hxxps://getatlantis[.]xyz/Build[.]zip

Analysis

max time kernel
539s
max time network
541s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getatlantis.xyz/Build.zip

Score

8^/10

defense_evasion discovery trojan

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
288	5436	msedge.exe

Executes dropped EXE 8 IoCs

pid	Process
1016	RobloxPlayerInstaller-PT6KYVHK7B.exe
1948	RobloxPlayerInstaller-PT6KYVHK7B.exe
5048	RobloxPlayerInstaller-PT6KYVHK7B.exe
4760	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe

Loads dropped DLL 11 IoCs

pid	Process
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
3176	msedge.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller-PT6KYVHK7B.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
4760	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
4760	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Horizontal.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\graphic\Auth\DatePickerDivider.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1643415537\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1643415537\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\fbximportlogo.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\loading\darkLoadingTexture.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperFramework\Votes\rating_up_white.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\LayeredClothingEditor\Icon_Preview_Avatars.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\RoduxDevtools\Redo.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\MicLight\Unmuted40.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\ScrollbarBottom.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AvatarImporter\img_dark_R15.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ControlsEmulator\PlayStation4_Dark.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\ButtonRightDown.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\scrollbuttonDown_dn.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\PS4\ButtonShare.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_7.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\GameSettings\ArrowLeft.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\GameSettings\RadioButton.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\LayeredClothingEditor\RemoveIcon.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\Unmuted80.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\mtrl_mud_2022.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-eu.hyb	msedge.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TerrainTools\radio_button_bullet_dark.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\btn_grey.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\TopBar\HealthBarBaseTV.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_1x_6.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\ic-arrow-right.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TagEditor\Visibility.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Keyboard\close_button_background.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperFramework\slider_knob_ouline.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Emotes\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\SourceSansPro-Light.ttf	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\avatar\unification\PhysicsReference.rbxm	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\MaterialManager\Material_Variant.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\dropdown\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5032_1004991631\manifest.json	msedgewebview2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\RoundedBorder.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\SelfView\SelfView_icon_indicator_on.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\SpeakerNew\Unmuted60.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\ic-more-settings.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\ic-createchat1-24x24.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\CollisionGroupsEditor\assign.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\graphic\Auth\reversevignette.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\R15Migrator\Icon_Reverted.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\Button_Curve_Lightmode.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Settings\MenuBarAssets\MenuBackground.png	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\avatar\compositing\R15CompositTorsoBase.mesh	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\models\Thumbnails\Mannequins\R6.rbxmx	RobloxPlayerInstaller-PT6KYVHK7B.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\XboxController\ButtonY.png	RobloxPlayerInstaller-PT6KYVHK7B.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller-PT6KYVHK7B.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller-PT6KYVHK7B.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller-PT6KYVHK7B.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876329337244482"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Modifies registry class 34 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-361fa88592b64089"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{DD96BFEB-8109-470E-BB45-1D266C7A3546}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{334A13A7-C42D-4F93-AB44-F2F0C11113E4}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerInstaller-PT6KYVHK7B.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller-PT6KYVHK7B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerInstaller-PT6KYVHK7B.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5840	msedge.exe
5840	msedge.exe
2392	msedgewebview2.exe
2392	msedgewebview2.exe
4760	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
5032	msedgewebview2.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4588	taskmgr.exe
Token: SeSystemProfilePrivilege	4588	taskmgr.exe
Token: SeCreateGlobalPrivilege	4588	taskmgr.exe
Token: 33	4588	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4588	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
4260	Atlantis.exe
4260	Atlantis.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe
4588	taskmgr.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
4760	RobloxPlayerBeta.exe
1072	RobloxPlayerBeta.exe
4780	RobloxPlayerBeta.exe
408	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 3444	3176	msedge.exe	86
PID 3176 wrote to memory of 3444	3176	msedge.exe	86
PID 3176 wrote to memory of 5436	3176	msedge.exe	87
PID 3176 wrote to memory of 5436	3176	msedge.exe	87
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 5508	3176	msedge.exe	88
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89
PID 3176 wrote to memory of 3400	3176	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://getatlantis.xyz/Build.zip
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x210,0x7fffcdddf208,0x7fffcdddf214,0x7fffcdddf220
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1752,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2096,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4968,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5032,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5640,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6164,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6428,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6428,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6804,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6460,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3604,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5228,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7096,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7112,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5116,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6572,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6180,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7016,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7440,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3668,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4892,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7504 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=3688,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3236,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5128,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=1284,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3712,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7680 /prefetch:8
  2⤵
  PID:2808
- C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1016
- - C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" -personalizedToken PT6KYVHK7B --deeplink https://www.roblox.com/games/1417427737/Mining-Simulator -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1016
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:4760
- C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7588,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:8
  2⤵
  PID:4740
- C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7848,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7516,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:gAFDkNgNlPSXOy0YcaMau2GFit-6TQQyia4Mr-VkupxWo3PKSfz_N8KMApdST7oIolg5-7g2Gr4KlM7sbuUEqKvaOjLHrW_SrVUaXkKx85dfrlRUJ4yNTAEb-F3lZq0kEiIj_VdMxkxEy_9uQDDRJsil_PfuD3pAc9Gc0e4TAFbUQbv2f2Z_TAO2AC4U4INfi4ANxHttE6l5N9K8fdtkd9adgNX_6l5zb5bVFUGERX0+launchtime:1743159537938+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1743159473381003%26placeId%3D1417427737%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3Daa8ba948-21de-4ec4-93ca-0768c733c79b%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1743159473381003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7912,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7784 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7084,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=8080,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:GgYlH4ZQQMI00vxu7lc9dPseIuuDHHZBQETothkwVAn_30AbpLgpw4V8VVY2mToRv3u0JDTXwn-EXybQUN_ByCxblGJF_PzyRLAeGg4DZHDM3K8XdSRR8V-JeqbvVXwFXAByTc2jA_Dxy3F672kpiDu466Tw7lpYSaYq_k44SiBW5FiFbPHqI3TY6yoRLrJyUTGEb_7PgmjbKPVZkpriyxxtz_ax9v4g8vhQDxIj3AA+launchtime:1743159537938+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1743159473381003%26placeId%3D1417427737%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3Daa8ba948-21de-4ec4-93ca-0768c733c79b%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1743159473381003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=7924,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:86FpgY8nkIGGDrRHEpWldcYLg3ZLpCnM2wdS0tZLMLKMsaMmiUi4rpmBC73lrResvgq9uYlZh8HEjg6oMbw2ZJs8ZSmz4BQKxXCmx0Dka1SNsfzhAE0gtZURLEwGN2Qk6Yp-8XqOJ2Ojs4S7eQRIq14PZzVnyWkJiNn6k3DqoutIe71j3IyiUC1y2qrYY8Yw8g4T_weEaPAXsmqo1vwyrFMUOCRHURTgUdvYP_hnhKc+launchtime:1743159728156+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1743159473381003%26placeId%3D1417427737%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D71a1d776-b797-4db6-bede-b445b160e80a%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1743159473381003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=6980,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=7668,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8012,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=7956 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=7528,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:anCHgekXaEM5XiRaxnCqd-O45eh41x_mPy9BjjD_ShSjB3xiIaGz3MJ5PAa53CZq2fcO0a8n9Hh9TjvjAXulYM4suxe_EMAXVxK4aZZMJHcVHJizBjckrUa7f0Bluj4hTENCwLrQdy4TBtBKsLs579bbdWLhyVyw_L4IH8jrzvJr-mcrtaOpRb7Tr3Vfo22jMuBn0vgSuKj4IVQSTd0yayf8v45a_YbIritLwQq8LLM+launchtime:1743159783230+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1743159473381003%26placeId%3D1417427737%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D6778b9df-9e13-43e2-a3ec-7e519fb270ea%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1743159473381003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7320,i,5465061376355502974,3108304547876878417,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2688

C:\Users\Admin\Downloads\Build\Atlantis.exe
"C:\Users\Admin\Downloads\Build\Atlantis.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4260
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4260.4564.8169459675542839521
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5032
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7fffa8cab078,0x7fffa8cab084,0x7fffa8cab090
    3⤵
    PID:4280
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1748,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:2
    3⤵
    PID:6096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2072,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1732,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:8
    3⤵
    PID:2356
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3612,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:644
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2100,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4804,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4652,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:8
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=784,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:8
    3⤵
    PID:880
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4292,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4832,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:8
    3⤵
    PID:1484
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4380,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
    3⤵
    PID:556
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4192,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4352,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4800,i,18194841925832671611,5492161992428148572,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8
    3⤵
    PID:1960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x510
1⤵
PID:516

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.7MB

MD5
a679a17f732d6c4e4799f4c2a5c00b4d

SHA1
79778557030a4ce1f0a31f1d93878c931bc932fa

SHA256
6472c6e314e51269d9455fbeddb982a6af07269420c23fbb09d2fbdbff49dcc5

SHA512
ee1843c3c4be3c1b82629d45432748b2e84c3025a19cf65fb9f80b6ac214a2d1411152a4ae196d5b02fe535bf6aecf2ee2a898f475394cc23815a30d81e679db

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.dll

Filesize
14.9MB

MD5
708a873f0b36b02b8e92f738d414b918

SHA1
4ca5646a00859ca875b93ab0b111265684a74c74

SHA256
485c0ed2fbbf74c7b18d95e4800da48f2bc90a030551ca21cb2060bf092e1679

SHA512
01af8f6e0cc2586382acaab92c094bbf9b6d735c0a1a9f2bed678e700026209331bc77d3541f6db462e5daf8846dc2f5779361dd7082ed17845386d177cb6a3d

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\WebView2Loader.dll

Filesize
154KB

MD5
577f05cd683ed0577f6c970ea57129e0

SHA1
aedf54a8976f0f8ff5588447c344595e3c468925

SHA256
7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf

SHA512
2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1016863685\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1016863685\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1167317536\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1167317536\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1340473607\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_1854005122\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\_metadata\verified_contents.json

Filesize
7KB

MD5
117d173e82b282deca740475e35c8ecd

SHA1
912b12b993507ebd9af6bdc937559b4d4b58a0d8

SHA256
65491b21947d60c87c6358dcf69df9aca2b99e8f3b611bd3d559699bbc25000b

SHA512
e455c0bb68e9056c6242058fcba954bc1d5ea4a864e99be008b2745c51209b477bd7bdba57006be4a02a09bda49c0cdc17e8f870c81c7771864640950f5f9a93

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-af.hyb

Filesize
70KB

MD5
ffa9db945f0f0c15b8bba75a6e064880

SHA1
49217a9d5bb7a868464403b4e3c82e80df53456c

SHA256
5487ee44a4cd706d0086522e90c59c76cdf2ac68ce506fd3eae6054b9220c0cf

SHA512
cc67b2dfbbb009dd3fdb999fe86410425455613c12dac755a3cded435cd25ca4363782d70f3b7bb7c0fdd63e2eb649ae6a4053d929f463b646b43d7dbfda79c0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-be.hyb

Filesize
5KB

MD5
087de134f3b23a9944afd711a9667a0b

SHA1
1b67d0a65ef91295207d66e62b682803aa74ef00

SHA256
25b7cfa039f82ac92990e1789de40988d490db9b613852fb24036b38ff87893c

SHA512
42c0b51e0e28109a7058d3fc03fa7bef8b25c9b3c8bb74933574fad06c061fd1636b53eeeacf652e438d4df08002db449681be9e6e6821ec23d32a8be1778998

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-bg.hyb

Filesize
3KB

MD5
e8a4f8f5238f9a0ff6968ad8dba2755f

SHA1
abf002ff28b3aa2a59948225e5e600096348caa7

SHA256
7593f0395081e3eeb2d8516d10746608afd826cffd4e7e37d53936993d200a13

SHA512
b54811e1be6e63bf19e408ac4ae9da86e1473e4e8f1e9d517d907e025be20fa6979517339ec6defd0ec30613ed42a97d88111d39297214afa7606597cba5ea86

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-cs.hyb

Filesize
62KB

MD5
e8b1509f86508e807d61216614b3dd58

SHA1
b2334509e9d1589ad2e8b80c187018eadb15872b

SHA256
97a4755fe9e653a08969f1933e3db19c712078b227bd5aa6799093abc5a0edc3

SHA512
fb340fef9d0dba342fd85b8b18c0090391aed717fe92a8da7c5d939dc9c0aa5235d4423b590e52b0decddd4f4ad8bd4652361161c193617601ff490dd1be97fe

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-cu.hyb

Filesize
51KB

MD5
b4e5921b1df85ba9f2ebe6ce578915f6

SHA1
b5f2e813667aae32e65cab9c9a0dd291421ada0b

SHA256
2baee19d5024ff87dcf3a1b9d0da1b3ac5a1e506adeead3b96a4de5395d0290e

SHA512
41696a9e25ca004acdc8def265766392ce3568747560ff73cd08ac9fa4a99e4c4654fb84dc602845b3e444a8312fb099c72932471f7e830874cd7cfa184b63b7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-cy.hyb

Filesize
35KB

MD5
b0f32ed7b4b8a068a962d820627b7229

SHA1
76734e58bd33c4d1450228bf05e53cfe169a02e6

SHA256
4d0569fe2f4b41b3164cf610310e1d996fd2c553cc39de6062e50f4e033cc207

SHA512
8f20253985c217401627e0c7d31aa1bf213fa220bb498869e11e1e532c3c82dbc2abe6ffa27c69243913243af1aeb35806175511d77d730c914b1cadd71aa7a0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-da.hyb

Filesize
6KB

MD5
d0e160dca547eda390d6cc7c4a1f7ac6

SHA1
7eb71819675e82b1bb92428e07fa6b05cd1854d8

SHA256
86fdfc8db62cdaa11f615dad3712da1f4708294e029a4aad0fc285d4ea16c4bd

SHA512
9be5f673962c6049ed1c796a81aa7be72a1c7715fc2d4610cf6565541c7bb145d068b94b5fdadd30bdb5f5287ccc2055ec1dc9e11e4c5b8965d59ef73ab145c4

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-de-1901.hyb

Filesize
118KB

MD5
dd9d0a81d897f88f76c1f6d69fb7483e

SHA1
520bf6111f902196591ea358fa8ab4ae89ee0acc

SHA256
8c5fa4b29519d17593e923bc6a9a284df7a6d07fac42f897110b8fb2e0baeef5

SHA512
8c0a339d353cac1c66542bcfb7d41e7241a59a1886fe8a189aa155aafdf3bd23274f956d3d8a49be5b23cceafb516648a0e0b44f67e6f5ca60e216fb3f362ccc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-de-1996.hyb

Filesize
117KB

MD5
e7a9906b316d478b55bf8ebcbbb1d1c5

SHA1
5688453de9afb7405960980dc93adf9296aa2f4a

SHA256
d673805547a0228d2f57a5ad551b8760cfcc521f38c49284ed3976e3515bca49

SHA512
36e6beaba33a16203f996d6e8fd987347028d590a4b4bcd4d2a129876c486e03b9ba13f279f301e91aec1e0f8e91bf109a27f2b464f15a3e1a2b56d03473b69c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-de-ch-1901.hyb

Filesize
117KB

MD5
c6773229845710633d3a4d6dd9800fc5

SHA1
1d4c2e5f3ddf5627164edb471e8a8177993449f4

SHA256
8223a912160354e05735522fdb339dc59b353ad5d1e4f4cfa94898dc348e748f

SHA512
ea69926520429cd934d52d84a7fcad6bc9bb654085d8d1de813e73f191ebd7b310e2e68b4bb43fecbd88cfd15ead7fe295405c01b7fdc225914b0477c08d4e01

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-el.hyb

Filesize
4KB

MD5
746a59e9f9dda15c0f17c1b72921c85f

SHA1
eb7f671af76eac40787d9227d41453b5117889bf

SHA256
76ae3454fb0045adb83094832578aa4749ce4dc694c4edcf85b419c1e2d9bcd3

SHA512
8894b754377285e2f3071fa5bcd714f249f3dc85bf3690641c6576b070113c1e72caa61e7e2c97d35a7f79b08c2969bc4a2fe46bc4bffc4ed58069387dfa7834

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-en-gb.hyb

Filesize
45KB

MD5
fa3dcb77293a058277cb148a0ff491fa

SHA1
3335315b13cd82075da2adbebe32759c01833e8d

SHA256
ae4b78009d18e849d87458677151ee3aad1608ad72ec050dfd2421d22e7d031f

SHA512
c83a8c4eb29c3171fefe983c3e342b6af1bc1add7288c75c5a782dc14f12d2af83043c2b43c9ab3e5db61c91de6d7cb473746517debcff7ac2c0f05bb8b0971c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-en-us.hyb

Filesize
58KB

MD5
b2693233d14890c81d322bec948549e7

SHA1
7ea8e42e319305010d3e6568fb4983171583dd06

SHA256
03727cd6f4aa71b203c4c74ca6987ac7d87f13037337ac6f4b6996c2a0dc5f8c

SHA512
1bcb5a9c3db408fba6a6d02162a294c5c7264d4b202eb332da8d02c0c662cb070cf1534d5aa0754788d35abc88273f3337ca5f302ada95bcad077eaa52804915

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-es.hyb

Filesize
14KB

MD5
f6bd0377237fca3c4b7c6a6cb244298b

SHA1
b8df975889cfb06fc97db3d63a7820b7cf621f40

SHA256
137461792537a2e56a6475e81e2b9ad7a2bdabf1f4738fae186dca3022357349

SHA512
0a36860580e295122f5e49091127386edc762eedba80a2d7ad958ab33307aabcd420173e08ae797a19664bc830800d92c548f3e434bf19bfd7791e50e0c45c2a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-et.hyb

Filesize
20KB

MD5
2ae42ab807286f6ec0ff1876d9536b0b

SHA1
cf3bbe7348eaf2cb3d93c5cc10964bb8d1ba07c1

SHA256
10079c66014dd2e6abfef5a018e6553fd5a036afb96bd2a235440a188f88b15e

SHA512
13c193571a7374bb169f6f0f06a9af7f8251cfcbf60825a85396c907d40f7837c8efd0a7bc8b6c4deed2bfca7b8508f132932d7860c2c9a4fb568d8ba2acaea9

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-eu.hyb

Filesize
665B

MD5
e90ea97070cfcfa795fbd807ac300d34

SHA1
8c83b4cd54d394aeff31b14a219f2a3562132908

SHA256
e2778a4fc7b8f064a32b6a44bc29f10e264d9d6214b8edb8ebd1f5f6d68e2eb2

SHA512
210dd857f7799f1a926c7aa73f26912ad60723e099acf1566bc39efd445a1b194be4dc557d5da6874e7d75a37115aead9389b8009eec1422764e6648fe4cf8f1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-fr.hyb

Filesize
7KB

MD5
092e0a95d6dada26ca56d2ed558749a3

SHA1
40bd8296e5e852fe725c7119083a8d5614037cf9

SHA256
00bd8b2d398d77575da2bfbbc5ec641aad7f2a87d4a31186ec169e85a27de5b7

SHA512
c04ba62f4a0336e9b25bd2f6a8c3cb82c8b6127c1c04fc173abc9bf03767a9ffe18c9241b301d6f71f79f3377bc990f25f099d7660880c097a9cf4bb1e4bd48f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-ga.hyb

Filesize
34KB

MD5
768032a419e0ae3bd870d591e2173715

SHA1
58fd709a1dc40176fb72189c20567ac1950b9db7

SHA256
1e3043f395bfb2a4c43d0480ba2f168ed622881cc3482359ca6e99821e983be8

SHA512
4a4ca1f735b82f625002b0292f623179f2a6ce736f633cbfd6868e3db0709eb06eb462bd9da3ffa8365c3c38fdacba735ad32266cb3ec33d3e583ed073d0e3aa

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-gl.hyb

Filesize
9KB

MD5
1b08fb098d29c30488b8fc3f19dcf8b9

SHA1
df6e03da66a7a5ae4927334808c8c20752733667

SHA256
89d98eff14e2cf1c2314efdf392339e62d7e786f100202a7377bf7b22095a0c5

SHA512
de1de90bd44d8977a4a69d6c64bc90f421f5e099396d06fc2466de6ee62a59f5a59ac1ba0ea96e69dfcf744f12165a8a9e9fda73afe5d38704a7b3b0488a369b

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-gu.hyb

Filesize
655B

MD5
f6dc4e0fb974869d3d9457c582a38690

SHA1
e6708afa342639eb96cb97d1f541a421b2626d00

SHA256
af0edb67c2219b803c3eb6c1dee6f2d41a3fe00468a9da8be8ef5056d701abf3

SHA512
a778236fa8c5f28e747214d0ba0417aca1c9a95e4c013fbc21e6defe39d0421a2b27ccb27e6f248404a9f6b5cd1014574d0478078f36af2a0181872ac8173d72

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-hr.hyb

Filesize
2KB

MD5
1864e47e724bb7f9c052a2840eee21d9

SHA1
9749136107913d6570c0c46ae2b52e66d8284c38

SHA256
d5f066a5657f1d7c39d053956df204b7926f40d2fe4f69573af09d909066e26c

SHA512
2d6e76aed93652510f5864dde1e1923c67e7413e895abfa8fc7e8c9177e228e4d153afb7099b86697d1662ca3124ff2173f4aab2c978d52583a8e2dbc70c0842

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-hu.hyb

Filesize
309KB

MD5
37b1f197e8dfbafdac4597edcf673e63

SHA1
e672c6870417c71acdcda6c16a7185d7a868eb68

SHA256
8b3a16268cc932b226c17ff405b3cfb6eb38a9511a2043d653dc03729efceac1

SHA512
69ee820439633b348bf8efdd3c498a30270753e53ff78d022bd1b295c6c95e0501955009f610a12fc55c786a563b0af40d2b69a7584b47662b943acbac2d3634

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-hy.hyb

Filesize
605B

MD5
70ea4451c3a26fd7197a3d2188be4152

SHA1
e0c1390d94876bf2a3cbdecaabb0e335bd86355d

SHA256
9b34dfca85cb27546829f104f137757efb274934c1e9d4991f55ad564962a76a

SHA512
ac957947c51ea23a9b7ca482db08f0ca3332b8048025a96acb01a4486c1a87c3f3d08898e94cc8e0b20721c56ce708fb37e1bd81bee1fedba60a7f370d5ddaa4

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-it.hyb

Filesize
2KB

MD5
a4d5ec24d4c5ee745cdcdc019018074f

SHA1
15dcd0305508afe357eee16a543f4ce547ed500c

SHA256
f9c027d7fd44b01cd5e1cdf802e20c63560673098af18bea0930ba9af334e0f7

SHA512
e9022473816f2ecf4b5b06bd6b28d75ec64fdff974a991aa522eb105e3aa8d23dda0a45e11040af4db32e1f2e8cfffc058bf29fea1403af5a724831c730719fe

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-ka.hyb

Filesize
9KB

MD5
aa6c771083158380b2631f01e3f64f20

SHA1
1b41cd8e7585dcde57fc0b40502328845e524457

SHA256
2472271c7955c67e9fdb86d0cd3c5d88f5e598da4f44b6741284b2bbcb2e4d52

SHA512
f8cd93862ca2f76d769721bbf858955fc007bcf2e1892ae3e50846e28c6027208869f580479d3888610820ad5348a21a8709984aed844669fcaaa3f14199addc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-kn.hyb

Filesize
711B

MD5
d986ac2e7c75cf3ef929a7a269ae0d5a

SHA1
de8bf2ee2b8a77102337c45e5fec924c6c02355b

SHA256
2b999d0a152f804601aa8f38ff0d3a6e5949977bf1daa76fa888acae21526287

SHA512
5475c82fd5074334bc5f0f89edab62e94bc5865da0432c6f830b50db3045afda12bb698659951f6d0f76c55a43e1add8d47ad7fd03597bbe92d8178ad4783c71

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-la.hyb

Filesize
1KB

MD5
9aaa47272099a013a4389bc314b7d2ed

SHA1
20b5bf65fa2023e67ea0687f643b52eab3fc68e9

SHA256
fd4b6f36135cd3b932e350ec2017dfd89d2e36ac226f54e4c8f2e4bc6db0593d

SHA512
318b17b2e2b16ec73f231455d633c69fd44b32868c215053b3ccca54472e775d4589cbb4daad2fe37a40f79b6cde497f654654be009d485a84327e0f560fc843

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-lt.hyb

Filesize
7KB

MD5
970c2671eac4fff6d840dc122e43b7c6

SHA1
d849f8b0950dea8c45e60296f6c8a7ae2e0f3f95

SHA256
6fe2da26a96834fb9aecbe586d40f728df0ef676a4f235450054e66841b9e2ca

SHA512
c6b799aaaa714650ca39f8728bef6989e7e801508366caf1b384f021ee443bf21b3f59d28c2d9123a1f59b4abd3a27522cba830e431940e6ef9dccb5a319d581

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-lv.hyb

Filesize
37KB

MD5
05dfdb7f1ee5744573ccd62ae565b2c7

SHA1
754991bdb092e363b8d884246f4ca780cc9ab2f3

SHA256
65962ccb5055e4c693e5ac493d6affdc810ec168eb2942f5705b7f4e464f9993

SHA512
11675bc30f19161666f0d7b5ae001cd2682989465dd3f4973c455ba50eb1250e56fd1782d9589af2f8b3d6843a611d75d38e4ccc03a529a7b42cf403c482f2e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-ml.hyb

Filesize
776B

MD5
84a0a36ea2c5b3209a3cd40d1043230f

SHA1
a98436b640a8cfb9cffa26e89fee768dce6f0747

SHA256
90572db8f49b01ec6a102732cdf14fc3f07d363cbe0d261103e583043164e888

SHA512
845ab7b075d3ec490c477af3b1f6d28cdc83289d206d079730f69ffd32a0fadb04eb3c9539e4dee6dac080489aea9f3365a20810b4bbb229c2aea3558bcfa1f5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-mn-cyrl.hyb

Filesize
5KB

MD5
07cda8332b62726883b29290ca35fc89

SHA1
2e3e1a7e4484225d8e25a59695e86eea9f516ec6

SHA256
0d2731f16aa2c90faec8e63260358cbccede403faf95e3af8c66bc2db0729ca0

SHA512
a55a5a7ad3e6b084bb15d360a732f344eeb59e0ecdb8a431dc9379653d3cd828131daf18dd91b6b45001aaeecbaa87e1afd6eab4a795373dca1c4e68c7e0cc85

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-mul-ethi.hyb

Filesize
3KB

MD5
b42317960e5da868a8120cb79a440abf

SHA1
5bc583fe2bcf8d9ef971c66a5f57821aad1458cc

SHA256
f2fac1bd069ffe5cd1112d94cc31137ed38a1b161093ecd74c9c1688428b688b

SHA512
c26c686f7a1ae785a6d5b5856670cf9b7bc48e4a388d2e2922b21fd6c0124357acfeb73b370ab617c5ed4b033d945fb3c7cc235a661baaa7fb976dd6edec66c0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-nl.hyb

Filesize
75KB

MD5
d3bb05944de3d0d7186e7e9383805e2c

SHA1
1b1ea734d900f8d766e7226fee09ee14fe606a7b

SHA256
5ebde398944b461cf940f0520c5a49c0882b6f36f9ac5cda0538c8c8b44fb7ca

SHA512
5fd9c6e5e4f060d1b37b7e80f162ab10c1efb24258a5bb26c89469004191ec5517e4cf4c1c7724c838c62b5358d3c95d515c1ee4a5b001c42c3325ce1d11a928

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-or.hyb

Filesize
647B

MD5
7e265a294303f69aa66c243f5f474463

SHA1
4d382ab4bed3dbe481710f0c651ca87b2394661d

SHA256
4e9cd302baffc4ea3e9652327ea24072ebf37b5c4fc0719292bdac10aaad665b

SHA512
d347d422249945c9a664be3c48e1ec07becaf03bd3525869f06c9aa328b4fe2884ac963cb97949d97e5ab41617b0fc6f2a2171f06007bf94cce88d55a15da922

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-pa.hyb

Filesize
607B

MD5
0f27e5bccc1cd9ddf3eac020da27da57

SHA1
bd3c83300aad3e79287c1e806e864f7644240911

SHA256
470329d28faa484f945d78ffefb176dcb6f2032c753e25bc014106ad24b2c68a

SHA512
141da09a4a1a3b9e581751a1b2c70cbe981e1a915ea538a8015c7614d11be059cd3a03b4f2420f963e5657a4417b3cc5c3a22e0028132a21363219e27751ccfb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-pt.hyb

Filesize
1KB

MD5
564ff32ded64c6bfc693f2758a53d68e

SHA1
3965f963d36bee1598683e72c857a3bff196b295

SHA256
f6fbf1bcb260cc86256fc494f388f7b27d10865fbf8f61517dee25af4d58d6e8

SHA512
e9e574ba07703295aa8b7fd4603ef079816ea44394bd62750e08e523b9a7b408fd979552d90d04f825242ccada7ad66003fba76c9c8469541b5c6d2fb85c41e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-ru.hyb

Filesize
19KB

MD5
4d132ab42e0c8abd3ba93d8b34bdbeb3

SHA1
f3ce82f2dbdead517d5faa4490e1975ef8fafa6e

SHA256
336ce2048ffd31b7bcaf435e53badfaf0579e405042d49adbc0823f6be5f9614

SHA512
eb8e27ab070db7407f1ede29751aab4a88f4182e878e956cc51d0ed9ef2c9afdec208f2f4700551374c5a7f69c176ed7d6cb771ac17c3eae77323a5709a85fcc

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-sk.hyb

Filesize
62KB

MD5
cea295e8b4b99f95738727905a9184e2

SHA1
31db6c826fd7830bc76f0ac1b9d21c2ef67f8b1f

SHA256
138c5990961da21993653f54a413ddacb8921d6d70b892b7ca154d6e8ad2028c

SHA512
b20f651c74a070a4d26b58bd8462e553077b7333a2c854f7974a7e67bc442c3a6feba52c3a537fd9f1579d5de0126bbe1da4be99aabee79b7987b2edfdd8ed67

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-sl.hyb

Filesize
6KB

MD5
a21358dd4506643486f72f7d80d60a5b

SHA1
fb7ee02adc970f4d71c84d18777a59508fa1a46c

SHA256
ad746c68562603ac3b15e89da03c76e081c08e7d9c8d4c9f64763e53d696c77c

SHA512
7dc9e18050b3df4288aacaaffdb17668f0b5d8b5e103305070d2ef83dab2f5dbe3b071b05ca69340d86a53d47d4cf8197ecc1bdd086a320bf81f9df8c0d3ccb8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-sq.hyb

Filesize
1KB

MD5
a22d0f39cd83f3a8e251f95c5b12dd31

SHA1
24915151b31525a0a9ea0ef7faf8ddb8b3faf11e

SHA256
bc29c9401ce952414cbaebc5c8ee1d27c1706c6f77807b5ff713e2124438b3ca

SHA512
ad319fc85aa612bedad8289a20fcf42d4336c4b3ed704ce74c6c0ed68e3e18d62c18549f8a5efe5bd481d8def514f2c6b083803485e04bd5919bc600501c0e00

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-sv.hyb

Filesize
70KB

MD5
892598dc59ce71e68ed337ed9ff3abc1

SHA1
c89af0d28b8b769150981539ec2318e34df29cce

SHA256
56642aa5a37625ff9d034761d16b034d4ba5be74090cbd825956bbce2775ecd1

SHA512
eb13a68ff5cdd0edd73ce4c109984b3e58763812c31755bd55c0a324048873f610e36d1c41b3f642a64f7fe0945ee872a02fde744d5821aab03a2288851d984d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-ta.hyb

Filesize
554B

MD5
ab2f6f9696fc7d699356244725e7c778

SHA1
2026841da77dd77715b521ec73bf819d1d098b60

SHA256
40fda94856a86f065de8baa6184ea63dcdb011ee4ca498a7c1fee44c99314c67

SHA512
88a4c2117102bdb60d482448c36dd79a8da1130a4636513c8ed56eb282da6c638d27eabc9799eab8bc1a7234a0aa6690c55408500608387912fe283f13bcc328

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-te.hyb

Filesize
703B

MD5
bf9df63b3c97de3bff99e24ee4bc5f2e

SHA1
774659cf1d58bcfc69900315281e99e038cd2a97

SHA256
516fa9654fa3aeaab480d40eaf6ad78fc039086bd8edc144be3d59525edcac29

SHA512
52f40a2c38cc62aa6b0e081c90b9dfcd6d3ed03a4a90e596e11ac85bfda96eaa74d465cd7168b803c0d59a53df878b0ea1ca657c5caf3de49c8758cbd527bee2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-tk.hyb

Filesize
2KB

MD5
ed60185b6f455b6f8ed27eaeb73334a9

SHA1
11e53bda5e2a0acd000692ad8af45611b57277ad

SHA256
77fdaed29bd842aaa976ab7ef81b617a15c0a2d1ebd1161c1bf26b79a108b5cd

SHA512
3ef211a330efe9e34468c9c460dfcda1b8da80d113317a177205c76ffcb916ff25ffcb4485703fd01ee248d356a67e5bb18df8e5ea40b2aab3999121083b7e30

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-uk.hyb

Filesize
18KB

MD5
0ec028755f0cd9ebba41fb7273de8baf

SHA1
a8a784454269a2769710fb3725730f06cdd7b242

SHA256
1c626abe40d43f6d56a01b5b40305d7c7d6481f616eac00a3f3aaaaca8388786

SHA512
024c611ebabb0a84b5a887d808e24884ccbb4550f222e651728451cddb9a941d7d9a39786ddfe4a57d049dc82780c6bcf376d3e98547ecc4808fc7ed32ed47a9

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\hyph-und-ethi.hyb

Filesize
3KB

MD5
4aa9b2c0c9ccde5140d01dc6502242bb

SHA1
d1759e8a62a42a72529adf9bc73820bf32f2a37b

SHA256
1de83cb787dfaf53fb7e6e8db3aae5008ad24ebdd28be02031306ea9e9f3e285

SHA512
1b456301d814810e857e8a0c426e703a802febb5c3dfd8d0e5c58aeefc6c2d6f55c95830024c243d2bfbb8322ef72e9ff959cdc7f92ae51bebe8b053d9cda1e5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2008059629\manifest.fingerprint

Filesize
66B

MD5
1d09a9a5e62b846125cd7b929cccbe44

SHA1
5271237c4d13f7735689a5acc52e48c491669aa3

SHA256
1703e4e777b285aba435e71256890a5fe92d24cb01e0eefd03baddca228eee2f

SHA512
cd2a2acc126ac6a7dcc81088047c894a427a44c5caa96003c1f3521beac3b46c117f0794e564838de14a18a3f65cb7988ba86b404e690ec77a57518247c03fbb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2013326011\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Filtering Rules-AA

Filesize
404KB

MD5
0c692f6db49c8f21392d3365bfc88be9

SHA1
9073d1a2d99e0d0df90d995d60fd096b30f6b585

SHA256
d36eb7f3da47d7cd92f7bbec4314cdd30b58197cd898b13f11729febbd3f75f2

SHA512
2f8e22ca83e9bd5a963dd2f9a00e1ed2faa9d5a3c07efa191ca4bf7c95f404cbabcbf1eeb8633a2270b8460319ce46791c063355368fc08d93442cc0e0250939

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-DE

Filesize
222KB

MD5
68a6f5d3e851f477b99c00e716b9640b

SHA1
1e805450597d71037995ff9bd63a18ad2c74d281

SHA256
cbab2692330b73e6dab4705e0ba5d9bc7829912b7c09eaf5c5f8e6c5e219e2dd

SHA512
b06888174d81a40ad200113186415a7daf207723f5d704160c1c74087192e9a9652bf6b69c58fa927a9e66af35e993f1941352e96403f673ee7e686d8eb4e06e

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-ES

Filesize
154KB

MD5
4bd0ec01b325a901ca95d03dcb3d0b78

SHA1
3fed6b3ba95cd4b39744a5e6ad7970d5bfe18ec7

SHA256
f47f8980472678dd2caf6c728411ea4a2611c2eed99938ccf4a158296c0a0830

SHA512
28d8f704e4ef7fd4b13938c7c05f50c0e3b92c2753245e363fbe07abb8bd6b96fbacf864f1390031e86d0592034e03e90582fb9910d80b46c6cc3b0282ba6d58

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-FR

Filesize
748KB

MD5
98df506badc34592073fef20e10b9202

SHA1
9c6084e2f72f8de086f34f749c6f478615a61072

SHA256
c875167cbb5484ecbb6974c6b2b70fa4b28e57c58588964a737605016077ab2e

SHA512
45cc8f5a08b75245840c22777e20702884c9d52a3dcb3a6c70a18b6213ea1df407db0f5d8b1bb63e5a99077b210cbe235e6955486268ded1cdc9a20595dbd633

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-IT

Filesize
498KB

MD5
cf12499d6fb872304778c2d047996675

SHA1
36e442007ec991986b4a8ab67bfe39abaa58117e

SHA256
39a9601eb6c69437ab63ff48bb96d63ae38846d99ef954491bcc803e7cfe6e6a

SHA512
ff914da7d35b91d16d411af54b2adcb3ecb140451dd6763f5c847f8e009bfc4440498a02068e7aa2976c06ef089525204dc5698d2247584378b0cd5bc7457c01

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-NL

Filesize
50KB

MD5
307ce3a96ec04053472ffcf0e240fea4

SHA1
4c4ed7097641efd298f68b6bb5e4aa7c16d6754c

SHA256
9300c145e737397b404d877ba0e909ed687e8b7add82a6f3b9f3cb9931e0e25b

SHA512
3e98d66a43650289eafdd6c4c76e1da66eb042882f2979b8e774e0df81510bfa7678cf8b4755829c22c258e25136dfd405bd21e5c40973086247408848051955

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-RU

Filesize
1.2MB

MD5
5797422ea1700f6036c4bed4384877d9

SHA1
1201305e19faf6311a228b6baa2052ebefa9c4f2

SHA256
daa8547f1dbc8c994eed3725f3076aaf6c4e298b963fb712e53eb0fa2dc1e789

SHA512
f85858ad292ef9e5d4fb6ea9e67f731b4a5fe3b823c2f156ecd109650d9de577873797bfd6d01da37a2baa2e05add60d387821254dc31eab54f4e526895bc83d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\Part-ZH

Filesize
839KB

MD5
35488dda885a4de38b56edd487f1ed51

SHA1
3c85fa1afaf24064437abfd72530aa1e675d58c9

SHA256
04ee35c1660783cc17d89b80d5bb76c9c92a4e052d52b2e4cab00897d9c5655b

SHA512
0072570e9cbd6ed811bc22df5c664a152f1c3322f08b43ca9df6daceecb64614198f5600c964f1abd7890d3e811c57dba54bbed763c12d3e245bf7db5dd4d898

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\adblock_snippet.js

Filesize
2KB

MD5
f5c93c471485f4b9ab45260518c30267

SHA1
ee6e09fb23b6f3f402e409a2272521fdd7ad89ed

SHA256
9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690

SHA512
e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2067118701\manifest.fingerprint

Filesize
66B

MD5
2596b3b177322eaeeab4c735348b2385

SHA1
b563fe1496d5d2b336f310288604d5c1314c7bbd

SHA256
b406602a37dfb0408ade2a6d84071a70d3b040c15902da60dafbfa818370669f

SHA512
258ced5170edb34b83cc97a04ced98299c5cfad838989ce7dcb32bf8e93e5d1ae8b15eed71346a323075f4077743a6db22cb26ea00a40720134a60ab4013e955

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_2124458541\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_22084569\Microsoft.CognitiveServices.Speech.core.dll

Filesize
2.6MB

MD5
0ee2b50c85a110689352fccfa77b5b18

SHA1
d9ecc4b12d2d50e3cbce40e75edad804c9988b25

SHA256
62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e

SHA512
a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_22084569\manifest.fingerprint

Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_520078968\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_847457546\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3176_909632487\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_1362863616\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_1443947071\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_1472380687\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_1472380687\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_1708241354\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_2100052835\manifest.fingerprint

Filesize
66B

MD5
fc16725ad2526b42e9970864e7362389

SHA1
6cdf46feb879c7b758660eced4b945347e0ed3f3

SHA256
c8234a504880936a0ed783f171dbed1ea8d79074f915ed51a5191021d11115ef

SHA512
2c33163a4ba446544e2eff16649e67ff20471fba7d359297cb1d974af53fcf76ac0ab1811535f4ee1df66739d2a47c6090566f0fa48e486c40f97a4c98908cc0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_684585091\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_684585091\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_684585091\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_684585091\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_776053366\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_943672460\_metadata\verified_contents.json

Filesize
1KB

MD5
28706ad42e4c615a683c2494bc0bd2af

SHA1
6b0465b3d5e85a3ea76c646ba8652c4dc0248dc0

SHA256
709bbb3e3a17e2b7bbf9f4afdcf465312695342ce4eb203df284233eacee086f

SHA512
e95da92f1ad5f56ef61a5992a1b465d46f36eff1fc85643cc5ab3f357b6f14d81a5b5590d0e18d4da5fcc3ac537a469fd0c15b116a3471536707a9716119fa5f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5032_943672460\manifest.fingerprint

Filesize
66B

MD5
5ddbc1878fe757e9fb5be515f8f95864

SHA1
fa7d42b5adf36a370a95a0abaa20c6094b2b47f8

SHA256
a0b13e5ecb7638ffd1e054301fef148b47ea17bc528779c56d77d4e7a6152983

SHA512
ae2a76a48c46a90085a46cf03eca6576ccfdff6d76c64f095c2d657641c73054581b3e8c8738d751f2f8465fe6a2298e01188f807175fd7f4d1995078c7bc1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
0165c248a80cf2576e7268c285bf2d7b

SHA1
b385c8cf886ab304c9cd8b3bd277d889505c323f

SHA256
9941168786810044b4397d3a07ccda82ab86d5f004a2690f41da79c720c49cf5

SHA512
a738adb97fc402309ea37da1f2dcf11b802575aeebbd415a4eb6e1711511f9b341091b1540178fdca2651c38ac1b15a77d743d6b1eccaa89fd0d6a662aa731c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
4db38e6202869899173fc5d26fc33082

SHA1
55b7dcf0a78cc8585f40025cf032072dbb2cca05

SHA256
5948221bb94b0f4cca27dd874cc1049ab06047fe0c07950d75d8ecc681870272

SHA512
a24751d85fc12ab7b327c3fba60d9e20f3b6dc06ffdcb21992f1a44db11994d6df5d621c9bdb231eacd96bb80b6df63e719e857968f9037e16e6817ec53e91ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
357B

MD5
286bdb7e6c2b288992dd32314b433937

SHA1
dfc2bd328087360dd51e4344922ec6a84461a7e6

SHA256
e32df492f626783d48fffb3df0ca6e1fb15e34df5985186cb1a3cd710445de38

SHA512
3d369d7cf54b516fa6f362546134a422481017c607d2a1d698610252d5f0e2091d7b9c217d3b449e3a30a83905aadd3e185b608d83f65352988928ec0c4db810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

Filesize
268B

MD5
aaad69ed7d4c5d8afb6f9adfc4366cd4

SHA1
bccb868ec5fddc1a0f8d7e480a860bf7c94d65ed

SHA256
c1695939df037b82c69e69c8b5191bd63bf765f2dccaaa1540bcc3ef31a15562

SHA512
46d9b8baaedaf9f2cc303e00aee0b43b0ddc5ebfb71dbaa33104b56a2ce5604d82e84b3557d2c7e116ab414c35ef270d0166299031db7ac6c970e723e2140d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
100KB

MD5
80b5b90c4f3c45f46d57b5e1bce1e629

SHA1
367e3928b8c501a0827fd1b56083824932e9dfce

SHA256
f8f5766093e3c09b37b085fe81a7d8307c69b34710794143efe460ae62bafb2b

SHA512
395fe714443f48f04896aaabb79d852a79e6ae948fbdf1678505be724c0efd172043b36feb8716d9882585a47d23746f2dfb1cfbb18149ab9e71310ba0b055e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
110KB

MD5
856a44c7e5f305d914f73151e46348f1

SHA1
ef7198fffde31f348f41c1fce450f7c83f2724d4

SHA256
f576eb2ecc60fe36e8222e836af2b7a7fc0e2f757159e970631eb2e496b0411d

SHA512
c429e91a2cc420bede1768600604b9e3695d0f29640da2880ba9c2cd528fad536b63e40e142c48275b21c3607ea3e5677eee2c2c4332c894ff70687069dafbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
58KB

MD5
5313806e719f4c6fe252b715836cdac2

SHA1
8eb1173f9a7ef0290f096b82b0355ed7e8db3a58

SHA256
8b97b7c3416d2cf305778de38fb6fdfa6715e88fb97589f0fa4853cfa42b572f

SHA512
72346e08d45e6b4b8d4cc5a108e7b9428da4516b060843edb36ffccc068dd471fabaff5fdff6be1efc17257cd4891c4326bb97bee00cae076bc054677943bb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
19KB

MD5
3b25fbd9be0594e7d5dd630003ef4194

SHA1
73d1b16b7b95ec2907407f06c3f353497e29a362

SHA256
0ab699ef1483cd423e0880e48701eb0f38d8d250a4f7e63262a5a10e587f6df1

SHA512
137ca7a8f12319721e9ad5a729c14c14cd560abad62366fe47d2742ed30e9dcf5f3a3c1c5607deee579ba9407ce5b5c1c737bc74e07e64dee65e1fc2ab8b0615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
76KB

MD5
c99f966767a99c2971aaad4890f0d323

SHA1
d6dd4e0199e653bd6663c5203dc3889e9b6c0baa

SHA256
ad5f0de938a628df6b0de66005e92497bb39c09fb8491ea7fc4d5afd600262e2

SHA512
02475dacf307541c4e2801b2e849585d4210990fff97bf5afe9f44f5ee46ae8ba21152295cd8baeeecba3005250d81e7d280007f0b8f57f77247a3e2588b7c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
162KB

MD5
81fc396200d9c54fb9bb42e614ddccd1

SHA1
87392dd21772488be23c56c63e7ef9dc39cb7569

SHA256
493b8963af27c9d694e33dfedfb8b9b9fe41e57085c0a4a95f3035f1908bacc1

SHA512
369057706015158c31a5f75cac50ce44dc5a71a52f3d1622d6b8e6f9e2e6a517bcf29a9a342a4189fc8a8ea6c7903fc377571f5fdeb8b472f9e89791ea2c09df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
128KB

MD5
e729e8699547cb5bfb4f424406b8f551

SHA1
5ab8f998ba9fc47a60c1af131c29bc9f6b656b53

SHA256
8b584c48779d727e3638c8922aa47b1413d8906130bd3c480dbe0774186d2915

SHA512
027438641482b3deb4c3ef779542f0ea5c1a97fa90a24523b645b9d53ff13e03da89a102f6edff4752d0a0b517cb131f3a8c7a4f54fe20f23ead8d357ad970bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
128KB

MD5
1f7e88f5b8888cb31bff7fe3865ea33d

SHA1
1e867c7cd3d600e1509c8ddeb5d2404045c823e7

SHA256
57f9196e28aef265bf9a88f39b71275b40cab35ac0fe03b2fa0621f96411206e

SHA512
733e5bffa45b1f1d3521d8c4ed862ab0af177f0e42392bd7ef26f3a5cee57f3065a0eb66ece9493178431f1cdb09d2a6b31679fffa69f9c25655f3f341be1885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
128KB

MD5
850de9aea95ade483d7a878b4e00f847

SHA1
40f4982370a6f9793e469a5fbdc5c273880149a0

SHA256
5da6ed93059933b7aaaf811fe84cdd98b952e2b08ff08050e5d914f30185fce7

SHA512
351788e6b2c22c40f007c7d17ce225dddcaa3efaf3a7cc4ee815fb70412157b067d22fde0905710e463ed431540f697aefad1030375934ff533ec473a5f397fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
24KB

MD5
f1d5692995bb621ce17612e4fe94e067

SHA1
c02abebac830857527d9d45a02b3b3228849dfa2

SHA256
94a89fb201ebc0cea5b5af258e311033c6deae9439c2acb0525c6dca89d9acb0

SHA512
07f00b41fe124362d164505b239568e75c77a5a23dcc8a3cc5d78056f75196881768cf149c8133ff0677118cb8b3beb48044ac6500336beeb26cb935afd4c90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d5

Filesize
105KB

MD5
da7fcae4308766368611b35916374158

SHA1
05a209260fd46aa423fc8dc987f4b1730efd82af

SHA256
6caaf6eb26118dd3e9fec44d6c8aa9158817d6599a15dc4d8329aac4bc9dad19

SHA512
c4d3c326b530f2f8fbc2367fadd36a3960435c7b00113a211cd001f3d9f4ac08fc58e8f26063869c37f425abcc8a7e68343ed9b96a90471aaf72658555173b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000117

Filesize
43KB

MD5
bfef1c88c7a2462d08b6930531953552

SHA1
6392a0f160eb73330bebd4c324535445e0783231

SHA256
5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b

SHA512
339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bfec943a3f59f2f393357e5a41a79109

SHA1
e0d52b65eeaf7351105f523684d5c00b5e3ed8ac

SHA256
fc4178413772bf94c7d783f07e5855c7de0ef5b31822d5f34bc29a03993859aa

SHA512
5d454d12680521a7c699e2548609da9e2c09b95db335b66fd8c2d10e307b6cafd4ebf46b57cf9f86003b1990e8fe55236876aef89822bce009b6464d02843526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
80c43c8973b2744642971a4a01873afd

SHA1
66476aaac55721092764cd848220b6d5461c6e8f

SHA256
af47981a04509a61a3941008e4e6d1f297d16217cc48b2363f8a8e1dee73d621

SHA512
963045d46b8855840278250dec5bfc3b5825a0b024b557bae8f47f107bb928f0011826b3f3416bfb2186d6b3e728cc193a5e2707f25785df2ab2d3f6640ea1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
e24e2c4de9f1a35cb696eddf4a14d847

SHA1
830891b7cd08b8cf5078c75b84f11a7481cf5fa6

SHA256
aaa76ffcbe6c55f35e6f93b7ff44fec61018599326c516b2dbb294b64b754525

SHA512
92a72f38e6d33d395de0e63c7c08b6a3b22db962746a11bdcb8edc550f480c799138e44338141ee5efcfa2ff652e9e2fe7b9ad1b6a461192f21cbda2bd77287a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5864ef.TMP

Filesize
2KB

MD5
ae5d695d3f63b7aa352eb2c1a5185b4d

SHA1
db171366197a6897030f707ad2f28b1a4e74eec1

SHA256
f914acd00785676a1212fc0891f46b7cc8078d877dddf86f21278e387e4067bb

SHA512
51a9f6d8152fb31476024d761a701c98c4ec5c0afb4c42ac449c9b4ec7c52a41eb03684a284320d0bbfe2e4fec813336a4ff6c362e2057542ac3c9c88b02c460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG

Filesize
711B

MD5
e8a1352a98b8f8646fc4bba4c0bf1ccd

SHA1
569e69b68cd1dc5a6cddc1769549d3f0be227dd7

SHA256
dd9215d9e2dfecdb514773bf485f2baf42d2fd46f3042d4dfd583f3435b6acec

SHA512
a173ac44a0b1c3433c0d2ab6acf58dba7da1d26e585bbae0112b6cf15e7a42ed431545a7615dfc1389f4ee83a38f947d20fc71da5194d88fc524a5e63e5bf6a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
45c56c8930f35c945ec429a4d354558e

SHA1
797198365df1cb09ba66a3080ccdeb836346ede2

SHA256
67b181731d4f92e7879d68d44be2fe42234cd68e28e21f41df1092a0f6879257

SHA512
3392232e4c36f71cf3b0f4b1a3acd9637a8b07486ea78edabe6303ca14a2980f37ac37e97b64268c173214d555602cde195393290554d89f069ad34a35dab07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4b0d735a550910445a42029b2cd937f7

SHA1
8a25dcf77c45b3066451287af215fad11fb97f35

SHA256
7272dbb505ee9b35d70300915de955aea6be29eeb6efe275cd6a7fc9bf6717ea

SHA512
84e56a13dc09b633613ba9830e866d50b685e39ef50b8709ca59c2317630d76f8a35584ac13289e3f0d315db1abe2f4ed22b3f8732e7fb791948438d49431c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c8aa74c825571747a04b47c0e82f5545

SHA1
24d47a5bab58bbd481a6bd51c897e65140976eff

SHA256
85b48a5f6ea36e319315a31d168020614dc0b1ae72aadc93eccd6180b2de48f7

SHA512
6f263cefaabe281aad5c06ca72632d0f3afb0f936bee1683dc22c482ee67b29546eef77626ed54457d364f705ec15acc72b006f5fbdb2461b37e6a4ed5d17dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
beecb2a4ecba6c17448458998720f86b

SHA1
4be5047c5f466e1b30bfa7313ce48eb57459ba0c

SHA256
4a8274ca170be673fa133fb957a9322bc49d6ddcb0a857a6faf89213361d3cf6

SHA512
eaf76e7245502616b155aceed71cecf62d54d3a30ba1f97193adddf27f052e265878202f7915cd6547c099b8c39be25d509a3e26ca00372727adbc0305cc708e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
74e182d29ca00aa12003e23ce19f00cd

SHA1
80fa9374742614312ab0a7192936398c563a72d9

SHA256
2549f1a81b06b87873b483e2816fe2fae422b23d59750ce964c352903224fba8

SHA512
f9b4fca9b6558250340837d6ced6f1262f32a9b46514e069394eeb453bf19bd06da355f1f9f11e31210983468937db2586f24d099ec3b9c99c8a7f9866a448f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
09717a516ea0cdcd48adcf29e646247f

SHA1
c01cc60b60c7deb6b31f6552d1fa02c8138bba49

SHA256
fdd5601a6522ef690eb92595bedfcdb823fde762e9ca27a1034ad25e61f0793c

SHA512
876120d181f25fd3bbbad7926cc741da4bbfaf948cdff51d4a5f049f34d3643584dcad5412242b5278a3d74e322524cb0690773aca816109ffe84115e2d68f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d27612074e40b6376dc2e31ed5cbc4c5

SHA1
3af4802ba24751e8b83b11c3bd3290cc9b6d7738

SHA256
f28ff5db1e555a9c1ba6ae7088bdfcbdb5f694d2f065384d754331925c65b1cf

SHA512
29620e12b4a168bd60605206f984b36992a17ec3e416ddae295bfa767218a44a9b0b22f76e211259abef8daf7db2770ad632fbaa561d0064b122b40ea6ad0427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
648f92d9201bb67cf59a2cc7f696dbee

SHA1
53a7cb63ebbcf0a5ec0e6f68c27d5d5ac17d556b

SHA256
957af4c621e7df08c6bf3bb0fdb165199a0ec445e9d41e9fd1539a2cd2a71fab

SHA512
992fe219c9fa4ba6aa0316a9066dd8603943338f6952e4f4aa7d69fabb3c11fa745e4ebb21be4d0b4da785891b00e5c2194c46b7b6d1b20fd7acd9bc8c5fbca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
a5b3dd0df3775d3f4509bed8d7f359e7

SHA1
1fddbcbaaadbb96ce39bd6f0c707a42493b1f1bf

SHA256
3e76aca5fa3b06f0c55f08f3d78debe205c405a076663c1b2d620233dea7cbc3

SHA512
52f8bd173ed8d9f04d4fc4ac3eba3cb56358a3054c4908b1bbff639ca4ca9ce37f542b08ccd45951d3ac150a4ffcb25c619bc4ac1609b45b8580a80f33226a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0fcc531af9baf225258a42946d3c489d

SHA1
90092853fdce27f5993883b8dd1702fd5de3b562

SHA256
6d080e4d758cda69672703a4c840d89f61c986dffcaae5c176c6f4fa2316b400

SHA512
4c8b67f2170af85e5eb8b015670c0e9a99466741ff5f4ffa5cfc60f378fd99fa90ffddbdaae26ff52341672d310f4da3aebf77c306e9cde1832145fca7595152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
48f22205072505cf1514fce7d0ad0d79

SHA1
b602af51dab717bd6f53f2d31d1029b2dd2f4f86

SHA256
ac55b0e69f771546cff7e66831596f54a02c11cf1222bdcd694635f1d09848ce

SHA512
78d3bfb4df0e028594c4f09b61f58d6e5019afd142592bbcbbbcbbe733f8d53b4c8443dc160c9cbc554c31f4fb4a85aaf820e6635d0045e8ffa6d52c6d770267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0664cb19-ad22-4ed4-b2cd-7c7d2d8a1310\ee91b116cc2005be_0

Filesize
56KB

MD5
ac8b0d370a0e866c84ab5117eff94260

SHA1
c01cdfe598f5719de70a899299fadd9f2312e13f

SHA256
0548f55b4ac63a9ac32416b1c4261d9e1775830d60d37ce1babe23394bea8a24

SHA512
7c8eedcc937685dfcfaf0383743014882a3db94ee1258ebec12aa4a622895932cbe290cd77dbafd2d5a0206164f11c41df07259c22a7f72ecda2a38b37bfe740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0664cb19-ad22-4ed4-b2cd-7c7d2d8a1310\index-dir\the-real-index

Filesize
72B

MD5
c2dfb26c1c573634c1a72f4a9f4c8999

SHA1
49b4ecde4bd1baf32c90dba4972bde216f89cb09

SHA256
b84b97f813e203fb1e613587c1920c29b03fae59261fa2494f73c1390cfbc75a

SHA512
d879e90df05de272fb08bfe775e0b4956c580e8d7c63fe463311f7492692aa32ef90a7dc55f28892ba09fc9974d88c27a296efa44b2b8bfc925d75366fd91a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0664cb19-ad22-4ed4-b2cd-7c7d2d8a1310\index-dir\the-real-index

Filesize
72B

MD5
b2b4b40050eba05891f9fcfb4549cafc

SHA1
88637172b174cdab6c502918360c766b4c51d50d

SHA256
35d7fa2e0e22cde2ccad334fb9ff6370a11b358a2fb2ba03d4c601407ee6f7be

SHA512
58b321d2f5873bf80f27fa78f16760d765a9c16814907629886ecc8eb6b2ceb687a13099644bbf50157ade76b6b3bbd3bd52c9112c24711dbdd3c6e1aba18b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\0664cb19-ad22-4ed4-b2cd-7c7d2d8a1310\index-dir\the-real-index

Filesize
72B

MD5
a5fef7772afb2fb79be4be879fc7d425

SHA1
2463f726942fa289a1250b88d7ffec2e20c6a49f

SHA256
4684b0e1e1b7b4eac3908150fefae62c298b1e5ac4e5b11f2d904807b805b681

SHA512
2b39af91490b7d8407ee0c28d7e0559715668ff72ceacec26e7c885aebab10035d907e5127b767bea7bde4198d81aa0554616f7465efc9a5268d9d1c206575a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6d75855c-9e50-4015-88d4-daa5005d711b\index-dir\the-real-index

Filesize
72B

MD5
ff8661c2a29aea23f82ac3aad88859d7

SHA1
f9351aea209cee6f3a7dc0867ac5d60e9ce69d22

SHA256
6a1d4f57f10a7faefd3f34af3a3dd1c452508091e2f35a6110a45bc433d8f579

SHA512
8ee73cd91beaba2de16ef568c0c411c4eab44f88d66b28a4277adc3fdfb15eca86d060ba481f56a2c337195f58460319cc06b6c01b21ee0cb39ecfa14589d276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6d75855c-9e50-4015-88d4-daa5005d711b\index-dir\the-real-index~RFe5a0773.TMP

Filesize
48B

MD5
2d5345e9cdb5437d654a00e98424928c

SHA1
32a1cd29eb23f890729baa0b409f6525d3234bef

SHA256
9dbbc667615b67e0009c46028053d1011aaa9c99e19704d554821c461b44ecea

SHA512
3f4c2b7c4cac05680a66055be25ffbb289a7dfc71d09cf5a74387bde8d40e2224ea743aabd84e79bb8b630042a01e578c7f0613127ca9b340cfa690b145c8445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b063b10c-aa74-40e9-8097-2e7a6b21975e\index-dir\the-real-index

Filesize
2KB

MD5
6cfb0f800b361fe1b4c118e1e4d61762

SHA1
c96ff07f27fe39b3df6c11e253d9d419edc8a3e3

SHA256
4da6bc1498e1dbb31ae164014c145b42f57a6e696d5162a8bb339a33dc03f37a

SHA512
0d11dfcac0fe65fcabc956850a75ee0ab7962c0645c92afc770f4c5161d271db2fd79ea8747fa45f53864027debe31a05f962c0fb80ec59f5ada72d2f8ff9f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b063b10c-aa74-40e9-8097-2e7a6b21975e\index-dir\the-real-index

Filesize
1KB

MD5
4d6d8bd92583dc24511c6bbb722de0b4

SHA1
fa38819dc4115678eb9503e56c8b49efc5ebc9de

SHA256
f7a5f67c957f6cb39bea4537a2f5ede9d7e6c2067d39f1089a6faa5ef18262da

SHA512
2eec992a39fdff2406109f7a760bd55aeb94163954971961150951fb900ba001dea06f927a02a51c8eaf9530354219e798ec05ed406f821886dc00033d35ede4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b063b10c-aa74-40e9-8097-2e7a6b21975e\index-dir\the-real-index~RFe57f397.TMP

Filesize
1KB

MD5
002b9bad143397399465d4cf0faf463c

SHA1
69ea756344c426bb517fc300add580422140d9d4

SHA256
f458e0782266bef8fe7e177e2b3de3ab05453ff07c133a4966f59d5f802d3bea

SHA512
5b13d7895e5abdd3339ace6e5d68eef006197cf9a18589b6656f76575e213260fe9d6f616d4e18fc68641162d7877a9d7560aca8b3fa320bb90483afba470abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b90a9dce-b22a-4b5b-8760-65ac93bf0dcf\index-dir\the-real-index

Filesize
72B

MD5
5072ec62fd33b5d7c905ba212ccbd031

SHA1
5f7724d14e3baee71a4500c38dbd77688c1215ce

SHA256
4ae9009f5a28824a77ad61cfbee87bef50851ffd337dcc91cd66e7708411e183

SHA512
f54d0ddb39e3848be7c13140b77546bd66f8b510859ba5346c32d5a5474b2ad1a0871e4c7e7f33b821b535aeda1af5f76f1ec4eb7276592ae074c3667701e30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
a0a862940270bbe72844a8cab6990d6c

SHA1
45686bde20bc6775a852c14bfed793766d9084bd

SHA256
86bf5243c536d52ac46a4fc99b7c7eed77572460ec20c3ead19169977339ebd1

SHA512
9fc9e541895dfd14151b9e04ddbce09b866ee3e234225612569745b5e153e76edc2d79ab36175ed0a926bc8a27e6e5b475df3540b1880408548a52575ad4e108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
bb4d74a11db22d48cfe89da5852d583a

SHA1
27e340b4735d81eb90802002130d9b3a7ff201af

SHA256
983dc575a485be12a764f7fd33097edd6e16315c20aa7adcad7b941389b68a42

SHA512
fb287a9c0cd6bb0522bd0d71f92ed4489c6ecf90cad80e4fdd62c707337f77c0e5f8e7df7b8d3c5c33a3884f00e9137691d5d58363116a3133efa5d04ae1f5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
1c7bf0decaf5a1fe37548a690e1ae2ac

SHA1
bd31a1160479b91c766c41c0e58c85a88ff9e7b7

SHA256
1285c504e9f996d0493bb798a2bf22c0b6fae01c402d86e3c3cdbc722c3c1cd1

SHA512
7db619626fd862c16943f7eca8f5b6dc8a3477737e675c41fcf23a0ef6b99dd2464b310eb83b8d7f9c9d13e6d939b25931b1d0a1af8d52bc293e5756fe5584d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fc2966d9d91e78da7b22f5e9cc336c1a

SHA1
8cb16ccb8edd8e295756ca804de6557e88878b36

SHA256
258f4a05559893f428c3c38ad0edab664541f4c0464267d0f3bc356c089e2cdd

SHA512
5bf0a1e7ce60d0e080faa99c37ab653783cbc4509495911cae25751ec09f5fa3c82cc7493b202eb2c33845e4cbcad9e9954714a7856b10ce1b414ae3668dbf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584ac0.TMP

Filesize
48B

MD5
29f2960f5804b6cbb79246393f0a73ba

SHA1
4daf14aeffbfd4aad49dda601222aef7c6e2f339

SHA256
6214882f20e8f6df836ac1b615005457f67ff52693692e63a76d363c64ad5346

SHA512
8ddfe7c8ff357010937ea9e83efc5ded17044c7befcad53a94ba2b40adadb56493416fec34f17ba9532f9840c77213a6cc224a4a4c3220f3bd68e83e86fcf95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
f7fa0e75025a3e574d65a3e42a5c1590

SHA1
77b3a122936de94af430ce53756f581a9bcc0e9c

SHA256
be428eb57d205ed744eb0c3d9d9738120980209ac40820a2b6ec02bfae2a4d3a

SHA512
894610127d5ba922f9ef468fe119e0df8868603ac525f40c998bef2d6321e4abeaacf53bf67ee24fa4198507519a60c54e3ada69eaee2cfdaced8e812fdb8991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\90725bf0-018a-4e51-8ec9-db029268cbd8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
94B

MD5
cc5215204b9000a990b4ca6a06fa3513

SHA1
4736218add7a44f165e576faa4cf705c56ac5d37

SHA256
e978c11ee9cc041b0d4b3325066d6cd6a7ae12cb553c454f96ba10e0209561d2

SHA512
530436a5e8817c17265c6fde68ff8b773a3b008bb60887f600f47ade48365da197e27697c11f80c3b807614b2d374faf6d1d90c0d702519feec1d675a7a0fa1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe5a4334.TMP

Filesize
158B

MD5
291a369150701b7533ec927df80c33dd

SHA1
200e8c9a8bc19d48114e4382dfec05082a561c86

SHA256
783ed90840a71d69704751fd59205ff5163f2fa76f20345b37866bbd36c5d99c

SHA512
84586de96e3586599482b8e22207b8a916ab57bc16e1ac91d5a0c005a9e015c35df7ca80f1875b5c42872ba6c8da6d9e77d10a4812aa493661794e6145054a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
56530df5f20a1e5a0e5e25aedaba676b

SHA1
b1a63b4a3ed0565645a2a7fb9be88be33168a554

SHA256
21aab25dabccc72d6d771d5d4d1a39eff70f3a40d8b658bcccd67c13d2cc7367

SHA512
db6cef2031357b3c31dc075c2bb70811898f0661032de650bd06b164f399bdad3493cee281ba349452529595b001075685b10e641c24878baa32fe1e8845e115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
4ecec3e6e9d419544c46164e6cc47519

SHA1
0542436b05d7a1ae035c15a3df2fec1ae6a4b7c6

SHA256
ae9ae609be9916b4fe5a262615c65cbc7746133102b0016542d3f003cfa1b44b

SHA512
fb36cd4d695934d385a7602b47d39cf3f31296d70893eea52c5f00ecfdb5634b71a5283b263cba9621ac48d05a6a2cbf4e405f272bf383b2a77ef6a2a53a7306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
ea88cb2cbe3eeef17b14c27e4eb7cb11

SHA1
c16cb72aedeff05d65a334a3c48f6d6e117cd510

SHA256
656fed26873e603a19241986ce7ae66b3d9657f3d5fff3dc635708933fb18b3a

SHA512
ccfce164cd0952afdf6bbe705e19cb4ca7e914f9c5d75e6e877cd2f969a8b7b6cf99365acaf6eb4cd6cfc09ea2a6ecb4443d7fb875ac8c4b291dde36b6beb73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
95f89ebd318c1d218a44a42e7ff11ea1

SHA1
1ceca9904156cabb7ea4418e116f70fb6d3a02d1

SHA256
d66973f1a6bd2d90e55127c550dae6b3202982654351d2c2d72894c4cef467ee

SHA512
e3a64432af43533f0c4482497621a0400aea84c5c2c17303d76b57e65de7bdbeeaa5c665bab52fcc9086e4dec60bf16e087700faf023abe7c054e6f38988da03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
600931ee3ad8c7b668725614a99cf362

SHA1
53d8e3dcab715a364f9455c879926a2345f614e2

SHA256
46dee32bf669e490bdae7094e7a5b25c9eab419150df0ab14939f243eb30d01c

SHA512
9cca93ff497fc2fed5395aa3eebe36f20725b7018159270eb97b1c4dafbf028f0ab7689167258410da57bdbcee11e471c879fa56190406093481f8d3a9680803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
51KB

MD5
7d62c45d82c87ea7e5d0a9ebb2329c5f

SHA1
4024018816578caabb32774099bcd53dd766e16b

SHA256
238d05acd717d333dfbfc7b797e5e96a5422f2278bfa5aa38748dba5e8b1857b

SHA512
404b7b4e7380a5f33233ba6d58c95c96bac89f6a3d5bf3cd5f4bcd94bf947b3702e9ee01692401e99bdeff0248782e1273138fcbc22163c7db513489892fc0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e8752dd8e27b2bc1ea1faae1df89566e

SHA1
8f90c7bb4626ab20eea1c9a4af2d3b117b301380

SHA256
38d3312d476a20736bac00149aba0da414453ae797344dd749aa7f61b6d7e6cb

SHA512
d041e113021a3e810855a1bdeeab53d653e49d9bdd1f410c289b1949cbb2c87e84f2563274d8f8831a49e5cff1d3cd2c4bf7aca6ba0fa684fe0d4191ebc7bbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a56090248d5aa6612d3e63a586bccbb3

SHA1
20dd9bfc4bf2704adbc504713608c45b19f84e59

SHA256
3052101832b8653364df21c323d9a2bfffb66513bca3d9e316c61f96c38bbbdd

SHA512
abc52fbeb9789f762a908b753de2a3e195a2c2138e4a1e87f8cbb40683eb3b21125f25ef5492fe517a99e90034befa2bac77bfb091d023efb47ac3561fa5b102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
6a3ed2c81a3f2f31f63127c53ace2614

SHA1
e9a7585bb8f8dc3b426a3f55f7f072d091d2cddc

SHA256
97fe81ad6e7b92c3c2f7d21af74ebc98850eb5df6283ef8642a0c53511f91743

SHA512
430b46ed5d3324bcbbed53e9bbb924cd00513ce1dd5fc935346c164b8bdf0f30fa1bc79ff419c3fa2307f172b8d2a936cc6142f7ee6a1948b6b7d4af3c4edfcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
5354086236393105148134eed9d31cba

SHA1
4b1ebf3c6322d54e78606fadb801c169655f7d31

SHA256
d4a4bbd0d2755f83e609307f655298f8e766372f7685c5113ece3f454eafd9da

SHA512
db4a6cffdd8acf052705535634d29339bc9eea0045a45323b8db0ba1e931fa5011eca03c84baa25cea212753d6c089c62279e359e7f3f3a735604324f1c3cab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
44baf4a54aa7b04847c9ed884ed00000

SHA1
3a5832b1c4a1bbec9876178b4c62392a8cbc213c

SHA256
7775a0afbeae4a6d70715135751f16bb0bafff01bec2762e2c358c5f9346746c

SHA512
3a81ebb391f45f0b4b33944c062c4e034967791ac957014155735996aff697b6434123d40ddfc0a9219d00d23c775b1c89d53152ae6202ba7298d030f7636440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
828bf0a02905be01d19e56ae694ecda2

SHA1
8e2ffbd80898b53cd50fdf746d8632dc9f22a827

SHA256
c4c591c72881a5bd83949a7e7476b3067c74dfdd4efc3cca6e28b1e9bfeed477

SHA512
9fd8eba7e17a1f7321562fb3c6e9ea35d651d05cc983ce10ee7729bd39aa3a62a58abe446b5137a69b234c2e8c3251319c8ea1d5b501d8d7790f480c1e427658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
6e86870e6b6a0f008458a42686fdab9f

SHA1
d7b3639be3bcea9f7a43d1436e0e87a8c966a45d

SHA256
cd69ced9b0598082f5007bdffb00fa27c7ae430715593f7db39d12f9483b68b7

SHA512
2ee46f40e37f8ab576d892eaa543030218c8ee7be9ee1570bb4697a2722bbfb991d703843b1ec6ff4b7fc6fac090f41ae36b4309be8df79d7d06de8c7a987965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe59b53d.TMP

Filesize
392B

MD5
0bf5a0a91a88c18d6d4f4afe6aa43f9a

SHA1
d269c0e08896aab03aeb422eaec137f528919a9b

SHA256
088ebe658eacc67cd9b37f54d0679506c23fb5f73bb19ae160819295aca7c801

SHA512
c57a84962c000258d991dfa723ac8043c8a9709916802b418d82c2e3fe13dbef2c08a7bb758bf9b731474331b5c56cc54d4edaf32688da7dea407387641e1957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
55237c01974b9b85c34a24a0e6212e4d

SHA1
6e37609d09859850a8d154be30aff342a9d8f41c

SHA256
3cc5389e2de4473a4d2b36b13aeb55c114570f338e3b0e8e2d08f032e7e11ecb

SHA512
316195b8c22a65ba1527d01ab02a1c9c3f6e7191d2cde6bf6b5c269a2da958439b113b69826b77235b4683b8b339501fe4463e2607c375ed2e3132ab3adaf8ac

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d3ce7ba8150c6b4ed1ad1212fd1c021a

Filesize
7.9MB

MD5
d3ce7ba8150c6b4ed1ad1212fd1c021a

SHA1
703ccb1beb53288f7d6da1294c5fd5a0e6e3a56a

SHA256
327f6d9ac087b0614239a9234981a015b09a108bdc0dd97a2ae72bb1ce6faa5f

SHA512
606d6a8bf1c51247f78b7a2ecff7027b08059814df54f40c461241cc9254d31df08d24f1f0b66570849ad84993baf7dce9c10e02f91071834ab8269e76e8ffa9

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\cacert.pem

Filesize
229KB

MD5
6ced45ae0fcb6620235271f2c6f41411

SHA1
1dda331561500204fe0d86a323c350b7a9470b52

SHA256
ad64cf840a0fce7924ac5f8a4f6900bfe73709a5a61031404a213ab563c286d8

SHA512
faf2565f9844b929aa1ed42e18368f9708bf41e062a40ba4dc8b5c4766e9859e011f2e1221343304547e0776a1eb976b2cb0e3e73529fd33da4da3908b501538

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8913724486d5e3c463c493b25346ca31

Filesize
64B

MD5
741720dfa465e17a94406a4d3f30c240

SHA1
86d090b9c25170fdbca811eac3a61db3b0a68faf

SHA256
3559a2a2aa043b67a13403ff3d1b74fa8a602da0e5574a492cbddc8e39f0eada

SHA512
c30a54a692d3ce9fad27184f17160af6907eaf341463591015aa9ea81f70aa781be75eb9a7a7fc484d1769ac05d8cb41cc01fb6821506d24bf38ebe8768b27d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\edg75BF.tmp

Filesize
28KB

MD5
583a92e3e37000f345e297ccf15e3c08

SHA1
76cee9bd8f27309c4af7aa52824a4d2eddb8f239

SHA256
82b24606ef96c7ee458df1be3e5a1ebc8714af9edeca19ac5b359d33a833eb3c

SHA512
42da33c01d3c7793ceb56f5c8a33f40a61a6ed6dfec437697e999443df5a3b6dbeaf9465bd7f18235c490c01ed87321628bb2bdf8a3eda6377488707d4ff35b6

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
8568b6f91e84a5e72b79336285e455a5

SHA1
25952e26a1de4e37ac1b333dbb752217041f6d8b

SHA256
1431b2c73147637e9a503e0e8fb3c0c9338f22ce2e4fd44a597b045a0875a7b0

SHA512
3fa249ec3b90b6d02b4a6ac53f4d2342555a46a5c32d1d1912ca3f37df3fc4d8ab37364c55718fd622ab663b776741d23438955abb3dde5c7e586d0d34383494

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
a8d0141407cf9ee8b24412b685edb73e

SHA1
752c65033d1de01f57130d973760e003681a3e98

SHA256
f3e65acfd4e475fcbcf7e02b461301212d84509dc542ff8c179997e7178e98a1

SHA512
4caf2693ea5bccd01fbf188ff22c6fbae304e84f64d03d43a498b99135816817c4a43aaea9a5fda373ef25d22022e0f8a233669ac248990bb3707df776d15fc2

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
4bcb3c730aeaf8b13cce6b918da170e6

SHA1
fb799dd373e540dbbccd9119b1905653f0299206

SHA256
4c64f62fac8fe878797c3d2bf54595a5e0dadbe8e8f16b128f3574247907db8d

SHA512
a2bb61e1f7f65a5f1d820730dec28a9e62460977ed28bd0f28d11d35564da36b748e2e876f6ab1b1b1e8b511e52cc3508bf0ca01de5e664fb0c92e2d07518c59

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b5c6d4213160d1e47e7a3294bbe94efc

SHA1
c31578868f2de53599bc07977fdd5b7c88a51d2c

SHA256
1dbf0c146c0f4ba47bce318e1fa211e6d3439e5b20c734e9dd7f585f479e5ac2

SHA512
e26c2cfb2250808dc918deb2ca4182c2318caadcbf9e9ddab768165c484d915026a65418e9183205eea5c0b42974e2dcd64f16030cbc7766d9b0b25432c5ffe3

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Network\Network Persistent State

Filesize
681B

MD5
771e9180ee14fa17a37962ee33b72931

SHA1
6bcdc64576ecf1028e745c97076f6ae95d2b450e

SHA256
4d33949631c04be58ec52a6425de0ee68e9ccf8c26c3f7cc3e86a633a84bff0f

SHA512
bbd62c5d8a1cf604575bf7d223ca35d81be34f6f5361e6994cf3e79ec43d979a4531d5639fb06dfa67e0207585199a5cabaa6073449be82663c54a13b24d46aa

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Network\Network Persistent State~RFe5a80da.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Preferences

Filesize
6KB

MD5
9949235f26982e667858ed943159be78

SHA1
5c4b1fc275ef0368445145897982fc183c4c9b26

SHA256
d644c3ab224872992bc116164c942b574d56d7f7917d055ce8b4f6751fd3a813

SHA512
3b104e5f6e63f3aba610d8452f32f51308030c394858dfd8b00e7f422e0177a4d616929b35f009bd7a753345685fa152f4dc5c159e103020b988a3f1d8e80388

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Preferences~RFe5a0958.TMP

Filesize
6KB

MD5
7258c73adbc4637ba224924966005431

SHA1
8861d77e912b86a207bd60c83b2f7014feb2bf41

SHA256
0e0f8e1ab7989684ca91f53e14ead3f61c8ae5acecc55c65677c108b92741df9

SHA512
90de0e430c992b2aead5eecc8e73b359997e0d7cb748419a6c72fea52b0fa3c9ff8c38227fd653f6a09bef60beb41fee146bc48e2f671d599d2774404d058754

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
1KB

MD5
6d23aeeaafd835c77b6c91265b5d8eb2

SHA1
2506760483c1a84f9a76854eac12b3ef0ea9638b

SHA256
7aaa1a6f362c403e1e3da54b1377eccd76863d998b06d5d3ceeeb775f4d177c6

SHA512
0794202fd7c7c346386ead8d2e2d079f5724f885b3a6bae59321282272783f7bce62c441a768b9d34c8e6bda7bd0cc36b94f840ccd47fd82f943ca5a3ae2a048

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
2KB

MD5
b28cda3812d8905f34888b5f054ee19c

SHA1
923b55f66b2053ae6fdd0c6f2034bde21262287e

SHA256
fb6eda77e1dcfa642f3849701eeedb7ba49b7c3cb2004c9fd7438da1656b9495

SHA512
0146c033cdc1da48397276b657af8c5261714af185ca61f3c4103ca61ab50592cb3b3052d57284b6562332d2576719f455713b6cfec70ca7e9b6108338fc3750

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
3KB

MD5
54a09b5a5cfcd29d9a7850bb536ab3f5

SHA1
b018c830f5bcbb3aad865df3da0ccff72782e9d9

SHA256
2f1a04a9f4c1341952b8b46e83be5e2291ca07c51087882bf243d0ed1a4fbffc

SHA512
5c832b15e5ce3b794fa10b31a49f497b563dfe3d870e1e7fc74d86ac3cc08706c3535febf9ec342a50fa57a495b2ad3e6f9e887bc640f977fb848d7b4f561327

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
19KB

MD5
160ba3cfee892f31d1b5ed7eb0e01641

SHA1
65316d7e7e06785cfb0087d62e48565e66de9623

SHA256
3816d93beb1296ec3775c786a43019a316ceb0bdbec8db8c39947c921ae6e97a

SHA512
693957419c64119f1ae573cfc38e601077840a0a00c1f5b9ee75c26cd94325ffd136fce442b332202375fe7c3dd778e1d699eb2248ed81325bc08bd41985b5f4

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
16KB

MD5
fd5cc312472d94311721b6fdb996bd98

SHA1
0dc729ef0102bcfb28264962836793ad64c7c386

SHA256
76124bba72624417289ed1f2dede4d369200838d138b6b8bebbe749bec20452c

SHA512
5a5ad6fd839e00e4b8d2354e643665bc15b220a0b836229886bff6cdec0217f7d735316b2478f2d4f09fb2b0409a47b78f78186257ee30e3985e3ee1020b1e43

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State~RFe596ac6.TMP

Filesize
1KB

MD5
17b964025debda94b740ba9a790543c3

SHA1
16ef88def2d3aad6a9071199b012797e8f2a89ae

SHA256
118fafaf42088767deef5b263fc3a7520ff81f080acab375be07a7ac3ac7740a

SHA512
236feec5d1c658868117b6b6e0cc990fa50b68221ad99707d58271e2f9c1c5fdebecfa5b253e5f48da7444310825a550d103458fbc2cbee74e86a331ee95c5c3

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\Downloads\Build.zip.crdownload

Filesize
13.2MB

MD5
dc27a05bca028fdea32ce70deb829e30

SHA1
87df8d8884a8119651a881d3a3d2d66bc42e845c

SHA256
99b421b433eae70d9b28445cfcfee2185de5511a0c98355f817ba63e65b842c1

SHA512
e7721c9872a20c0646fe2d5a64e6edc730dab3b4105a04a7768331f16fd45f10976e250123a2c1d35b155658407ddbe9775fa3522deca9affcf4b7f96f05ea97

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller-PT6KYVHK7B.exe

Filesize
7.8MB

MD5
e7859398c10c098e678bd8fd13681f10

SHA1
11b731fc9b78dc9a742b2c06b79015fc911fdfb0

SHA256
e756ce2935d54ce1f9a57d5518bf47659a5eb4aefef72dae5349d8b013ee7f58

SHA512
7a75b55ff6ec09fb777b171e7222a2f3aa58c95d7edd6a60a2bd99010ea95542eeb7ca7e8cc52b93edb0677543d6003fd9b3d08915ee8b8f2b291668c85c4adf

Download Submit
memory/644-3472-0x000001A939150000-0x000001A9391EE000-memory.dmp

Filesize
632KB

Download
memory/644-1573-0x00007FFFDC220000-0x00007FFFDC221000-memory.dmp

Filesize
4KB

Download
memory/644-1773-0x000001A939150000-0x000001A9391EE000-memory.dmp

Filesize
632KB

Download
memory/1948-3932-0x00000000090A0000-0x00000000090E0000-memory.dmp

Filesize
256KB

Download
memory/2356-1501-0x00007FFFDBD10000-0x00007FFFDBD11000-memory.dmp

Filesize
4KB

Download
memory/2356-1500-0x00007FFFDAD20000-0x00007FFFDAD21000-memory.dmp

Filesize
4KB

Download
memory/2392-4052-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4051-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4045-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4044-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4043-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4057-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4056-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4055-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4054-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/2392-4053-0x0000017C5D7B0000-0x0000017C5D7B1000-memory.dmp

Filesize
4KB

Download
memory/4760-4091-0x00007FFFDC950000-0x00007FFFDC980000-memory.dmp

Filesize
192KB

Download
memory/4760-4098-0x00007FFFDAC00000-0x00007FFFDAC10000-memory.dmp

Filesize
64KB

Download
memory/4760-4090-0x00007FFFDC950000-0x00007FFFDC980000-memory.dmp

Filesize
192KB

Download
memory/4760-4087-0x00007FFFDC7F0000-0x00007FFFDC800000-memory.dmp

Filesize
64KB

Download
memory/4760-4094-0x00007FFFDC950000-0x00007FFFDC980000-memory.dmp

Filesize
192KB

Download
memory/4760-4099-0x00007FFFDAC00000-0x00007FFFDAC10000-memory.dmp

Filesize
64KB

Download
memory/4760-4092-0x00007FFFDC950000-0x00007FFFDC980000-memory.dmp

Filesize
192KB

Download
memory/4760-4100-0x00007FFFDAC20000-0x00007FFFDAC30000-memory.dmp

Filesize
64KB

Download
memory/4760-4089-0x00007FFFDC900000-0x00007FFFDC910000-memory.dmp

Filesize
64KB

Download
memory/4760-4093-0x00007FFFDC950000-0x00007FFFDC980000-memory.dmp

Filesize
192KB

Download
memory/4760-4088-0x00007FFFDC900000-0x00007FFFDC910000-memory.dmp

Filesize
64KB

Download
memory/4760-4086-0x00007FFFDC7F0000-0x00007FFFDC800000-memory.dmp

Filesize
64KB

Download
memory/4760-4095-0x00007FFFDC9E0000-0x00007FFFDC9E5000-memory.dmp

Filesize
20KB

Download
memory/4760-4096-0x00007FFFDAB70000-0x00007FFFDAB80000-memory.dmp

Filesize
64KB

Download
memory/4760-4101-0x00007FFFDAC20000-0x00007FFFDAC30000-memory.dmp

Filesize
64KB

Download
memory/4760-4097-0x00007FFFDAB70000-0x00007FFFDAB80000-memory.dmp

Filesize
64KB

Download
memory/5048-4021-0x0000000008BC0000-0x0000000008C00000-memory.dmp

Filesize
256KB

Download
memory/6096-1456-0x00007FFFDC220000-0x00007FFFDC221000-memory.dmp

Filesize
4KB

Download
memory/6096-1766-0x0000027BC9460000-0x0000027BC94FE000-memory.dmp

Filesize
632KB

Download
memory/6096-2524-0x0000027BC9460000-0x0000027BC94FE000-memory.dmp

Filesize
632KB

Download