b58283fe7a1c106134434798636ba469f4672b6db2c55c1ae0670d2

                                                                                                                                    SHA512

                                                                                                                                    5618b84466ab4f23f430b4576b29a7c9be00cbd6942dc6d5f28c0445028ac88edcce93e7ad261a2c9a20b522f44b727d8d25b0f1efc610af8b4feb693869392d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5ceb13.TMP
                                                                                                                                    Filesize

                                                                                                                                    48B

                                                                                                                                    MD5

                                                                                                                                    8f322a0412160e4d5cdf2099d6219794

                                                                                                                                    SHA1

                                                                                                                                    89e8179730fe9df0974b1c4c8a2df4445773dc11

                                                                                                                                    SHA256

                                                                                                                                    f159830d56b1e3622e88ae21f833cccd6ed4e6acc24835196f9174356aec0255

                                                                                                                                    SHA512

                                                                                                                                    73595abad3dafada3e78777b83c4d461ca7658d9663ec5fe9f9f121116cc367af8a6bb26bc95c124f9d12a3303032c654d9b999aadaeac41b6bb82d3a8f53a84

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_0
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    cf89d16bb9107c631daabf0c0ee58efb

                                                                                                                                    SHA1

                                                                                                                                    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                                                                    SHA256

                                                                                                                                    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                                                                    SHA512

                                                                                                                                    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_2
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    0962291d6d367570bee5454721c17e11

                                                                                                                                    SHA1

                                                                                                                                    59d10a893ef321a706a9255176761366115bedcb

                                                                                                                                    SHA256

                                                                                                                                    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                                                    SHA512

                                                                                                                                    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_3
                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    MD5

                                                                                                                                    41876349cb12d6db992f1309f22df3f0

                                                                                                                                    SHA1

                                                                                                                                    5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                                                    SHA256

                                                                                                                                    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                                                    SHA512

                                                                                                                                    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\CURRENT
                                                                                                                                    Filesize

                                                                                                                                    16B

                                                                                                                                    MD5

                                                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                                                    SHA1

                                                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                    SHA256

                                                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                    SHA512

                                                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Scripts\MANIFEST-000001
                                                                                                                                    Filesize

                                                                                                                                    41B

                                                                                                                                    MD5

                                                                                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                    SHA1

                                                                                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                    SHA256

                                                                                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                    SHA512

                                                                                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    c59d1ea3cc59bdd08707c066b928859b

                                                                                                                                    SHA1

                                                                                                                                    720e02a7b1ea5f34ece09d043f36fbeec2002b99

                                                                                                                                    SHA256

                                                                                                                                    3b0938b1240f5f40cb351ad85a622b603b56ded7a8f696be4e2bb49f90e80e3f

                                                                                                                                    SHA512

                                                                                                                                    820305fead7ceeee703a7ad87fbc3a16a61c55ae50fd5d9796e651a054e5bd756f713610048837edc0bf47fd69e6061eb09fb6775fb1865bb83aed19f1803cdf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    e4520245368f1ca69b615c84a30859cd

                                                                                                                                    SHA1

                                                                                                                                    60d43a4c813ae1718de5a658d64cf6e262c871f2

                                                                                                                                    SHA256

                                                                                                                                    27ad351f7cdc1b5089b9ec38519620aeb16517c018388d8c9489c11782601369

                                                                                                                                    SHA512

                                                                                                                                    70140bd4894cc70065094c7dcb716171eb084567f2df1ede9aeceef6c99c00a660c31a1f4c322f073d48cddf4119247d9aef455f9124d98b2323b2de0c78efa2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    f8bc441ac44d220995c743570e20e2c9

                                                                                                                                    SHA1

                                                                                                                                    4da55c17759ccd60c2461fad5384e0fe91d1936c

                                                                                                                                    SHA256

                                                                                                                                    0f27f4a799d9f557633cb10e509640caaaeddc270e0444eb317869141480ac9a

                                                                                                                                    SHA512

                                                                                                                                    a0ac263d590c2514aeff184e3962db628713549fe09608c2a3756d544cc3b4ef2e4520ab03cd6206e592ca94ec4c6b693f15b3470c32fbbffaa758cd124c9d04

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5d95ea.TMP
                                                                                                                                    Filesize

                                                                                                                                    59B

                                                                                                                                    MD5

                                                                                                                                    2800881c775077e1c4b6e06bf4676de4

                                                                                                                                    SHA1

                                                                                                                                    2873631068c8b3b9495638c865915be822442c8b

                                                                                                                                    SHA256

                                                                                                                                    226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                                                    SHA512

                                                                                                                                    e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
                                                                                                                                    Filesize

                                                                                                                                    2B

                                                                                                                                    MD5

                                                                                                                                    d751713988987e9331980363e24189ce

                                                                                                                                    SHA1

                                                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                    SHA256

                                                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                    SHA512

                                                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    403da82ee92efc74ef60919d0b50eb3c

                                                                                                                                    SHA1

                                                                                                                                    f68404103e3cc2e8abba7b024b5f686d2e6d72ba

                                                                                                                                    SHA256

                                                                                                                                    c6bde1eb71612b129f5b35cd22a9b76728ea0401f27db593e9e12004c53dab64

                                                                                                                                    SHA512

                                                                                                                                    cd2f50bf48af7cca90c97886f39ff17a552497b98b0fb51a8fa7568c3c78402ccff2954938758cf07ccf838af74451d0fcf2e7bb30a98bc839309ea071b57cb1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    60f86d1f6d6d4a13e18b895b2788f7d4

                                                                                                                                    SHA1

                                                                                                                                    ad66879e9f7ee376f36f7bc8bf00939ccff7b147

                                                                                                                                    SHA256

                                                                                                                                    d960f1fb30aca999b39bb232faa42f74a5367eccf0abf90ea63e56b7e868d3d4

                                                                                                                                    SHA512

                                                                                                                                    56ef859eafefe09beac55dfe716423a4bcb32a94ccc7d394380b14e051bdb2901d5f3e9d6184d5f420d735a5e881c3e869f3dca336491e451243472a43e14f1e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    4fb33ec2ced1b04ce6a54112ca53898c

                                                                                                                                    SHA1

                                                                                                                                    cbc5e47c7f964455f7a53046bfde690320089c65

                                                                                                                                    SHA256

                                                                                                                                    5845dc4bd04050ba24b791aaa4cd922cf1eb098444993d050b0277909eaf85f1

                                                                                                                                    SHA512

                                                                                                                                    0d69926c4655a4ad39dcface5baad2a27af4cdf9a4ad29dc523236ca7141fb9843100858320553ada85631a0fbd2720244cf454a17c99d37b8f408b906158fcf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    0bf40a0e2ccb139afcda793dfa15e16a

                                                                                                                                    SHA1

                                                                                                                                    a82281e2e1945e8ccdaa134bddd447f575d05a47

                                                                                                                                    SHA256

                                                                                                                                    076ed0f6b3fd4212264ee90b485060b56ad717bfff4be5199a6b5944174bc9fe

                                                                                                                                    SHA512

                                                                                                                                    5eee6a95fd11bd4334d32c464c2d2e517b6d6a88d431fbe311c7d43c391e04858a9995801cc49b830544ba9fe8b18e435445eb0c44f52512d54862f5ddb76cdd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    62eda78e9f1f2ecca780006e65214fca

                                                                                                                                    SHA1

                                                                                                                                    d12ea93cb1ae9af4263703da745e27e401c5514b

                                                                                                                                    SHA256

                                                                                                                                    d817413790b6eef24a49ca95dbf0672a793f97aa421210a8e3d36358828bd8ae

                                                                                                                                    SHA512

                                                                                                                                    4bd799f5de7dac7e4f38bbf47fed892a598c20440ada17ccb5c1a75c5590f9709a109d772cdddf81a138029362f63968d4305cfcf8638fd45a38b1335d7be716

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    6aaba576a51943db89aad25863915af8

                                                                                                                                    SHA1

                                                                                                                                    21e12b95be008a887f3bb892afb78de7bbcbe96b

                                                                                                                                    SHA256

                                                                                                                                    6a917a94fb4cb783e72819bd2a21b42f7a75d0795ed555821c96b2f4495b0604

                                                                                                                                    SHA512

                                                                                                                                    9f707ab96a7548a3fa10e9c62d01bac9362d71300a0057fd7b90248966cc67d2fd65888678bc1da1499652b26611ef45d555d4bcee8b17641cb0f68f79eb830f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    6b401a5cef3c9dc79400f58d3f05ee3e

                                                                                                                                    SHA1

                                                                                                                                    8376026fbb772078029551d085f9af06047c377c

                                                                                                                                    SHA256

                                                                                                                                    2ef00760ac18690400cf1deb5fc6970e69d40adf9efe01e94a4cb13fdc91a718

                                                                                                                                    SHA512

                                                                                                                                    9805f451674cb2cc7a048f9122ba95addaf440685e5c9d076f7aabbda5c336ff05fce173af2684064c0fbccd1233f5c5e8f896df2cf57e3a5e3f183eede648b6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    57a8b2d943be9c73effbad21f5b94939

                                                                                                                                    SHA1

                                                                                                                                    933d751ae2c8c320499f2e42d09092011757f815

                                                                                                                                    SHA256

                                                                                                                                    3eddd0e52bebcad8065814c70781e8fe656a9386e4d5dc6049bde5cb6a74a174

                                                                                                                                    SHA512

                                                                                                                                    d0142e73d10017c362b8dc14700e16eccb836401e0e79451019dd8a1cf3a844a677f8c402aafcfa8870c46286514455d49fdb255cb71672c94829e946728d245

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    391bb197ba461e67523d2c94162a42d2

                                                                                                                                    SHA1

                                                                                                                                    d863a4a3da3b2d62de697534009bbecbf453edb7

                                                                                                                                    SHA256

                                                                                                                                    839db7c77791e6476ae8b860d4683b1b10b993c4745df64a00e9124ef6bf3cfb

                                                                                                                                    SHA512

                                                                                                                                    0837fbd740695e92e99ed51a99aa59d1081b5ef4e756a389f75f002d2cfe433539170d450a8e349e0b71c1ec7daf11c7ce2db8bc9c2dbeac7c1b26a3725ebc33

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    42d165a6f5e7017d548b6b3c2c0c7737

                                                                                                                                    SHA1

                                                                                                                                    370dc318e371827c9ce0ea17e4e067cda1baa356

                                                                                                                                    SHA256

                                                                                                                                    97462fe337933a4a9c1328c680ad6f5a174754e2673930d53c97fd64d2ce092d

                                                                                                                                    SHA512

                                                                                                                                    c732e70cf4fa137c9119eabc42a04e8867faccc0e223d520974055b6e18a90e62f21f35c536140e7175896b5bc05943967081c90f0d102b238d98fdc604523af

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5cd47e.TMP
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    6d02fc4d2eea03856137e57a3851f386

                                                                                                                                    SHA1

                                                                                                                                    21749ddb70a97287987258899a285da12d663197

                                                                                                                                    SHA256

                                                                                                                                    99dd8b906edb79a644eee383e01c30ce9311a24db87671ad49d9382b28f3bb4b

                                                                                                                                    SHA512

                                                                                                                                    4a2a3d6bee0a6f8d288cc7bbe3a70edcda0304eb81aeb3aa16573a0a2432a54881246c7a9b8e6a8bc97998c83b509dcf7e3eca576867b8e9378eb4004eb8a2ee

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    fc2d538bbe6e056522cf5c7524cd0556

                                                                                                                                    SHA1

                                                                                                                                    ac785f51d951736ad04f37e568d818911dcbb4b5

                                                                                                                                    SHA256

                                                                                                                                    ccfc51a17ba0f7e1eb13764b26ff9252ff30b82f738b75a8dbf5a9558a3172ef

                                                                                                                                    SHA512

                                                                                                                                    77fb5e47598f2b05ef3ef23358e8c7a9c0d88c27a94a66dd7976942b66dcefd2d48e9a2e8d3c56b128837db66823124cc7e162459ecc38e4ee5b71b1a2f7500a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    21149105d85e6b33f1d9e70b05113d82

                                                                                                                                    SHA1

                                                                                                                                    87807ac38a4272e70956d291ab8bcb7fa0cce9bc

                                                                                                                                    SHA256

                                                                                                                                    7edbc428d24aafcd60ce7c7dcc0c77bc328f316464facbf3a4f44b80417d4f55

                                                                                                                                    SHA512

                                                                                                                                    8cc9fb25c4401d8d21e6e3d695c152267d41d60e86897a2daf992ac61c53a64dc7543295cbcaa03643be9c681ff67318273d0ddbb730113e3998dc460286a6a4

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    ab56517e4a9502cacf928ba1180fb04c

                                                                                                                                    SHA1

                                                                                                                                    fad6b7a1b776a4df6e858cf3b12d4de78347a4a1

                                                                                                                                    SHA256

                                                                                                                                    9c0fb250196b91a61afa33202802125a2a0a5b44ae45748c4301bdff96c5cb4e

                                                                                                                                    SHA512

                                                                                                                                    0e3f6da6aed99539641cf77d49c871ab684afcf3119693dd0f411e8cb79ce53672c6b6e4913feb0919cc9b17a50ae4160ad65495ecd5af139c58f0e14c519f31

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    b5cb3c1b3634c1dd657fddbd47797dd2

                                                                                                                                    SHA1

                                                                                                                                    c485b9b1fb375ca62026b8246bd6b8e3221e3d26

                                                                                                                                    SHA256

                                                                                                                                    2060302608d575fe67f5851bcfe4ddb509018f60d02bf9612bd6e820dfeedf3e

                                                                                                                                    SHA512

                                                                                                                                    2d284b683c6c7976eb19b2c23897b2d90f6996c8fe03c79faf8500707b143323e48c8af963f80ece960b5b9f4da320eee520685c4b34c536a48f226bcf924f9d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    6cc062fa5b398015a00730c0d768c27f

                                                                                                                                    SHA1

                                                                                                                                    5910b94dbae59f39a7c14ffa9f88b36c0766dbca

                                                                                                                                    SHA256

                                                                                                                                    efa16747469a3018c1c78ba745c4199567fb21f6c24db57a2d10a6899a312a71

                                                                                                                                    SHA512

                                                                                                                                    12eb0bcc7e503c9e9f5f64863487caa668ee14bf924b93bf994f7fe049981bf2883373202fbc4c401b7edc2e5e74eef5b54b0255fa6206dcee4f1b19aac22ac2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                                                                                                    Filesize

                                                                                                                                    16KB

                                                                                                                                    MD5

                                                                                                                                    a1ba4a2743f77b025c30fb2551bbead2

                                                                                                                                    SHA1

                                                                                                                                    5ef7dc7c67966cb89e6fb30b9adcb92b89ab6424

                                                                                                                                    SHA256

                                                                                                                                    d9658e0151b744759bbd7b667840f5dec479b0ef6ab00fc749d5112b459b4aa3

                                                                                                                                    SHA512

                                                                                                                                    ef04afadee7bdb1672377328f2c9869a51997f64abfb5ffd2643fe6babb5d3f9b167c7db40f72683a5db992dd262be51da441c171eeaa1a1c33ca88e25d095dd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                                                                                                    Filesize

                                                                                                                                    17KB

                                                                                                                                    MD5

                                                                                                                                    435313c16eebf96eb40255258933a2dd

                                                                                                                                    SHA1

                                                                                                                                    4fe3447372860303c472df0cceafe2997617da18

                                                                                                                                    SHA256

                                                                                                                                    ae4167e5d6fe13f077676d7cc9d9abaca51f85ec49845b07b1e22394cb657d5d

                                                                                                                                    SHA512

                                                                                                                                    296bf892d349096295270e2185ebd2d73ae299ab69d505059c4b4218dabcce4c3999059dcbc97f664a94a98ad564af7381c34b1cd88e529423cf8cf74bba9063

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                                                                                                    Filesize

                                                                                                                                    18KB

                                                                                                                                    MD5

                                                                                                                                    57e5e7315aa3d70328bdd237b69df67c

                                                                                                                                    SHA1

                                                                                                                                    3fc1fc7081796ff6fa0fa93f8bd82043f123128d

                                                                                                                                    SHA256

                                                                                                                                    6aca3bd864e52cf774f2a4887e8b0dd615dcc79e1be657b2b72ad35fd7eda658

                                                                                                                                    SHA512

                                                                                                                                    0f3ae25baf684f39c48bf2e29f795603a31a130747e778e60ec996383e678735ca3ae419d1ef75dcaccdf129f9aeda89b69ab0482b6bd19aaa8227ceebc088c1

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5c7f69.TMP
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    e186e576de7761ba56baae642e9ce2a8

                                                                                                                                    SHA1

                                                                                                                                    4bbc482be5a0393f33b8b9cb69b230fcdd0e2194

                                                                                                                                    SHA256

                                                                                                                                    4ff0f9918e74e05b3d3ae69b47c63394d51f5997929ccfec19195ed8d9fbc1f5

                                                                                                                                    SHA512

                                                                                                                                    446cc2978df2c534886fa867896d3fe8fdf18cbc0e8c12ab42dbcc72e9e7ed41d0b9e2ce4e7510130645b08e97dd3bda7c198e7221217fc3a13c59409fcd7c5d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_322qmt11.1ny.ps1
                                                                                                                                    Filesize

                                                                                                                                    60B

                                                                                                                                    MD5

                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                    SHA1

                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                    SHA256

                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                    SHA512

                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                                                                                    Filesize

                                                                                                                                    2B

                                                                                                                                    MD5

                                                                                                                                    f3b25701fe362ec84616a93a45ce9998

                                                                                                                                    SHA1

                                                                                                                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                    SHA256

                                                                                                                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                    SHA512

                                                                                                                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    0795b0d03b0902e1738968cefd49a6ed

                                                                                                                                    SHA1

                                                                                                                                    4744eeaa2147506577294d6e744535fa6ea807fd

                                                                                                                                    SHA256

                                                                                                                                    7070766544783d7ad6e115cda93d8a5345d242c21940febd9e7b33316fb3efb9

                                                                                                                                    SHA512

                                                                                                                                    588f85f5c641541b0b678d029ba49f22530bfb0310b1eb9835a84aeb12729de0f6db764be554815f32576caf32c43a01c2637552d7b884d7773c8ca6430c4f08

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                                                                    Filesize

                                                                                                                                    7.2MB

                                                                                                                                    MD5

                                                                                                                                    2a39b191557fe027454094fcb79e4c9f

                                                                                                                                    SHA1

                                                                                                                                    a8c2d42f149ec3d8b8ab2fb38e7b1bac786ca8da

                                                                                                                                    SHA256

                                                                                                                                    1cfa38c4091921ff9231b90989c616f9d73bf8f328a263e9e1621a42b1053201

                                                                                                                                    SHA512

                                                                                                                                    77df1c00cadf139dd4f791555abd927d16ddcc5e696a7760ef5a2901f277997f23b2334fd8b2b50c573567139b3f653afb7a8beef089084e2db7fe4fa10ccafb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Videos\Captures\desktop.ini
                                                                                                                                    Filesize

                                                                                                                                    190B

                                                                                                                                    MD5

                                                                                                                                    b0d27eaec71f1cd73b015f5ceeb15f9d

                                                                                                                                    SHA1

                                                                                                                                    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                                                                                                                                    SHA256

                                                                                                                                    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                                                                                                                                    SHA512

                                                                                                                                    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                                                                                                                                    Download Submit

                                                                                                                                  • memory/880-1102-0x00007FFA57550000-0x00007FFA5755B000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    44KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1069-0x00007FFA57AB0000-0x00007FFA57AE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1081-0x00007FFA55450000-0x00007FFA55460000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1082-0x00007FFA55560000-0x00007FFA55570000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1084-0x00007FFA556D0000-0x00007FFA55700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1085-0x00007FFA556D0000-0x00007FFA55700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1086-0x00007FFA556D0000-0x00007FFA55700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1089-0x00007FFA56FC0000-0x00007FFA56FD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1088-0x00007FFA556D0000-0x00007FFA55700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1087-0x00007FFA556D0000-0x00007FFA55700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1083-0x00007FFA55560000-0x00007FFA55570000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1098-0x00007FFA57550000-0x00007FFA5755B000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    44KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1094-0x00007FFA57070000-0x00007FFA5707E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    56KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1099-0x00007FFA57550000-0x00007FFA5755B000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    44KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1079-0x00007FFA57610000-0x00007FFA57620000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1072-0x00007FFA57560000-0x00007FFA57570000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1073-0x00007FFA575F0000-0x00007FFA57600000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1074-0x00007FFA575F0000-0x00007FFA57600000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1075-0x00007FFA57610000-0x00007FFA57620000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1076-0x00007FFA57610000-0x00007FFA57620000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1078-0x00007FFA57610000-0x00007FFA57620000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1077-0x00007FFA57610000-0x00007FFA57620000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1071-0x00007FFA57560000-0x00007FFA57570000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1061-0x00007FFA57950000-0x00007FFA57960000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1062-0x00007FFA57950000-0x00007FFA57960000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1065-0x00007FFA57AB0000-0x00007FFA57AE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1066-0x00007FFA57AB0000-0x00007FFA57AE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1067-0x00007FFA57AB0000-0x00007FFA57AE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1068-0x00007FFA57AB0000-0x00007FFA57AE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    192KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1080-0x00007FFA55450000-0x00007FFA55460000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1070-0x00007FFA57B40000-0x00007FFA57B45000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    20KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1100-0x00007FFA57550000-0x00007FFA5755B000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    44KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1063-0x00007FFA57A60000-0x00007FFA57A70000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1064-0x00007FFA57A60000-0x00007FFA57A70000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1095-0x00007FFA57070000-0x00007FFA5707E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    56KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1096-0x00007FFA57530000-0x00007FFA57540000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1093-0x00007FFA57070000-0x00007FFA5707E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    56KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1103-0x00007FFA55770000-0x00007FFA55780000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1101-0x00007FFA57550000-0x00007FFA5755B000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    44KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1104-0x00007FFA55770000-0x00007FFA55780000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1105-0x00007FFA55870000-0x00007FFA55880000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1106-0x00007FFA55870000-0x00007FFA55880000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1107-0x00007FFA558A0000-0x00007FFA558C6000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    152KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1090-0x00007FFA56FC0000-0x00007FFA56FD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1097-0x00007FFA57530000-0x00007FFA57540000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1091-0x00007FFA57070000-0x00007FFA5707E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    56KB

                                                                                                                                    Download

                                                                                                                                  • memory/880-1092-0x00007FFA57070000-0x00007FFA5707E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    56KB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-15-0x00007FFA392B0000-0x00007FFA39D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-14-0x00007FFA392B3000-0x00007FFA392B5000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-18-0x00007FFA392B0000-0x00007FFA39D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-13-0x00007FFA392B0000-0x00007FFA39D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-12-0x00007FFA392B0000-0x00007FFA39D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-11-0x00007FFA392B0000-0x00007FFA39D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-0-0x00007FFA392B3000-0x00007FFA392B5000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download

                                                                                                                                  • memory/4296-2-0x0000022961350000-0x0000022961372000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/5772-999-0x0000000000330000-0x0000000000365000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download

                                                                                                                                  • memory/5772-1000-0x0000000073690000-0x00000000738A0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    2.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/5772-1041-0x0000000073690000-0x00000000738A0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    2.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/5772-1056-0x0000000000330000-0x0000000000365000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download