595b1052c954a7e68abcfc53df39db3ec77ac8ec66d187cb39150cd70e3cf601

Analysis

max time kernel
1799s
max time network
1780s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxStudioInstaller.exe
Size

5.4MB
MD5

087672ef1f8a03c6fcea3dc8ffdd2a24
SHA1

2b01ce0e333d858c24b785584d52ade38cf679a3
SHA256

595b1052c954a7e68abcfc53df39db3ec77ac8ec66d187cb39150cd70e3cf601
SHA512

54ec51d1e50b0e39a14099da13f1adda591719b58bc6f17a727c6a47461505c4d122fa2100b59029b17a755362f9c435966ad75f5a1df62c6703ab8dd5a2de90
SSDEEP

98304:vsvmWk87Et4xWcuq49w0Fp0eeTvvG3gxYXu4r/RPD7Z+l/ih/luI:8mWOtxc1UCTcgx4RvZ+p6V

Score

8^/10

adware discovery evasion persistence privilege_escalation stealer trojan

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 62 IoCs

Processes:

MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.81.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeRobloxCrashHandler.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.187.41.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exemsedgewebview2.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exemsedgewebview2.exemsedgewebview2.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeBGAUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.81.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exeMicrosoftEdgeUpdate.exe

pid	process
3084	MicrosoftEdgeWebview2Setup.exe
4552	MicrosoftEdgeUpdate.exe
3984	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
5052	MicrosoftEdgeUpdateComRegisterShell64.exe
4580	MicrosoftEdgeUpdateComRegisterShell64.exe
4796	MicrosoftEdgeUpdateComRegisterShell64.exe
1536	MicrosoftEdgeUpdate.exe
900	MicrosoftEdgeUpdate.exe
2516	MicrosoftEdgeUpdate.exe
3204	MicrosoftEdgeUpdate.exe
3512	MicrosoftEdge_X64_126.0.2592.81.exe
2196	setup.exe
4400	setup.exe
4500	MicrosoftEdgeUpdate.exe
4876	RobloxStudioBeta.exe
1604	RobloxCrashHandler.exe
2628	msedgewebview2.exe
2352	msedgewebview2.exe
4492	msedgewebview2.exe
4264	msedgewebview2.exe
4444	msedgewebview2.exe
2644	msedgewebview2.exe
3060	msedgewebview2.exe
648	msedgewebview2.exe
4076	msedgewebview2.exe
4956	msedgewebview2.exe
1328	msedgewebview2.exe
4856	msedgewebview2.exe
3016	msedgewebview2.exe
4596	msedgewebview2.exe
4196	msedgewebview2.exe
4432	MicrosoftEdgeUpdate.exe
4020	MicrosoftEdgeUpdate.exe
4332	MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
644	MicrosoftEdgeUpdate.exe
560	MicrosoftEdgeUpdate.exe
1264	MicrosoftEdgeUpdate.exe
2536	MicrosoftEdgeUpdate.exe
1324	MicrosoftEdgeUpdateComRegisterShell64.exe
2524	MicrosoftEdgeUpdateComRegisterShell64.exe
3488	msedgewebview2.exe
1208	MicrosoftEdgeUpdateComRegisterShell64.exe
2236	MicrosoftEdgeUpdate.exe
1992	msedgewebview2.exe
2644	msedgewebview2.exe
2940	MicrosoftEdgeUpdate.exe
1240	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdate.exe
3488	BGAUpdate.exe
4476	MicrosoftEdgeUpdate.exe
4916	MicrosoftEdgeUpdate.exe
4092	MicrosoftEdge_X64_126.0.2592.81.exe
2776	setup.exe
2764	setup.exe
1524	setup.exe
236	setup.exe
3612	setup.exe
4884	setup.exe
4440	setup.exe
4468	setup.exe
3160	MicrosoftEdgeUpdate.exe

Loads dropped DLL 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeRobloxCrashHandler.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exe

pid	process
4552	MicrosoftEdgeUpdate.exe
3984	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
5052	MicrosoftEdgeUpdateComRegisterShell64.exe
2884	MicrosoftEdgeUpdate.exe
4580	MicrosoftEdgeUpdateComRegisterShell64.exe
2884	MicrosoftEdgeUpdate.exe
4796	MicrosoftEdgeUpdateComRegisterShell64.exe
2884	MicrosoftEdgeUpdate.exe
1536	MicrosoftEdgeUpdate.exe
900	MicrosoftEdgeUpdate.exe
2516	MicrosoftEdgeUpdate.exe
2516	MicrosoftEdgeUpdate.exe
900	MicrosoftEdgeUpdate.exe
3204	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
1604	RobloxCrashHandler.exe
1604	RobloxCrashHandler.exe
1604	RobloxCrashHandler.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
2628	msedgewebview2.exe
2352	msedgewebview2.exe
2628	msedgewebview2.exe
2628	msedgewebview2.exe
2628	msedgewebview2.exe
4492	msedgewebview2.exe
4264	msedgewebview2.exe
4444	msedgewebview2.exe
4444	msedgewebview2.exe
2644	msedgewebview2.exe
4492	msedgewebview2.exe
4264	msedgewebview2.exe
4492	msedgewebview2.exe
4492	msedgewebview2.exe
4492	msedgewebview2.exe
4492	msedgewebview2.exe
2644	msedgewebview2.exe
2644	msedgewebview2.exe
3060	msedgewebview2.exe
3060	msedgewebview2.exe
3060	msedgewebview2.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

BGAUpdate.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=5CD95BF02F86416D818F387256A55414"	BGAUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxStudioInstaller.exeRobloxStudioBeta.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioBeta.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe

Checks system information in the registry 2 TTPs 30 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exemsedgewebview2.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 1 IoCs

Processes:

setup.exe

description ioc process

File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxStudioInstaller.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\Toolbox.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Ribbon\Light\Medium\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Components\LimitedLabel.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\JestConsole-3.8.0\JestConsole\BufferedConsole.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-0.4.2\LuauPolyfill\util\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\mock\mock\Matchers\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\RoactFitComponents\RoactFitComponents\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileInsights\UserProfiles.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Debugger\Light\Large\StepOut.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserLib\Http.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\avatar\heads\headM.mesh	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Lua\PathEditor\Dark\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Alerts\Light\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Reducers\NetworkData.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Settings\Pages\GameSettings.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\LuaSocialLibrariesDeps\LuaSocialLibrariesDeps\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\ui\PlayerList\OwnerIcon.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\StudioFonts\NotoSansCJK-Black.ttc	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\SoundManager.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\MaterialGenerator\Materials\Cobblestone.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Navigation\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\BackpackScript.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\BoxButton.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\errors\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\ZenObservable\lock.toml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\AnimationEditor\menu_shadow_bottom.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\AvatarImporter\img_light_R15.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\ScriptProfiler\ProfilerUtil.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-0.3.4\LuauPolyfill\Number\.robloxrc	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\NetworkingSquads\NetworkingSquads\networkRequests\createJoinSquad.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\Qml\QtQuick\Controls.2\designer\images\dial-icon.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\SpringConstraint.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Reducers\PremiumProductsReducer.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Settings\Components\Blocking\BlockingModalContainer.story.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Settings\Flags\GetFIntIGMv1ARFlowCSWaitFrames.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\models\ViewSelector\Basic.mesh	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\particles\forcefield_glow_color.dds	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\textures\ui\LuaChat\graphic\gr-numbers.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFFlagEnableInvitePromptLoadingState.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Localization\Locales\vi-vn.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\JestReporters-3.8.0\JestReporters\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\DeveloperInspector\ToolbarIcon.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\textures\ui\LuaApp\category\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Reducers\.robloxrc	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\PublishAssetPrompt\ConnectAssetServiceEvents.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\RoduxAliases\RoduxAliases\Actions\AliasRemoved.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameTile\Dev\GameDetailRodux.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RobloxAppUpdate\Dev\MockEngineServices.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Lua\AssetManager\Dark\Standard\Menu.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\StyleEditor.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Settings\Components\MuteToggles.spec.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-0c4b13ff\LuauPolyfill\util\inspect.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Debugger\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\fonts\Ubuntu-Regular.ttf	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFFlagEnableInGameMenuModernizationBigText.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AuthCompliance\UIBlox.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\ui\InspectMenu\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\reducer\gameInfo.spec.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\JestUtil-3.8.0\JestUtil\createDirectory.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Navigation\Light\Large\[email protected]	RobloxStudioInstaller.exe

Drops file in Windows directory 64 IoCs

Processes:

setup.exesetup.exesetup.exemsedgewebview2.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1896688833\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1671451695\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_567709878\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-und-ethi.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1671451695\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Mu\Other	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Mu\TransparentAdvertisers	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-es.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Mu\Social	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-sl.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_567709878\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Mu\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-en-us.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1896688833\protocols.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1671451695\Part-NL	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1776230876\manifest.json	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-pa.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_729410177\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-as.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1671451695\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_567709878\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Sigma\Analytics	msedgewebview2.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Mu\CompatExceptions	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-pt.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1671451695\Part-RU	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Mu\Entities	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_92328960\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-da.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Sigma\Cryptomining	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-et.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_567709878\keys.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_729410177\ct_config.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_92328960\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1671451695\Part-FR	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\Sigma\Advertising	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_384213398\manifest.json	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_92328960\Microsoft.CognitiveServices.Speech.core.dll	msedgewebview2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exeRobloxStudioInstaller.exeRobloxStudioBeta.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxStudioInstaller.exesetup.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxStudioInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\BHO"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth	RobloxStudioInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0"	RobloxStudioInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxStudioInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exemsedgewebview2.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeRobloxStudioInstaller.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxStudioInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\EBWebView\\x64\\EmbeddedBrowserWebView.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio-auth\ = "URL: Roblox Protocol"	RobloxStudioInstaller.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

RobloxStudioBeta.exe

pid process

4876 RobloxStudioBeta.exe

pid	process
4876	RobloxStudioBeta.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

RobloxStudioInstaller.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exe

pid	process
1652	RobloxStudioInstaller.exe
1652	RobloxStudioInstaller.exe
4552	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
4552	MicrosoftEdgeUpdate.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe
4876	RobloxStudioBeta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

RobloxStudioBeta.exe

pid process

4876 RobloxStudioBeta.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedgewebview2.exe

pid process

2628 msedgewebview2.exe
2628 msedgewebview2.exe
2628 msedgewebview2.exe

pid	process
4876	RobloxStudioBeta.exe

pid	process
2628	msedgewebview2.exe
2628	msedgewebview2.exe
2628	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdate.exe

description	pid	process
Token: SeDebugPrivilege	4552	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4552	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4432	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4020	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	560	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2940	MicrosoftEdgeUpdate.exe
Token: 33	2776	setup.exe
Token: SeIncBasePriorityPrivilege	2776	setup.exe
Token: SeDebugPrivilege	2776	setup.exe
Token: SeDebugPrivilege	4916	MicrosoftEdgeUpdate.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

RobloxStudioBeta.exeOpenWith.exe

pid process

4876 RobloxStudioBeta.exe
836 OpenWith.exe

pid	process
4876	RobloxStudioBeta.exe
836	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

RobloxStudioInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.81.exesetup.exeRobloxStudioBeta.exemsedgewebview2.exe

description	pid	process	target process
PID 1652 wrote to memory of 3084	1652	RobloxStudioInstaller.exe	MicrosoftEdgeWebview2Setup.exe
PID 1652 wrote to memory of 3084	1652	RobloxStudioInstaller.exe	MicrosoftEdgeWebview2Setup.exe
PID 1652 wrote to memory of 3084	1652	RobloxStudioInstaller.exe	MicrosoftEdgeWebview2Setup.exe
PID 3084 wrote to memory of 4552	3084	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 3084 wrote to memory of 4552	3084	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 3084 wrote to memory of 4552	3084	MicrosoftEdgeWebview2Setup.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 3984	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 3984	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 3984	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 2884	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 2884	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 2884	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2884 wrote to memory of 5052	2884	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2884 wrote to memory of 5052	2884	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2884 wrote to memory of 4580	2884	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2884 wrote to memory of 4580	2884	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2884 wrote to memory of 4796	2884	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2884 wrote to memory of 4796	2884	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4552 wrote to memory of 1536	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 1536	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 1536	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 900	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 900	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 4552 wrote to memory of 900	4552	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2516 wrote to memory of 3204	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2516 wrote to memory of 3204	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2516 wrote to memory of 3204	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2516 wrote to memory of 3512	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_126.0.2592.81.exe
PID 2516 wrote to memory of 3512	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdge_X64_126.0.2592.81.exe
PID 3512 wrote to memory of 2196	3512	MicrosoftEdge_X64_126.0.2592.81.exe	setup.exe
PID 3512 wrote to memory of 2196	3512	MicrosoftEdge_X64_126.0.2592.81.exe	setup.exe
PID 2196 wrote to memory of 4400	2196	setup.exe	setup.exe
PID 2196 wrote to memory of 4400	2196	setup.exe	setup.exe
PID 2516 wrote to memory of 4500	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2516 wrote to memory of 4500	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 2516 wrote to memory of 4500	2516	MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
PID 1652 wrote to memory of 4876	1652	RobloxStudioInstaller.exe	RobloxStudioBeta.exe
PID 1652 wrote to memory of 4876	1652	RobloxStudioInstaller.exe	RobloxStudioBeta.exe
PID 4876 wrote to memory of 1604	4876	RobloxStudioBeta.exe	RobloxCrashHandler.exe
PID 4876 wrote to memory of 1604	4876	RobloxStudioBeta.exe	RobloxCrashHandler.exe
PID 4876 wrote to memory of 2628	4876	RobloxStudioBeta.exe	msedgewebview2.exe
PID 4876 wrote to memory of 2628	4876	RobloxStudioBeta.exe	msedgewebview2.exe
PID 2628 wrote to memory of 2352	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 2352	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe
PID 2628 wrote to memory of 4492	2628	msedgewebview2.exe	msedgewebview2.exe

System policy modification 1 TTPs 5 IoCs

evasion

Modify Registry

T1112

Processes:

setup.exemsedgewebview2.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3084

C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4552

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3984

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2884

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5052

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4580

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4796

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEJCNEYzRjEtOEYzNi00RTRDLUFBQzgtMDgzQ0Y2QkE3MUM2fSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MEM1NDlBNC0zRDE0LTQ4QzQtODM0NS02QUIzMjExMzVCMDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNjg3NDgxMjAiIGluc3RhbGxfdGltZV9tcz0iNDI3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1536

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4BB4F3F1-8F36-4E4C-AAC8-083CF6BA71C6}" /silent
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:900

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4876

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.631.1.6310472_20240629T162804Z_Studio_A92CF_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.631.1.6310472_20240629T162804Z_Studio_A92CF_last.log --attachment=attachment_log_0.631.1.6310472_20240629T162804Z_Studio_A92CF_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.631.1.6310472_20240629T162804Z_Studio_A92CF_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.631.1.6310472 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=cb5e1ef861e0b94bbfd3c1c166285778889972be --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.631.1.6310472 --annotation=UniqueId=379320667863675895 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.631.1.6310472 --annotation=host_arch=x86_64 --initial-client-data=0x5a4,0x5b0,0x5b4,0x520,0x5dc,0x7ff7d774e708,0x7ff7d774e720,0x7ff7d774e738
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1604

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4876.3564.10516169659645628149
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2628

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.81 --initial-client-data=0x160,0x164,0x168,0x108,0x170,0x7ff88ced0148,0x7ff88ced0154,0x7ff88ced0160
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2352

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1664,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1680 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4492

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1756,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:11
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4264

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2176,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:13
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4444

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3504,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2644

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3748,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:1
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3060

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4236,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
4⤵
- Executes dropped EXE
PID:648

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2028,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:14
4⤵
- Executes dropped EXE
PID:4076

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4900,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:14
4⤵
- Executes dropped EXE
PID:4956

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4768,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:14
4⤵
- Executes dropped EXE
PID:1328

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4696,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:10
4⤵
- Executes dropped EXE
PID:4856

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=748,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:14
4⤵
- Executes dropped EXE
PID:3016

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2684,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=964 /prefetch:14
4⤵
- Executes dropped EXE
PID:4596

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4616,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:14
4⤵
- Executes dropped EXE
PID:4196

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4536,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:14
4⤵
- Executes dropped EXE
PID:3488

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4780,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:14
4⤵
- Executes dropped EXE
PID:1992

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4520,i,13764756423433152621,7706840057118956356,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14
4⤵
- Executes dropped EXE
PID:2644

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2516

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEJCNEYzRjEtOEYzNi00RTRDLUFBQzgtMDgzQ0Y2QkE3MUM2fSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2NzA0NDRGMi03OEM3LTQzMEYtQjU4MC0xODIwODk1NTg0NkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNzI3MDgxOTciLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3204

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3512

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\EDGEMITMP_54FA5.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\EDGEMITMP_54FA5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2196

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\EDGEMITMP_54FA5.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\EDGEMITMP_54FA5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2FE8906-ACC5-4283-8A88-CB88A96A7C8E}\EDGEMITMP_54FA5.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e583aa40,0x7ff7e583aa4c,0x7ff7e583aa58
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4400

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEJCNEYzRjEtOEYzNi00RTRDLUFBQzgtMDgzQ0Y2QkE3MUM2fSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMzk1QzQ2NS1GMzY1LTRBQ0MtOUFFMi00MTY5NjMxQ0IwQjh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzgyNjI4MjA0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTM4MjY2ODQyMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4ODgxMDgzNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzExMTBiZjYzLWM2Y2UtNDcxNC05NjliLWIzMDI4YjQ0MWM0Nz9QMT0xNzIwMjgzMTg5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWp2bkpEZUNweFhYTEsxMFpyanl2WHg5RHZsSEtNb0M5JTJiVjdhYVZaTXp4bFpYMlR0QnFuSUQ5OG9ib05scVVIbldCdG1PR05UcUtvbkM5WFZMNjJPaFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzMwODIxNjgiIHRvdGFsPSIxNzMwODIxNjgiIGRvd25sb2FkX3RpbWVfbXM9IjQ0MjEzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg4ODIxODQ3MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MDIwODgxMDUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzNDA5NDgyMjgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3MzkiIGRvd25sb2FkX3RpbWVfbXM9IjUwNTUwIiBkb3dubG9hZGVkPSIxNzMwODIxNjgiIHRvdGFsPSIxNzMwODIxNjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzODg1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4500

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:836

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4432

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4020

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1F8F7D08-A892-4944-A7D6-808D6D27CCAA}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1F8F7D08-A892-4944-A7D6-808D6D27CCAA}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{57225224-8ED8-46A8-BB8E-BF1423C38FB4}"
2⤵
- Executes dropped EXE
PID:4332

C:\Program Files (x86)\Microsoft\Temp\EUB20D.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUB20D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{57225224-8ED8-46A8-BB8E-BF1423C38FB4}"
3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Checks system information in the registry
- Suspicious use of AdjustPrivilegeToken
PID:560

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
4⤵
- Executes dropped EXE
- Modifies registry class
PID:1264

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
4⤵
- Executes dropped EXE
- Modifies registry class
PID:2536

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Modifies registry class
PID:1324

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Modifies registry class
PID:2524

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Modifies registry class
PID:1208

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTcyMjUyMjQtOEVEOC00NkE4LUJCOEUtQkYxNDIzQzM4RkI0fSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RkUyQUU0QzAtRkQ0OS00NUU2LTlGREItOTI1QUFEMTJCMjM4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk2NzgzODYiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MzE5MzgyMTQiLz48L2FwcD48L3JlcXVlc3Q-
4⤵
- Executes dropped EXE
- Checks system information in the registry
PID:2236

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTcyMjUyMjQtOEVEOC00NkE4LUJCOEUtQkYxNDIzQzM4RkI0fSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyQzM4Q0NCMy1GRDRBLTQ5RkMtOThEQy02M0IyRUFENzYyMUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MDg3MTgzODUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYwODc1ODMyMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYxNjQyODI2MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzIwMjgzNTEyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUdvTHpXUWg1UDNtJTJiOG0lMmJYV09QT00lMmZWMVJtOVRWbnQybG9HcEw0Mk1JNzRVbnhZd3FhTk9mM0w0VkZ1bEVsdXlTZkxyelFDa082JTJiWTBId3V1MGQ5dkElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjE2NDM4MjU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMDI4MzUxMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Hb0x6V1FoNVAzbSUyYjhtJTJiWFdPUE9NJTJmVjFSbTlUVm50MmxvR3BMNDJNSTc0VW54WXdxYU5PZjNMNFZGdWxFbHV5U2ZMcnpRQ2tPNiUyYlkwSHd1dTBkOXZBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzNDM3NiIgdG90YWw9IjE2MzQzNzYiIGRvd25sb2FkX3RpbWVfbXM9IjY5MyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjE2NDU4NDYyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MjE2MTgxMTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU5NjQ5NzEyMDQxMzU5MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY0MTUyMDg5NTgwMjc0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NTIwQkU0ODYtNDVCMC00M0RDLThDRjItN0M3Rjg3RDMwREUwfSIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:644

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2940

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:1240

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTMyMUYyQzYtQTFBRi00Njk3LTkzOTctRjNGMDQ3NEJBNEVFfSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTJDOTJBQzItNzM0Mi00RkEzLUE1RDItMEU5MzUwMkM0MUVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTUxNzQxNjMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1OTY0Njg0NTcxMDg4MzAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTYzMjI3ODM3OCIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:1076

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{099E51AC-E927-4766-BC0A-D6E15171D5BA}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{099E51AC-E927-4766-BC0A-D6E15171D5BA}\BGAUpdate.exe" --edgeupdate-client --system-level
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3488

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTMyMUYyQzYtQTFBRi00Njk3LTkzOTctRjNGMDQ3NEJBNEVFfSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGQ0M1NzBDQS0yNkEwLTQ1RkUtOTRFOC03OEMzNDY5OEFGOTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNjQyODI4MTI1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE2NDI4NjgxMDEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIxMzE5MzgyMzEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDI4MzgxNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1jcEp4eTZSQ1UxOUxEcjRKMnNiTk0lMmZUTyUyYjJtSUs5OHRDT05BMEIlMmZkNHlmWkQ4Smt2bDAwTGNnJTJieWxrNENxbks5SHlEeDZPZ0RybWFhcXgzeUZuZSUyYnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMTMxOTU4MzE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDI4MzgxNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1jcEp4eTZSQ1UxOUxEcjRKMnNiTk0lMmZUTyUyYjJtSUs5OHRDT05BMEIlMmZkNHlmWkQ4Smt2bDAwTGNnJTJieWxrNENxbks5SHlEeDZPZ0RybWFhcXgzeUZuZSUyYnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSI0NDM3NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMTMxOTg4MDk4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIxMzc5NzgwODEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjE0MDMwODIzNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjU3OCIgZG93bmxvYWRfdGltZV9tcz0iNDg4OTgiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjIyOSIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:4476

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4916

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
2⤵
- Executes dropped EXE
PID:4092

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:2776

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6b716aa40,0x7ff6b716aa4c,0x7ff6b716aa58
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2764

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1524

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6b716aa40,0x7ff6b716aa4c,0x7ff6b716aa58
5⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:236

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff619bfaa40,0x7ff619bfaa4c,0x7ff619bfaa58
5⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff619bfaa40,0x7ff619bfaa4c,0x7ff619bfaa58
5⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4468

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEM4M0Y1RjAtODZEMy00MEE4LTk0RjItNjJEQzIyRUY4NjE3fSIgdXNlcmlkPSJ7QzgxMzA0NjQtRTlBNy00Qzk5LTk0OTgtRENCMzUyNUJDNDg4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4RUZBNkI0Ny1BQjcyLTREMTMtQkNGRC02ODU3MzgxNDYwNkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjM5Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzg5IiBwaW5nX2ZyZXNobmVzcz0ie0Q0RjIxQkNBLTRENDMtNEI5Qy05OTY5LUNCMEZCMjhDMDdFRX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTY0OTcxMjA0MTM1OTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMzc0OTA4MDk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMzc1MDM4MTAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDAzMzA4MTE3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDE3Mzk4MjcyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjc4NjMyODI2MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjU5MiIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzNjg4NSIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzODkiIHBpbmdfZnJlc2huZXNzPSJ7OUE0MEIyRTItMjEyNi00MzY1LUE3NTQtOUNGMUZENUNDOUUwfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGNvaG9ydD0icnJmQDAuNTkiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY0MTUyMDg5NTgwMjc0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2Mzg5IiBwaW5nX2ZyZXNobmVzcz0iezA3RTZFMDMxLTU3N0UtNDQyNi1CM0E0LTc4ODEwRkRDODJDRn0iLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:3160

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
1⤵
PID:440

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Active Setup

T1547.014

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Component Object Model Hijacking

T1546.015

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Active Setup

T1547.014

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
Filesize
6.5MB

MD5
7c44a5cba89f38d967b1f4e11225da0f

SHA1
44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd

SHA256
a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706

SHA512
25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
Filesize
17.2MB

MD5
3f208f4e0dacb8661d7659d2a030f36e

SHA1
07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

SHA256
d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

SHA512
6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
Filesize
1.6MB

MD5
a9ad77a4111f44c157a1a37bb29fd2b9

SHA1
f1348bcbc950532ac2b48b18acd91533f3ac0be2

SHA256
200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

SHA512
68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8A9C277B-F7AE-43F5-9AB6-8670E5A34EAD}\EDGEMITMP_C76BD.tmp\SETUP.EX_
Filesize
2.6MB

MD5
33efe1418d476ff5d8eaffa404072360

SHA1
0b24c3cf402737e23b509b7cd9c49761d2d6ea08

SHA256
caa9ce4d4a529b0a5e19c24a85cbe3bcd74b7d8bc5d3f946c909cf05deb16d10

SHA512
0438c9b819a695edc549ea19419fab9b6f152d3e457c8f59418d1bbc409a80ca4988d1b6797d9b4c47aa79761074f5f9c36d96d131b72a64b45cf3bfb4b80c0b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Filesize
3.7MB

MD5
ffca1f7c84a963b8348618cce82b8a89

SHA1
786fc7f049930e11d89975c3895c3b4c38460bac

SHA256
2bdb14fea64cabb5bbf698a6aa1999b1ad511fbaf572b7b99eb828c35672d786

SHA512
ee6f8c014acefb3de391771ede38ac65630c459d807ab44f16aad659d39e1e59d3ab5d3a809e232eece244697fedd176641479777273b28a635b8735e6b10e8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\EdgeUpdate.dat
Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\MicrosoftEdgeComRegisterShellARM64.exe
Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\MicrosoftEdgeUpdateCore.exe
Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\NOTICE.TXT
Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdate.dll
Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_af.dll
Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_am.dll
Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ar.dll
Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_as.dll
Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_az.dll
Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_bg.dll
Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_bn-IN.dll
Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_bn.dll
Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_bs.dll
Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ca.dll
Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_cs.dll
Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_cy.dll
Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_da.dll
Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_de.dll
Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_el.dll
Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_en-GB.dll
Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_es-419.dll
Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_es.dll
Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_et.dll
Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_eu.dll
Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_fa.dll
Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_fi.dll
Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_fil.dll
Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_fr-CA.dll
Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_fr.dll
Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ga.dll
Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_gd.dll
Filesize
30KB

MD5
c90f33303c5bd706776e90c12aefabee

SHA1
1965550fe34b68ea37a24c8708eef1a0d561fb11

SHA256
e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

SHA512
b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_gl.dll
Filesize
28KB

MD5
84a1cea9a31be831155aa1e12518e446

SHA1
670f4edd4dc8df97af8925f56241375757afb3da

SHA256
e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

SHA512
5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_gu.dll
Filesize
28KB

MD5
f9646357cf6ce93d7ba9cfb3fa362928

SHA1
a072cc350ea8ea6d8a01af335691057132b04025

SHA256
838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

SHA512
654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_hi.dll
Filesize
28KB

MD5
34cbaeb5ec7984362a3dabe5c14a08ec

SHA1
d88ec7ac1997b7355e81226444ec4740b69670d7

SHA256
024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

SHA512
008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_hr.dll
Filesize
29KB

MD5
0b475965c311203bf3a592be2f5d5e00

SHA1
b5ff1957c0903a93737666dee0920b1043ddaf70

SHA256
65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

SHA512
bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_hu.dll
Filesize
29KB

MD5
f4976c580ba37fc9079693ebf5234fea

SHA1
7326d2aa8f6109084728323d44a7fb975fc1ed3f

SHA256
b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791

SHA512
e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_id.dll
Filesize
27KB

MD5
03d4c35b188204f62fc1c46320e80802

SHA1
07efb737c8b072f71b3892b807df8c895b20868c

SHA256
192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95

SHA512
7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_is.dll
Filesize
28KB

MD5
5664c7a059ceb096d4cdaae6e2b96b8f

SHA1
bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec

SHA256
a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e

SHA512
015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_it.dll
Filesize
30KB

MD5
497ca0a8950ae5c8c31c46eb91819f58

SHA1
01e7e61c04de64d2df73322c22208a87d6331fc8

SHA256
abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7

SHA512
070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_iw.dll
Filesize
25KB

MD5
45e971cdc476b8ea951613dbd96e8943

SHA1
8d87b4edfce31dfa4eebdcc319268e81c1e01356

SHA256
fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d

SHA512
f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ja.dll
Filesize
24KB

MD5
b507a146eb5de3b02271106218223b93

SHA1
0f1faddb06d775bcabbe8c7d83840505e094b8d6

SHA256
5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed

SHA512
54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ka.dll
Filesize
29KB

MD5
3bc0d9dd2119a72a1dc705d794dc6507

SHA1
5c3947e9783b90805d4d3a305dd2d0f2b2e03461

SHA256
4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb

SHA512
8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_kk.dll
Filesize
28KB

MD5
bcb1c5f3ef6c633e35603eade528c0f2

SHA1
84fac96d72341dc8238a0aa2b98eb7631b1eaf4e

SHA256
fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1

SHA512
ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_km.dll
Filesize
27KB

MD5
2ea1200fdfb4fcc368cea7d0cdc32bc2

SHA1
4acb60908e6e974c9fa0f19be94cb295494ee989

SHA256
6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3

SHA512
e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_kn.dll
Filesize
29KB

MD5
60dfe673999d07f1a52716c57ba425a8

SHA1
019ce650320f90914e83010f77347351ec9958ab

SHA256
ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af

SHA512
46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ko.dll
Filesize
23KB

MD5
cf91a1f111762d2bc01f8a002bd9544d

SHA1
db2603af55b08538a41c51fc0676bc0ed041d284

SHA256
baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75

SHA512
9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_kok.dll
Filesize
28KB

MD5
ca3465347e57624ee2a5dd2299d4f4cd

SHA1
551a151a8d49489c90400e18c34633aa2c2b8a4b

SHA256
5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0

SHA512
a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_lb.dll
Filesize
30KB

MD5
269e84b82973e7b9ee03a5b2ef475e4d

SHA1
4021af3bfde8c52040ad4f9390eb29ae2a69104b

SHA256
c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07

SHA512
db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_lo.dll
Filesize
27KB

MD5
864edbc77831a64a3e3ab972291233bb

SHA1
fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe

SHA256
aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51

SHA512
3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_lt.dll
Filesize
27KB

MD5
7071c732cf3e4b3144cf07c49d8eb44f

SHA1
3800bf304b44d9d27ac26bed6ccc899669dc3b4f

SHA256
9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6

SHA512
be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_lv.dll
Filesize
28KB

MD5
30849a9c16061b9a46a66e8e7d42ff81

SHA1
2d0e86535d964acce8912c6bef3cc12346b22a6c

SHA256
b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9

SHA512
298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_mi.dll
Filesize
28KB

MD5
1866ddadd9397dbf01c82c73496b6bff

SHA1
b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b

SHA256
9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17

SHA512
76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_mk.dll
Filesize
29KB

MD5
064035858a1df697913f06c972461901

SHA1
b6be99ae8e55207949076955389bc8fec81937fd

SHA256
4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6

SHA512
9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ml.dll
Filesize
30KB

MD5
7e90d4306c5768dfd1160ad9e2168a19

SHA1
4f7b17843ad226d51cfb0090235b55a29b5a674a

SHA256
8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c

SHA512
f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_mr.dll
Filesize
28KB

MD5
468a420700d239a0cd90b95896b0d6da

SHA1
ce57e3abf57c7ae13e99546b2a5e19dec03cb9b7

SHA256
24b304bd40f8e63848f8d2a1ca6ac8bc032b7a700161efad61ad445787650c87

SHA512
604c4cc8132c520da70c4870514610364648ec6446afa47128ac3aa8a9157932705da93e8ed4e33d56f5191d611b26b76aeba1514e9dff1a13dd32693cfddb8b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB7B2.tmp\msedgeupdateres_ms.dll
Filesize
28KB

MD5
51230a1b9ab0dad791e583b7ee57afe4

SHA1
957ba3e5d9b2df16ea3e099aab5b7e74d2055e46

SHA256
a47fc6a9a75875e75f3415f068c357dd499e533849381b875272d5994c163670

SHA512
5a3d754cefa1ab28748cb38021b5cbebd93fe513da0f4a7cbae98c0938acb10cdda939171d0842b09e97cb4c73f19272be665f767642ba1c5b25c709b5417edb

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
Filesize
14KB

MD5
b2e42299c36f53dc15662a6304dadafa

SHA1
c88caab5e53cd1af3ad283c54d424dddd6b61a1f

SHA256
e3f667bcd64eddeb978c55d546e308017f9438726a568940345d6baa127bce62

SHA512
e0281722c1303854a5b4548e0f77a85ae6bcc724e9ee4c7eca0f8fa40d2f12e0b19252e1f20d6a2afb8b684c38abf5288cc3680cb9df757ffb0c7de03e9f77a3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\4fa63f4ccb9b1fca93ab82e51c6d4750
Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set
Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
1d2331e415446484b6d44a25e6a138e5

SHA1
6911f785111bf484a04c7a5e29dea6e438247918

SHA256
115b522a7a09d36af48f302bf4d6657ac4a16074b3a55a4ef49eb3a7becfd541

SHA512
46e40af09a00df1ca102b96bd5f52a08ba4cb478f3be6fd12f97dff6460602bf3cdc2ee482a5567635b94e7c85fddc8bc10cc60b02a49673dfab0bd611d44c45

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\5d941a78-b85a-420c-b64e-ed6b55dca1a8.tmp
Filesize
6KB

MD5
462ff84918269792549c8b092dd45036

SHA1
5b5756b973d5494a5cdfb430fe5741ebbd1d2bad

SHA256
17a8f30280bb3ef70befb8332e84b1170c724e89ac57e55210e02718a0b057e7

SHA512
e643caa6285b665c5c98f8508973f7cb4c45026ffb3230f25ff4497796ee7fb1d59609611b7175e9560f313169839a4c24b657cdeb30f76efeb1c3db1cccd40d

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e94b24ffb17ed6abc89561e200401c25

SHA1
2ac9fdd58a6155b5603d92cbcd4eb3f66a706dca

SHA256
7ed9fb48cfa2e00bae9049c122834b80ee2005f3a78b9f84353d883668eed2d7

SHA512
0cf1c903778aafb06fadaa6413f8e2363adf2816eb71bd88b604e050fb7a062919db8d45b32816cf30233cbaf744c307acc3f8d5ac47c5933ccfa0f9568d7998

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5aa20e.TMP
Filesize
48B

MD5
100c07b6fa81cd916f0aa844a01cb6a2

SHA1
e6c8580b907ddb4e5a3d4f261d4e23e2f9de7fd0

SHA256
6cfd52e0188758144536c6796d0276f274148635971e06e86453de561615e498

SHA512
77e18924db754390fcb502e835cc198bf39924d78820d52fc40bdfc9e3c3756ea62c268bd9776511a13ab641f722a1fb538ef5599a0116dff6023b486a42db9f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
Filesize
2KB

MD5
d1eb5a24d8a11a1727619261d9c18e7e

SHA1
a3673b456053e32330c308627fe9fc50ed3074fd

SHA256
1bac0a9a235f0c8ae06615ca711ba4a8e84df908b15a386fa41271e1cf5273f1

SHA512
e52ca1d0210b726f2d7cf085f3886b5f8d4c26e4e754f412ec0d498a17754fea2cc13b8233e9ec49551496988e852d6ca75b2ac7e5db3854f59a04cd6be887d0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
Filesize
2KB

MD5
aae927537231320ef0e9a0f0eaee3248

SHA1
e088acb6f6b51842e89e0df630495b67e941234b

SHA256
8fd4281305d05999f9b0170996ed6e70c2712ddee11f70b3afd2bd24c1c79f94

SHA512
0a78606910d9555dad90971e9ac8956a6c7508d655c79b586794e7893835d6519ebf62d342ae7d8444305ad3db50772a6406ceac0821bbbe9ef65ee8f8e5db7b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5b6108.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize
1KB

MD5
39b6155bdaa18e727147c7cf8edab54e

SHA1
447ea9a21f788152ad6468de7369cd638505ecde

SHA256
3a21dd67fa9f191ce093946799ed3a078d4b6009fe3d724cacb7b8de45f4cdcc

SHA512
e5417fb65624cfe62d5b29ab0afad06e99c8b43dab6f14d630b703106a3950cb8ab8e8a4b5b9f0099179618a4ca773c340e60d262a4f3f50139728bb4e636d98

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize
1KB

MD5
e61eba543e62fa50972a1c39089e8022

SHA1
cccd0e95e2fc81d848c85dd14f5e21aacb643ad6

SHA256
64afebfdc58322b41e485be8cf41cf4c9c3412ceac92c349578fedb84d9e0556

SHA512
0de010c17244b40e5e84a79f360b1c9aa931ecc7c3fb0ee5c4f101abe7b9d447b77a0bf9b6715110991bdf7e831f2f3969d9dfc1b9df3b25ac9154307ad7dd3e

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize
1KB

MD5
5404da2d37c788051737ec45866aaa6e

SHA1
9f7a1d8d5da2726e4f7e0b6e424a1a184319d926

SHA256
5da0c89d18f0a3dec4cd8621674acd605896e90db9d56af8694884dc14c061cc

SHA512
ac34a10285ba8c627603a223b7fc511ea42d44c71e22cb4f98e837a25b8244343a22a35ea03eb3ac36188c0ca234d34ff7401f43245e5e4d6d289546fed79c25

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5aa097.TMP
Filesize
1KB

MD5
58bf65faedb1591fdb48066ddc93362d

SHA1
e80f7ac7b161022ea92806743fd95a3163c79b98

SHA256
45ff0c4699168a97cd6b179d6af7f0dd0e1efbae0bd47937debfd72cc75ea8b7

SHA512
48138b92b7247c4130b03c5669943006095dc41bcad82f1e29bda269f2f71fa1070e89e9492a93c83333d5edcc7782afe61c8c50be262a57ea8c594e2962ced6

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
Filesize
6KB

MD5
c6b14709f3c52e82ed9dbf5e045371e6

SHA1
3c7aaddca56c04b1c7415b3c965d417a2bd32230

SHA256
36b03c20403b113d078e2b86d2e7e498ceb7a06f55da7c2bf644f8e95dd500e3

SHA512
a9583dc4368cc0a54915a461824960bd03a38f33371eb99396475a62fc5f0031320a17fbb0bf9c6b9aa04f3c81da23eef20eb78e867c323c62e9acc018b36d0f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
Filesize
16KB

MD5
73787f4702eb9c30ac6ab96668fbffa6

SHA1
4cd01fd249d508bd83165fda52926a4dcb8f82a8

SHA256
6e327bf498e6a6d42290e0a1ee94a7723c5d8dfecfe8fd23126065d088cfe20e

SHA512
9f884bdb475dab36906d62cf7f6bfbb7e0c3bb87422cecfd22476aaf3c1e9febceb9cfa370a8b2d04475fdca00e1e2114809f844c896176057b853f868fd023c

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
Filesize
1KB

MD5
8ad11b4f7ba508f06cdf791862aeaa26

SHA1
5466cdc15319baf27e7a77961c137e3d5ebf86d7

SHA256
20343f19bc85c070024cc435a072700a785381a179ad1f8a102b7849a604e583

SHA512
b51914c2738eab3a63bd5787a997d7324cae02de26a67559b972c264cc3db84886e6a2d70077db2e31f71762e7f0f3851e56ccab31683d4ea2cfedf33ebb9637

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
Filesize
2KB

MD5
3de11b074671b7078f92d3d3ca4b303b

SHA1
f345e05ecc430282ee1f4a21bc58b1e42146f111

SHA256
34aec59dfa2e7b4fdfb52d1fd4dc014374afce92fb5fbad257e763d887e3a0c1

SHA512
52bf0194f7a64a6ab5bea78b517679c20db8b44013af044d929d6385466f07d6154ef28bba4d6aa51c2ca2466a46b9e5ba3be0a9694288f391726292f3251824

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
Filesize
3KB

MD5
e37c564a0e3acdff5a1be896192aaede

SHA1
f7b33937f46961d1cb999d4f91b63ef3b4e9f1e9

SHA256
0a13fd1b5ade3ddffc5f58d1837dcd83b613198834d2e9adf712d44508f3de1d

SHA512
80b2224e4eb23810b47de3c13cd98e99166740c0c195f61a287bad5f7b66d214e06ff2949bae9ed1a0b48335894fdc8027a4fc99211b3752183bf673277c5c9c

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
Filesize
17KB

MD5
3841bdfd315751a9391d8d7f3986421b

SHA1
dd0015fb778a33235cd9cfd25229667fa883d2c9

SHA256
cbd8f2db79eef3f3e990b2948854fd96c07cf75220f1e4517afecb394cf66192

SHA512
465a239d8c217be711f73a8980cb1734e2b8a4737dcf72eca72a86cb65015c75db21aa844a0294b543aace55591090a128f7e0426f06434d31c4dc4eca431489

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
Filesize
18KB

MD5
46e6809a15942813ce0c56bd6029b830

SHA1
1f2327f63f0f4f3707821f25c9258679493ede22

SHA256
9e8683f3eee37a9eed9af434087dbcacd0cab9b6ef85b472c944350caafc3e7d

SHA512
c650e98bd8238abf465361096073d58c26fe34265a27cfc6fa6a0234c826dea6d5d2951b979e5eca917bbb220629625ac6fa44c758c840037cdd5c6a17dd142f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5a4d75.TMP
Filesize
1KB

MD5
b5603dbb6f7621b3ca309144b3965091

SHA1
bb0212423f268bea17f5d6822fcddea2cbbbe3e2

SHA256
4681d8598e5dd10eaca7e97e71cb331d15f93a74d8eaac2d49cddb52f9bdc0ff

SHA512
277d5f987a04277f8e9c90d95426451bff26bdf74481d6c40238269817ff175068feb6960ffb136fe238795f7a5a6e8b52dd3a7050228c34a79cd1cc38b7789b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\crs.pb
Filesize
278KB

MD5
981a9155cad975103b6a26acef33a866

SHA1
1965290a94d172c4def1ac7199736c26dccca33e

SHA256
971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

SHA512
2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb
Filesize
7KB

MD5
df3d937079b894c891f9b0b741874928

SHA1
ed93fc386807b3a28fcc7988a88ae4741bfe1b15

SHA256
c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

SHA512
5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb
Filesize
11KB

MD5
d43d041e531dc757a69a90cb657ef437

SHA1
09138b427565bc276cfd3ba9f59b0c8bad78e91d

SHA256
9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb

SHA512
476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising
Filesize
24KB

MD5
131857baba78228374284295fcab3d66

SHA1
180e53e0f9f08745f28207d1f7b394455cf41543

SHA256
b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49

SHA512
c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics
Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions
Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content
Filesize
6KB

MD5
97ea4c3bfaadcb4b176e18f536d8b925

SHA1
61f2eae05bf91d437da7a46a85cbaa13d5a7c7af

SHA256
72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554

SHA512
5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining
Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities
Filesize
68KB

MD5
571c13809cc4efaff6e0b650858b9744

SHA1
83e82a841f1565ad3c395cbc83cb5b0a1e83e132

SHA256
ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

SHA512
93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting
Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\LICENSE
Filesize
34KB

MD5
d32239bcb673463ab874e80d47fae504

SHA1
8624bcdae55baeef00cd11d5dfcfa60f68710a02

SHA256
8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903

SHA512
7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other
Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social
Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\TransparentAdvertisers
Filesize
105B

MD5
57d5a3548911886de2f3bd3172e808ed

SHA1
ca932af3b25f245ce931fbc6cf10299e5fbe35a7

SHA256
d2cd0bef5f45daf490c53e705d6f67dfe12390c72a00efa6f5117432bd8edb8c

SHA512
933194509d305b2a60b38c149ba1d74e142ef15647242b287844d263006d33ffa38b6ea263c89cb821a9277d41f0cfda95a0eda830f3a5ef8df5ba80d3bbc818

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising
Filesize
2KB

MD5
326ddffc1f869b14073a979c0a34d34d

SHA1
df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63

SHA256
d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb

SHA512
3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics
Filesize
432B

MD5
01f1f3c305218510ccd9aaa42aee9850

SHA1
fbf3e681409d9fb4d36cba1f865b5995de79118c

SHA256
62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620

SHA512
e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content
Filesize
48B

MD5
7b0b4a9aafc18cf64f4d4daf365d2d8d

SHA1
e9ed1ecbec6cccfefe00f9718c93db3d66851494

SHA256
0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43

SHA512
a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining
Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities
Filesize
42KB

MD5
f446eb7054a356d9e803420c8ec41256

SHA1
98a1606a2ba882106177307ae11ec76cfb1a07ee

SHA256
4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640

SHA512
3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting
Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\LICENSE
Filesize
66B

MD5
5b7baf861a48c045d997992424b5877b

SHA1
2b2bd9a13afe49748abf39faf9eb29ed658f066e

SHA256
44071e0fcffb9a9a32e8fa7010bb18dbc41afd0b176f81bf700b15b638a88a51

SHA512
4820b41aa5ff4d934a583e1f0b93b1512631102bb2dfdb74792a2f0dcf9907da7680c02a5ddd2492a1e6d58cdada3453d9e38bb8deab6ce831ff36a7f8de016c

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other
Filesize
91B

MD5
09cedaa60eab8c7d7644d81cf792fe76

SHA1
e68e199c88ea96fcb94b720f300f7098b65d1858

SHA256
c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975

SHA512
564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social
Filesize
3KB

MD5
318801ce3611c0d25c65b809dd9b5b3c

SHA1
b9d07f2aa9da1d83180dc24459093e20fe9cf1d8

SHA256
2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03

SHA512
7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging
Filesize
16KB

MD5
39bdf35ac4557a2d2a4efdeeb038723e

SHA1
9703ca8af3432b851cb5054036de32f8ba7b083f

SHA256
04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae

SHA512
732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Trust Protection Lists\1.0.0.26\manifest.fingerprint
Filesize
66B

MD5
fc8af1e27127535b4eea55c8c2285865

SHA1
dc9fb2a8fe358f84f4f2749460ef15507e7ecb07

SHA256
c76f988dee6149c0c21f7f657688a7fcaa20b0dc83881efe14d58d9be3f5236b

SHA512
ec847bd27383c37cd67d9204e5dc55256ca0303c0d7696558de650b569ef8f9eb747603180ae6561f884bbe6eb519a23c18fa4a646c43d58799f01744c2b9de3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\TrustTokenKeyCommitments\2024.6.20.1\keys.json
Filesize
6KB

MD5
595a80c921652ccf09afd0b196fe3a94

SHA1
e4ae3f8b880e57b64c6e899505a4ad1ec99d6d6b

SHA256
7d9965e3d4c47a32fa6d7b290704f22382b70b80e414ce091eb0b0964dc509a3

SHA512
0dec0a48f2d13100e07a114dd288370a4449cc347162d6febc8b9b1dc66dccacec6bee79b7d42123c12c7500881e31f30cab5ef3f77029493546cf262de583cb

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
Filesize
280B

MD5
ca63bc5a5a334f8301594a3500e0e4a6

SHA1
8005e375af72c2f2346676b32569a7111708d2c8

SHA256
caab04946857f5111808fefec2bb413fbc779b4471e7cbe694639747a02c57b1

SHA512
2c25be1eb7eb57acde3103c2cdd6e1cbb22f31aed655c9d0c5ad791ba1cfdb47b364d0b87071769e8e218524521b1bdffa463a71cf7883c30eab0a660542d4d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1776230876\manifest.fingerprint
Filesize
66B

MD5
7ce55ac0d7683657fd051e573ad06e30

SHA1
3bc51fbc6155c4e9d1439587e1c739995054cc52

SHA256
138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

SHA512
f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_1776230876\manifest.json
Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_384213398\manifest.json
Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_567709878\manifest.json
Filesize
79B

MD5
7a74e28cea0b1a8f1969ff4ef4430047

SHA1
11cbf0dd7060e36283dea377fdfb1105068eddda

SHA256
8fd032d30c7b9340e45428cfef8aa409a5df1f5a89be46ec0ab92e7ac53cc2ca

SHA512
f5cb2e55c0ef4e56fa12bfffe78829109214aa213c193da2e75a51d6bbf5bcaef1e74bb40e091abfded7bdb076b2c266212abeb05aaa87f4cfda804f581c2b0f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_703800876\manifest.json
Filesize
132B

MD5
e2e0e30a5061d2e813d389d776cd8ffd

SHA1
90913c06260b62534b42c0e28bac3082cdacd19c

SHA256
7f8c92b4e9da2afa5a089e37797036d18e61e4f02a4885b7887c0b98d464259f

SHA512
000727f5052c846e39c62ae90032db500708e5fec5af24b8cc1f3a9d4102bc7b9be025176f01722a7c72b5e8bf85b0084cab0ebeb00fde03928c4e22869c98cd

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_729410177\manifest.json
Filesize
102B

MD5
8062e1b9705b274fd46fcd2dd53efc81

SHA1
61912082d21780e22403555a43408c9a6cafc59a

SHA256
2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

SHA512
98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-as.hyb
Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-hi.hyb
Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\hyph-nb.hyb
Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_789022856\manifest.json
Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2628_92328960\manifest.json
Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
memory/560-1285-0x0000000000570000-0x00000000005A5000-memory.dmp

Filesize
212KB

Download
memory/2644-471-0x00007FF8B0DB0000-0x00007FF8B0DB1000-memory.dmp

Filesize
4KB

Download
memory/4492-389-0x00007FF8B0DB0000-0x00007FF8B0DB1000-memory.dmp

Filesize
4KB

Download
memory/4552-278-0x0000000000200000-0x0000000000235000-memory.dmp

Filesize
212KB

Download
memory/4552-339-0x0000000000200000-0x0000000000235000-memory.dmp

Filesize
212KB

Download
memory/4552-287-0x0000000073700000-0x0000000073910000-memory.dmp

Filesize
2.1MB

Download
memory/4552-279-0x0000000073700000-0x0000000073910000-memory.dmp

Filesize
2.1MB

Download
memory/4856-878-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-876-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-877-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-888-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-887-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-886-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-885-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-884-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-882-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4856-883-0x0000028605CA0000-0x0000028605CA1000-memory.dmp

Filesize
4KB

Download
memory/4876-344-0x00007FF88FEF0000-0x00007FF89043C000-memory.dmp

Filesize
5.3MB

Download
memory/4876-345-0x00007FF7CEE60000-0x00007FF7CFE60000-memory.dmp

Filesize
16.0MB

Download
memory/4876-346-0x00007FF89D180000-0x00007FF89D582000-memory.dmp

Filesize
4.0MB

Download