hxxps://github[.]com/ShadowRbxOwner/RobloxMultiTools

Resubmissions

05-01-2025 22:30

250105-2ew4dsznhq 10

05-01-2025 22:28

250105-2dw21aznhl 10

05-01-2025 22:22

250105-2apthszndj 7

Analysis

max time kernel
293s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ShadowRbxOwner/RobloxMultiTools

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4528	RobloxTools.exe
3328	RobloxTools.exe

Loads dropped DLL 8 IoCs

pid	Process
3328	RobloxTools.exe
3328	RobloxTools.exe
3328	RobloxTools.exe
3328	RobloxTools.exe
3328	RobloxTools.exe
3328	RobloxTools.exe
3328	RobloxTools.exe
3328	RobloxTools.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0008000000023d5d-254.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
4320	msedge.exe
4320	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
4696	msedge.exe
4696	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	1796	7zG.exe
Token: 35	1796	7zG.exe
Token: SeSecurityPrivilege	1796	7zG.exe
Token: SeSecurityPrivilege	1796	7zG.exe
Token: SeRestorePrivilege	1324	7zG.exe
Token: 35	1324	7zG.exe
Token: SeSecurityPrivilege	1324	7zG.exe
Token: SeSecurityPrivilege	1324	7zG.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
1796	7zG.exe
1324	7zG.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2872	OpenWith.exe
2872	OpenWith.exe
2872	OpenWith.exe
2872	OpenWith.exe
2872	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 4668	4320	msedge.exe	83
PID 4320 wrote to memory of 4668	4320	msedge.exe	83
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 4180	4320	msedge.exe	84
PID 4320 wrote to memory of 3660	4320	msedge.exe	85
PID 4320 wrote to memory of 3660	4320	msedge.exe	85
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86
PID 4320 wrote to memory of 1548	4320	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ShadowRbxOwner/RobloxMultiTools
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae4718
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1228 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1228 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17033233272129050947,6284301065801400530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1168 /prefetch:1
  2⤵
  PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3756

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RobloxTools\" -spe -an -ai#7zMap20277:84:7zEvent7524
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools\" -spe -an -ai#7zMap23064:118:7zEvent31667
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1324

C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools\RobloxTools.exe
"C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools\RobloxTools.exe"
1⤵
- Executes dropped EXE
PID:4528
- C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools\RobloxTools.exe
  "C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools\RobloxTools.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Roblox Tools
    3⤵
    PID:4132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Roblox Tools
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Roblox Tools
    3⤵
    PID:3664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
af7ef8b56471037b62284e8931dfb42a

SHA1
186f1c50ba07a2033d72be1b878a9a76268875f8

SHA256
546a3edf77d0ec3f4849f86286c067d480e6b06586b277eaf3f7874db065abb3

SHA512
35e29e2e13b633308beeb12d8900f88f3a67d4320ee1e43605c58a61b4c89ed443811485191754941d52189e6ebc338608e0cfd91c60d787cab075ae30c7aede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
36611e9227e1e8a5fe788be04d1c8e9c

SHA1
96fee2a4c83170e26f75b171bec79df0ee53d010

SHA256
95b70ec6e3084d7140905b6bef034e5a4510eec72ffd4c243b34bb5853e91105

SHA512
e233aa673b839a92d8d402dd25d8065a8cf4adb55eba8034adab85fa15d085e9f74378c27a9375e972d7ca5667ee2c51b638b22089ef1574f44da5642c978162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4872643ba0cd934b2621dbdb30f7cfc4

SHA1
a180ca2cbcc6142c6c60c828acf08292dbc43a3e

SHA256
1c4fdf23c6ca9da2d40557124c0ecc890211f515f8a52d2a4acd251805c8d4f0

SHA512
d1f3d1a1cb0f4b2de59e93dbc2ee679b936fbc01f1b0dc4d79ae2c57d13a756befb2693d0b314a4fb0973876dc21e042affecde9cf4c56e487b54a2ff675828d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ee983206aba2909e6c4c36f81964b89d

SHA1
1857f8d8e86135e492a0b32135e1b9af31d388ae

SHA256
cd312974ddc7823e36a2bafceb520450f3d7176719884ad5f722bab3b0551616

SHA512
49152e2cc69db0be6aaca7254b137913de98cc767238890146d00eb4de18370280f97688f513db5e9e977782faf14abea4e4fc25c354165c3f1e9bb918dd4f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c9ec91a17f1daa6e445c15dd7b3b5d87

SHA1
f4d6d25fa8acece5c596bb4fc3fcac76a50b69eb

SHA256
7d4fbb8b74f7ec6efedd2465dcb7898e02ee204b5659bae5b450cb827a599f4f

SHA512
94e9321ada256501ba8e43fca0bc58c5e3d6483951485ba92e6fe7b9013195f89c2ab0e8920f814c9be371766d9e91430a82e40c2f488f9329448bc2e80b886a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1525aeb0608499b7fef457f6c6debbf9

SHA1
010f2af64ff34e3907c469ee93603f1f7f505901

SHA256
ee8d2744d2bfd35090dbfe4f9588a5abae276cc7d29d3f0201b5e068093799d3

SHA512
1ed52530fc0acfe4a5d1b612578ba75a614b96849bd5f025a7718175b7512c8ea44141861c4c7dd9c9e6882e8af6465bf20ea1e5bb1183adee2fe9e295a82243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
8161bf7a280f56447ce0b00c58e61454

SHA1
bd486490f624db194c0949d0b1066defaf47a94c

SHA256
ef88cc1f1f70c5209a578ef52d309435361f8c94eaf02323a21d13209ff2830b

SHA512
1f8e87b11e10526d440f805bc05731c9755f847bc5cf00dae473db561c59d27688eff0da25c38a11b43a57b3c6d486ada23879ce9e347cc8d38e84293871f047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a4e15ab218b7194ffd8578911bf0890

SHA1
33c2fc6061941c87e87ddac7a97e97713f88a6f0

SHA256
fa9da18703487a12ff6d22bb499af516cfcc23e302355b65dfaba5d4f00e9c2f

SHA512
9115cc3796373040a90a9b23c1738ff0333da0bb0d7014cb93ed413f62cc55c6c8e0f87dbbe597a3bd18ba7fe466609d6fc69e6e08eb728673e0042d4cbb5f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7bfef62634f2641ef6e7a443e50d077

SHA1
7c93788313f766c68fef264c7e5546e85c1cc9a5

SHA256
732b2d81133a37e046fe13abf274dc4cffbbf72e7b8432d296c6e74a54ab4909

SHA512
5ed7b951d96978331fc8937174c0400e3fa236f421ed2b2e9259fc255a7707b671d75bc4d528c0027413b78da100e37d1ad7c27facfc446e6125aa89f9eb8cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00679dae28ab53b110919c57268f69e2

SHA1
ff98cb85c22cc74720205291ea848c19eba4ad05

SHA256
92934df28d7024a59f44d16e01cf0b4b1fc5ff3bef4fd5617eda5c18d03ea95f

SHA512
4fde5a4fc6d698e3aac3eaa388eb03012ddfb6eab45172455531bb764470fa30695a3acd531916938319b51241653bf4ea072da6b795c2045a38a79a1de223d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0be05eac8c2e45c22a847585410e0371

SHA1
f966d5c80611ff0f06cd932783c359199428d3ed

SHA256
329aa4bc9a6241870d9a4825805cff68a84ba9abb27477ed30e83afaa24bf14b

SHA512
e7852035b014926ce841640d6e126e8e1506622d10f84e6c5dbd1402bc566d2027694872b4ddc675675037b56b683dfd85efd505e04be5bddbcdd7ae42b04656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2959009b861cc15e3218ff1e87a31c6

SHA1
4855b51191efdc7566ca8e008f88b075bbaeca4c

SHA256
afe255332edea0fac5a779115d6090bef1a09f09c4d3eb3fe45b4b0dbca54955

SHA512
af3c1ae972342abea12e3349b5d9bd42362ac8d251b6ed06c4fd858b8fc6501f2ffc0797c26c5d102e670dd8442ec6d10dd57685355336dfc6e27f5291bbbaff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f5a35bba98a70a6e60ddd4631bf790f

SHA1
329f4a15dd81a4f65ff2f132121f427b1e556fcf

SHA256
016a004178c2879508e2920db130f587f8dcad34a89ee5d87bf108260ca6ba6e

SHA512
3c43f517e89ba2b1518a991c9e929ec0eb6d83320ef02028bffe1e46035b2373de059c2987d83f56d9c591a31d9fbf0fbbc6597734ea9a157817de8019a516aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf2f7c968f89bba3daf3159e1851bd58

SHA1
1b7fc002709789400587745381890f61b0ecfe8b

SHA256
aa977915dd62a3b277d1640768fa41141647f2541b00ef4ee80149be8a2e2210

SHA512
9e04bbef05191fc87ab9e4ec7e0fdebaa93588762540f08f9b0dba79946d483272cfc6326abaa0b6218d72cb39bb0369eb89a195ce6004240000c85e6ffc3c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66625256b8379a48630ea362d3d4c9a7

SHA1
3392679c5ff48c718c7497b09e41bcc5bbc3574e

SHA256
019cde62420ba2e88b888a9ecd3064dd45a3eae598e4db2e21d6ae096fb2fc0e

SHA512
b41a1396286f2b2b3630a19bca5e1029de80a3ae793c6a7dd2e60aec19f9a51959c7fb59d6ea51a03563cbaf40e01577db0583c1a655f643bd2b046746f64cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01031af7b55e2ad488c9156335f11ea2

SHA1
c39af6e18b5e74eecf9f1858eeff65f6e8fed71e

SHA256
0b07f18c63241bfb6ed07023ba94b2a8fe26558b68fe954c035d5d5dd6cab52e

SHA512
77bea544099efc7a8f2d68086d0fbc1bf6203c5bf4e33291720ef06fde537dba4faff546496fc08ec165d2b758ab5a5cba18ca23daa5799e3a27da21cc009208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f0a65ae74acbadbccecaf35742343fc

SHA1
0d4dc704ffd260b873a3ad0bd10f91dd06f01aac

SHA256
51b12e7a6c1ef2bc879cc55e3365e1e78cb15c00c167ac2645d7271a2e2d1018

SHA512
5843bd9caa01022020b2de3c2befb49007186eaa67f2c6c33c3d8cec191c4095fc9433ca318230f1840e38fee025fcda6b84e78bd1346104b8aa07a357d0491e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
586379d7fae1b71369aa21db3227ded1

SHA1
eb93b13adfcd5e0ddeef608990da3bcb00add7b5

SHA256
2343880ad3aac540d4b113f4417f00774b843cc98fcf8b09cda153562facbfda

SHA512
e5a72c0f988d50207f2439c1ee9522b0e9b90618af88185d20ec70de880cffaf4ccc476ce7c1ea3d50e73b6b92e197195985156402806d498105b6597ad99549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a9e35e35ec9a04e8967affc48262cd54

SHA1
ab5641ee07a4186b574be4733eaf18206a2294d1

SHA256
507a629eaa8d7740ad89d2aa7cf14c2ca6e6344a71223f2523fa188b2ff38089

SHA512
7c51b8588488c3440c9dbcff8aea390132e586a625e8839acad3c0ac2f57cccf9365f23e824effbfad52d86b98ff2d9e514ad669d1d4f5b0ce63985788630592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3abda50e3590b9f60591478f803ecde

SHA1
f6aed126844ec3d1cdf60de34eaeecd13aff4bd6

SHA256
6aac2415b7ec8af3368e22ee4a581daf814d87587647c85af30e021e1b640f10

SHA512
9d2c2b9b9052e55a153f17fbd21ae888adf4dea6e9e85f9430ec67decd28cd2dc757572150964cbb8c1c3991e618c1049a1ede246cf6ef443ee436ca85cd5e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c1ad36512a531f88cbe1246d178fe4b0

SHA1
dce2c0ddb07c6a582d36e2e08c981dadc339c99a

SHA256
cc50c69f86ef5332ddea4732992112ac20047f9a4a7b4568199eccc00d8b77e3

SHA512
602b54e45351494c0ae3491f686997f8b215b4c7cd13e2dce3b6d5b99c6cc484a822dd41ffb708522b0240fe36802ee3ed30f20fbbe357e2a477d90c7ab8a0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d6361ba3361f241c3fcb366ba4e00e33

SHA1
dea1d68d5c86d1c6bb70be920488a35db2ebcd3c

SHA256
db7c56c3c22e8d3c702efd55527d8b7b95c0a7991d759f521b04bd8f2bb6ae4c

SHA512
de4e9a4a145e863edcf5b77e187d95786bb4499959d490b39b90604459baaa4c25cce9fe545a6d60c8ba5908839206f9835324c6085ade55a0e85c52d62be747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f6a3cb71d876ef36e22391a797088868

SHA1
09dc30be29b502be1a97ce2c47aea603ed4c2040

SHA256
b0353d9ac7a48619f197306dba381fb8a418a280244e6f3a638fec45107bdafa

SHA512
887613985c720bf868961a1e5edd6de0f7866e622381305b56afa7d077d0f2842be501ce84ead4db8bf6ee0243a3afc2248fdc7fceb864d35e88292c8709b210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
72ea7a94ef4cc6354b475f383eb43978

SHA1
9e816fd1d6ea550bad439f5ba62858ea387a533f

SHA256
2c5615f0ff6ceee40105b9c974e2e574e21987bb3efe9df9b478fa2d495a4630

SHA512
a20cf404664bf96cb146ec1856652208a478d420f718f266378e33c5d90b333e9faf734c68941f286f81a0ceddcf0f9153c9af3fd8b9cd2f6e24843630d5c35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8cccb49ae4da0614a094421a359a83ad

SHA1
cb91892bd13d77098db0e8bd3fdba77aec5ff05a

SHA256
d98fcdcec784fe758aaf4811893efde0f0f7a2e283916cfc04ee47fc8197c7e0

SHA512
fc89f6a02c85576ac2ccab6840d41452ee35522ac7fd0c67d347b9f5b60040d51a783b000b06a5a455653cd6a0262c413196e80a0ea9815f91430ebd5e76c860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
475c9df036df3fcca6e45dd0e350c714

SHA1
a75b31308fb73376ae8d0e0134a8036e89a3bf25

SHA256
53cf240755314394336c7284a77ad1fb473d8d6738cac6da761c18af7966247c

SHA512
77a3206d64e5b00d8dc2ff32c84690cd8f92ea3cda326293ac4dc5a9a3cdcdc675e333ca328cd32bb273358d333d30c101c6a925fc6dc24d1b00f7c9482b9fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
31c9ac3b6a9924ec70cd1c62ab18525e

SHA1
e8e21a2c7c16496674a076f2c659d289246ef6f8

SHA256
37e61aea8656aed57e6322cf91a637fd75851a3668b1b948e038e9638f76933f

SHA512
93e9a86cef17231ecd910ed6f7eea8e897ea075f155ff0ae672e5de3ffca3609efabc70276faa61d37e7819e28b19b88966d7b9309ad7d6995678c16dba17138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0fbfe05208a57cb0ece12bc8159a6389

SHA1
665f633f13cac4fd7fc54f5e7a1c6cd81dcae782

SHA256
5ad9cd0c8962430cf74e62b30b8112b3021ee5fa30bcaed66bc3d899e9fb4742

SHA512
75e38ed0ba76d6fa54e67ff810f839c104c113838a263bbc5987e54a9b2af88b2e82780f314e5ae2bda15d9c4dedfa2b02381d78299fac9de456040d5260973a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1c2998900592e8ca916c0bbac8839438

SHA1
bd05cb8848aefeb3691bbe9d6fafc5c092603fca

SHA256
97d36d449ded75e2e52af7d245c4dd422eea4dfb515a6f9ab3ac73f8a05f6604

SHA512
9f7cc3f289b77d836d2168e3f0328313dd92376d6f3ff4a0fb1677d85bea59916cbe5f4530e2c86725a3771bb0f5f88678f413471d9f707a6d87ce21cdb1f0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ee4bb3da2da69e5c490f4bbf5b9812c9

SHA1
7a3da10d0ae7e99c3813b1192c25ecd9fe67bd75

SHA256
ec5f7c8d4a9c281138570d45de716d31c2e52eda6a0e4796929ce708f978ecbc

SHA512
ead18f248de04876bf519c91c9ead18ab29ef992be8c128b22b7dd8a232efd59aae03425908e04e4dddd2d17869356b7140556de59a7061e9cf9a6a903ab936a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dac0.TMP

Filesize
1KB

MD5
c373622789fc4ff021ee9c8957c6acd9

SHA1
3bebf70a382c2da07a73643fa254846b8c381887

SHA256
9b01ed577056c101924213ec0acd4b7f202bf7fcb4cbe0b4a9a3e785542b3ff2

SHA512
2c3713a19cdea46f14beefc5cdc53725c0967c52bc3fcb68913c0dc404359c3b9620e7f2e0313071741e1ef935fe21161bc6702fcceb1c7580cf2c40497d7767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5a214ee94c56e1790babd7a62c4d889f

SHA1
d563b37953787048c7e397893213064cfe81f90a

SHA256
2bac247be2858ebaf874e3f649800a71ec2341a4d0840254f68154609cc8dba4

SHA512
94238f4cba145419dc33d36197e1d159b112993f95c4e27e8f6917185bc6a02756c8b8d53b5dba81d53981444cfdd1f730a782c3a6f0090b52b60b55ab37ce15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
856ed867581cbdcb667b0c9da772ff94

SHA1
bdcd0314ff3c0d7e87d9de09341bd8c0e94e7d7f

SHA256
7881ac3bf0a7d9dfc5661de342863729e3e617db6eb467fb9bf1b6108ec2911e

SHA512
252f5855b82bc47129826632cea19046f53f6281763fd610ec1249b4b575b4b28718243074d5260220f009896991b4d2f179d6f565005943510e792e9f4840b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b09a2869019c610cb0433c7b8490f2b

SHA1
0b6547ab725323ca5a602fceec3722bc93762c82

SHA256
b993732aeaf92a77e9b800f5624be66b4417341293f56216cf6a3edbd0e3094c

SHA512
9246e38976a0ca7199dd000f509b8c7bfd4020b0493360dc43a4b8286d6369de7e05e8bdd58c9a42f9327f28dce04f9a746fd27f4af887dee1df0d126b5b2dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bc999f904aee86bf1940ca0e0392657

SHA1
2f604b20f57967ec9c2828dda49120ca144f6f06

SHA256
ff50aaf26741344b55c80be9d9caf24baaf8542b0bf231cb24dfe944051e99b2

SHA512
f454f68bc510be275c0bcec2b546918856984d6973f4d379d127aa34a2254a4d5489de6df55804e8cf695b27f05876014fa1da8902ca698e0b702daff9b0479b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\_ctypes.pyd

Filesize
124KB

MD5
f8d2950d5496d3940aef6758c9e9e576

SHA1
ed68c88c14e44871a085e93bf8cf6aabc816ce28

SHA256
9ffdedd0f1f09f21870bd75c08d05c32994a1193be3955e367f260690a36cbd0

SHA512
ab25ff65abd64f39b156f7aa91c35a327c930f31d3a5d128e67e00c6307e0a0637595ab812931dc2ffec7102e33a2afc746de6267f6130d4f5a8d3445bcded79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
e8b9d74bfd1f6d1cc1d99b24f44da796

SHA1
a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452

SHA256
b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59

SHA512
b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
cfe0c1dfde224ea5fed9bd5ff778a6e0

SHA1
5150e7edd1293e29d2e4d6bb68067374b8a07ce6

SHA256
0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e

SHA512
b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
33bbece432f8da57f17bf2e396ebaa58

SHA1
890df2dddfdf3eeccc698312d32407f3e2ec7eb1

SHA256
7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e

SHA512
619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
eb0978a9213e7f6fdd63b2967f02d999

SHA1
9833f4134f7ac4766991c918aece900acfbf969f

SHA256
ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e

SHA512
6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
efad0ee0136532e8e8402770a64c71f9

SHA1
cda3774fe9781400792d8605869f4e6b08153e55

SHA256
3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed

SHA512
69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
e89cdcd4d95cda04e4abba8193a5b492

SHA1
5c0aee81f32d7f9ec9f0650239ee58880c9b0337

SHA256
1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238

SHA512
55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
accc640d1b06fb8552fe02f823126ff5

SHA1
82ccc763d62660bfa8b8a09e566120d469f6ab67

SHA256
332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f

SHA512
6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
c6024cc04201312f7688a021d25b056d

SHA1
48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd

SHA256
8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500

SHA512
d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1f2a00e72bc8fa2bd887bdb651ed6de5

SHA1
04d92e41ce002251cc09c297cf2b38c4263709ea

SHA256
9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142

SHA512
8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
3c38aac78b7ce7f94f4916372800e242

SHA1
c793186bcf8fdb55a1b74568102b4e073f6971d6

SHA256
3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d

SHA512
c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
321a3ca50e80795018d55a19bf799197

SHA1
df2d3c95fb4cbb298d255d342f204121d9d7ef7f

SHA256
5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f

SHA512
3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
0462e22f779295446cd0b63e61142ca5

SHA1
616a325cd5b0971821571b880907ce1b181126ae

SHA256
0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e

SHA512
07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
c3632083b312c184cbdd96551fed5519

SHA1
a93e8e0af42a144009727d2decb337f963a9312e

SHA256
be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125

SHA512
8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
f3ff2d544f5cd9e66bfb8d170b661673

SHA1
9e18107cfcd89f1bbb7fdaf65234c1dc8e614add

SHA256
e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f

SHA512
184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
a0c2dbe0f5e18d1add0d1ba22580893b

SHA1
29624df37151905467a223486500ed75617a1dfd

SHA256
3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f

SHA512
3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
2666581584ba60d48716420a6080abda

SHA1
c103f0ea32ebbc50f4c494bce7595f2b721cb5ad

SHA256
27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328

SHA512
befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
225d9f80f669ce452ca35e47af94893f

SHA1
37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50

SHA256
61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232

SHA512
2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
1281e9d1750431d2fe3b480a8175d45c

SHA1
bc982d1c750b88dcb4410739e057a86ff02d07ef

SHA256
433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa

SHA512
a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
fd46c3f6361e79b8616f56b22d935a53

SHA1
107f488ad966633579d8ec5eb1919541f07532ce

SHA256
0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df

SHA512
3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
0f129611a4f1e7752f3671c9aa6ea736

SHA1
40c07a94045b17dae8a02c1d2b49301fad231152

SHA256
2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f

SHA512
6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
d4fba5a92d68916ec17104e09d1d9d12

SHA1
247dbc625b72ffb0bf546b17fb4de10cad38d495

SHA256
93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5

SHA512
d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
edf71c5c232f5f6ef3849450f2100b54

SHA1
ed46da7d59811b566dd438fa1d09c20f5dc493ce

SHA256
b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc

SHA512
481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f9235935dd3ba2aa66d3aa3412accfbf

SHA1
281e548b526411bcb3813eb98462f48ffaf4b3eb

SHA256
2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200

SHA512
ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
5107487b726bdcc7b9f7e4c2ff7f907c

SHA1
ebc46221d3c81a409fab9815c4215ad5da62449c

SHA256
94a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade

SHA512
a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
d5d77669bd8d382ec474be0608afd03f

SHA1
1558f5a0f5facc79d3957ff1e72a608766e11a64

SHA256
8dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8

SHA512
8defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
650435e39d38160abc3973514d6c6640

SHA1
9a5591c29e4d91eaa0f12ad603af05bb49708a2d

SHA256
551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0

SHA512
7b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
b8f0210c47847fc6ec9fbe2a1ad4debb

SHA1
e99d833ae730be1fedc826bf1569c26f30da0d17

SHA256
1c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7

SHA512
992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
272c0f80fd132e434cdcdd4e184bb1d8

SHA1
5bc8b7260e690b4d4039fe27b48b2cecec39652f

SHA256
bd943767f3e0568e19fb52522217c22b6627b66a3b71cd38dd6653b50662f39d

SHA512
94892a934a92ef1630fbfea956d1fe3a3bfe687dec31092828960968cb321c4ab3af3caf191d4e28c8ca6b8927fbc1ec5d17d5c8a962c848f4373602ec982cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
20c0afa78836b3f0b692c22f12bda70a

SHA1
60bb74615a71bd6b489c500e6e69722f357d283e

SHA256
962d725d089f140482ee9a8ff57f440a513387dd03fdc06b3a28562c8090c0bc

SHA512
65f0e60136ab358661e5156b8ecd135182c8aaefd3ec320abdf9cfc8aeab7b68581890e0bbc56bad858b83d47b7a0143fa791195101dc3e2d78956f591641d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
96498dc4c2c879055a7aff2a1cc2451e

SHA1
fecbc0f854b1adf49ef07beacad3cec9358b4fb2

SHA256
273817a137ee049cbd8e51dc0bb1c7987df7e3bf4968940ee35376f87ef2ef8d

SHA512
4e0b2ef0efe81a8289a447eb48898992692feee4739ceb9d87f5598e449e0059b4e6f4eb19794b9dcdce78c05c8871264797c14e4754fd73280f37ec3ea3c304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
115e8275eb570b02e72c0c8a156970b3

SHA1
c305868a014d8d7bbef9abbb1c49a70e8511d5a6

SHA256
415025dce5a086dbffc4cf322e8ead55cb45f6d946801f6f5193df044db2f004

SHA512
b97ef7c5203a0105386e4949445350d8ff1c83bdeaee71ccf8dc22f7f6d4f113cb0a9be136717895c36ee8455778549f629bf8d8364109185c0bf28f3cb2b2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
001e60f6bbf255a60a5ea542e6339706

SHA1
f9172ec37921432d5031758d0c644fe78cdb25fa

SHA256
82fba9bc21f77309a649edc8e6fc1900f37e3ffcb45cd61e65e23840c505b945

SHA512
b1a6dc5a34968fbdc8147d8403adf8b800a06771cc9f15613f5ce874c29259a156bab875aae4caaec2117817ce79682a268aa6e037546aeca664cd4eea60adbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\base_library.zip

Filesize
1.3MB

MD5
0cb8186855e5a17427aa0f2d16e491a9

SHA1
8e370a2a864079366d329377bec1a9bbc54b185c

SHA256
13e24b36c20b3da9914c67b61614b262f3fc1ca7b2ee205ded41acc57865bfef

SHA512
855ff87e74e4bd4719db5b17e577e5ae6ca5eedd539b379625b28bccdf417f15651a3bacf06d6188c3fcaac5814dee753bf058f59f73c7050a0716aa7e718168

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\python312.dll

Filesize
6.6MB

MD5
f9a43765b486c561bf0895eb9390ed1f

SHA1
b398fbd02bd7fdb32dcb88f11758a0a9826b75a4

SHA256
3b56fa10d3797c231468cee42caeaaaff40dbede7bc0d142ec4878493f48e07d

SHA512
f2709ba81fe1e01789fc0aae65d31f5adcfd64dd72d161b4cddfa35f91eb2c8d66954925c825b22ce9034fd894ee18500b1ff0a32e4d585491e09d2c540a305c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45282\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools.exe

Filesize
12.4MB

MD5
1500816c277af08f5b66233f6f790e0c

SHA1
c34c39a989cc8a8296d5aae3223633c18899e2d5

SHA256
9c589aeac15d2c2088478cef8a247ba515e851dbe5a121f78aacde6f559bb71c

SHA512
611418ccee64446d7bc9b98bcfdc8e7e9fdb96929530a36d73c3082b8afd0384b5e10489b6446d441a677ecdc3753bad422630beff5520a36eaf4fd7abe6be1a

Download Submit
C:\Users\Admin\Downloads\RobloxTools\RobloxMultiTools\RobloxTools.exe

Filesize
12.1MB

MD5
430a542ca2779576ea8a775d4ea63ed0

SHA1
b52b69e904d607c9c54c6ada3bbbc2e6d3d486e5

SHA256
83f0ec76f6922ef9985ce40e84ceb1e8e663518d71d986484cc5eb64ccaace1c

SHA512
69270c5cad04b2a8a522c19cc86783a1cef6c7068f19d18a99d0d1fc0b5d60cfe061324b1b0debf98d96f63ec5604ff852075482ae6865f5133c56525620c6af

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 17621.crdownload

Filesize
12.2MB

MD5
c822f4416b65a824b5aeecc06e743707

SHA1
6548023e565327b20cbc9f087fb71d4ffc59c0c4

SHA256
c661bf92a98e8e80e115dfc4d76f85a2d0789f80d1485cdb72ce54e29ef24599

SHA512
9a14c266831dfab1e70f83f2da37807b9e2e2283d76c1d475632b1e71a0ba3e1ec6df6023b3ae4a3fbcf4e1bc6bef0b2f66dabb93477a39147816e0b20dc1727

Download Submit