Malware Analysis Report

2025-03-14 22:36

Sample ID 240406-r3pdcadb92
Target RobloxPlayerLauncher.exe
SHA256 af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734
Tags
evasion spyware stealer trojan discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734

Threat Level: Likely malicious

The file RobloxPlayerLauncher.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion spyware stealer trojan discovery persistence

Sets file execution options in registry

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Registers COM server for autorun

Checks computer location settings

Checks installed software on the system

Checks whether UAC is enabled

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 14:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 14:43

Reported

2024-04-06 14:48

Platform

win7-20240221-en

Max time kernel

267s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\PermanentMarker-Regular.ttf C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperFramework\PageNavigation\button_control_end.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialGenerator\Materials\Ice.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\PathEditor\Tangent_Handle.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\meshes.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\MenuBarIcons\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\Sliders\gr-slide-bar-empty.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialManager\Gradient_Hover_DT.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\button_hover.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\icon_picker_disable_dark.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\wangIndex.dds C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\water\normal_01.dds C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AssetImport\btn_light_filepicker_28x28.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AudioPreview\play.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\RecordDown.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Help\ResetIcon.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\SpeakerLight\Unmuted60.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialGenerator\Materials\Marble.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\creations.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Slider.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\SelectOn.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\Misc\UnmuteAll.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ViewSelector\bottom_hover.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\sky\moon.jpg C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\CircleCutoutLarge.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\DarkPixel.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\import_selectImg_dark.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarCompatibilityPreviewer\bg_light.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Keyboard\close_button_selection.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\AccanthisADFStd-Regular.otf C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\img_eventMarker_border.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\XboxController\ButtonX.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Slider\More.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\TopBar\HealthBarTV.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\configs\DateTimeLocaleConfigs\it-it.json C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\PathEditor\Control_Point.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TagEditor\VisibilityOnDarkTheme.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\dialog_purpose_quest.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Radial\BottomRight.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\gr-item-selector.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\pebble\diffuse.dds C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\compositing\CompositRightLegBase.mesh C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Cursors\KeyboardMouse\IBeamCursor.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialManager\Favorites.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\RightButton.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\Unmuted20.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\SpeakerLight\Error.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VR\Radial\Icons\Backpack.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\transformFiveDegrees.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\ic-checkbox-off.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\Sliders\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperInspector\ToolbarIcon.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\ScrollBarBottom.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\ResetIcon.png C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe" C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1" C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1300 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
PID 1472 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5f4,0x5f8,0x5fc,0x5c8,0x604,0x698c44,0x698c54,0x698c64

C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe

C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=60fbaa906b1f866e4f443e8242ad94e1319ed1ef --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b8,0x5bc,0x5c0,0x594,0x5d0,0x15fdec8,0x15fded8,0x15fdee8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.qq.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.qq.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 setup-ak.rbxcdn.com udp
US 8.8.8.8:53 setup-ll.rbxcdn.com udp
US 8.8.8.8:53 setup-cfly.rbxcdn.com udp
US 8.8.8.8:53 setup-hw.rbxcdn.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
ES 3.160.231.34:443 setup.rbxcdn.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
ES 3.160.231.34:443 setup.rbxcdn.com tcp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\PCClientBootstrapper[1].json

MD5 cba4e37d2b13f0efe66a96453122d494
SHA1 a68d460683eea5ef3cd5c0003bbb46354652f7f0
SHA256 614dc46ab69f5f07992be9e4df35228d39ca43423fa2e52767822c3d0572fc05
SHA512 ee1cecfe66642e203b1f5e0e29e95631c628b5231d04097f82c8377ee622bbf710a1c492700f997a4c47a508007073307458748b4513816d95b475a77cc916b1

C:\Users\Admin\AppData\Local\Temp\Cab908E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57ca23294ea674cfac521f7373aeb8a3
SHA1 24b9fb53eddac6fa066c99566cebc14650a2ab63
SHA256 e1f9a1aa937f0fd171594b9dbd8a7c27e74ff2857bc4f451a5b201d06cebe003
SHA512 7cb39fd62014298388a49a3a0ea1c9201959ce271ec82c7e83b21af44ee1fe15edaa8716a533374b6109d1955290b63c6a24d178a6357beca6a5cc4b790dd139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 cb5c1b37e863532e1725fcc3a1e0d41a
SHA1 687e809d67ab00d0186dbc94f32360b63337cf0b
SHA256 947cd125806704ac752b9d72cb6ea5af1f5c689c38c59e7c537445514d29540b
SHA512 34d428d756784c117b99617f9746c8ba5afe300170487334804b062e6452cffdfb0430074a6dd935c1611f3bceaf8a5ff37d72affede65a0b9ffa3d5e422f98a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 4b794c0088725de4362c65d884cb01ba
SHA1 06741eba5210f4dde36bdcce88db09c53821b77b
SHA256 a19c5cefb2ed7437ab61148f46d7c704dfeebfa1dd988229a9ab0450cba39fe6
SHA512 6069c10cd7635e90febcef8c8f00e6ca70bae927c04a14d800a46face8dba288719197a8b3be63929984091c8608006a04a5ecc624441ea5d87669367b3577d8

C:\Users\Admin\AppData\Local\Temp\Tar91EA.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eec48af455f6ec0304a013e39d7d93e6
SHA1 db2da8d3a4e48ef746f09d9a385234b42b8cacfa
SHA256 2394da05f88ecab252e634cd19a9639e453df1167c1dbe55f40fb28b9752f938
SHA512 1c14a829c3f9290a0252940bc8f595fefb8d7eab056502cfed95c6ce245c8b6e2747d61282a08b8b8586c791e8810a8a1c0c2c02b26406c5417e142e884de596

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34e761af91cdeb5b545d210b632bc02d
SHA1 26bfd3755e129a24b228da00029004e944c7381d
SHA256 ff4ab888c446f1960a049d7d58ca8984d040bdc52f463928e1129a96c93f5225
SHA512 fcf95afd513b678b33599c350e2a3eb8e8507daf654e2dfea219334fb2157e5c53c5eb5968c7e16ea5db7138852552c97967a85ec43fe03476024553e2f7797f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 0edd390a9ee9f40e466c803a9b62ea8a
SHA1 614a61309859badbae8df3fd3cfda54762e2cae8
SHA256 c3fd50b460eda0bdb628a07078dc6902f9b5446216e12b900015e46f7306563b
SHA512 277b4bd3bb8823936d18fb9efb12261e579d1ba454a56285ff8160739656f7c8af3fb42ae9e8986290d8de055e0bc65c81fc5296afe36a8bb716858d6fd8b51a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 aa983455606cafe78b1bb79d875066e7
SHA1 190513f2ac18d44daa361d5fa406268bd1fda6af
SHA256 8ea9dbc9227b4f06644ff786e42b25a091b50ac73c422e0eb9ba6b13b0fc5c5b
SHA512 698d2904fa96df50b87cec02f406fe43e2c048cfb220484a5d6940e5f8ce8022f49287047aa6670160042a002044e5858344bedbc1aeec0c8ceb21013d8d93cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 4bde18d2f5b811fed86d03d6adc8286e
SHA1 63b6992b87267f42e1ce495db1fe41f0217db09c
SHA256 213737f3914c8d8ab9addf3452701855be5f6ac138ed962b29f16c5f250977fb
SHA512 4734ae474878ced5b76b998bf25f73eacf4a417443506e5e89bd05e4f847911dfdca56462270fd3a2c7e97f45bec210ae5347c722bf4d1ba682e2fae84496ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 a12215d224aa9a0bce0403a1e2d48d80
SHA1 46ffc513ed5a72b31a08b7b415664b6be0c88f1f
SHA256 30ebf56b2e961c2c0337363f0417494c000e1e3d7c6290a10a58f270af3271b8
SHA512 aecab16da7f48068a5aba1dbdd6a03dcdf9bdcf748455735cf043e11df591f5e5edbe9d769d23745acae4077eca9370d8bf9c90b08cf3f97a0098d5588d811a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\BatchIncrement[1].json

MD5 bedbf7d7d69748886e9b48f45c75fbbe
SHA1 aa0789d89bfbd44ca1bffe83851af95b6afb012c
SHA256 b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61
SHA512 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 928e9ebda5fd2053a6ac3dec2c70c7bd
SHA1 d2eedd1f6c82754f44aac8d30dbb76d883983ae6
SHA256 2d3b391de9acae0cfd0aaf5ffca2063510ff446c28c416c5b1c7726910372a2f
SHA512 04f8b4d38ed13fd07dff3d3297db52ade41644224279353d3f595d70ca9901891742015ab59da28496a9794c8c692d4c5b1085fde187e25dee9cd56c8a758538

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a650b9a7eb400415b4aeea95c4f1616
SHA1 f96ed9d3f85059ba8a705d1d3aaa8533bf89bdd1
SHA256 aa51ce0b1f4975e1b3fd8a8d9e3e2f6d26ca13cf41f5a664a59b667320527d95
SHA512 3ac037c7310f15c2e74b72902553977bbbb17a91f9364dc892b7bbb61859475184897294f6ed089a39565229a5efa8a8c39c99892fc1856e2f2fc1457d6fa1a5

\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe

MD5 f54b7571f1901e471133d4723140048a
SHA1 1076f97284ecb4e0b53be62af0c8de7bcef507f1
SHA256 32182938735b51764cb2b4f788a5ee316fbd56581aecb9698a77470981392b71
SHA512 df79b7b13d24e9f3c2fb8b62c58eb06e69f0dff88ecfe57190df1118f0c4e800dee7e6f10db41140c42bbf689405ba2a44f37521ba30679c866c195ef9732b2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4861f5b15da00b14d0cb24de3412043b
SHA1 872431aaea8fcb19f5875a6981910e4cfad9cc11
SHA256 059116d00a282e0e08a45c5b9d0e7f3aa233c5c3762867c234e7ffc57a35f5af
SHA512 a84e8de8a8b4bda5791a3430f82f7932c2cc912e70fd7e6f8d69a3500bee84a5ee400c8517d2594c0897324b9bf7f560eb024604bdb5ff31234362ba30bfc8ab

C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

MD5 464e6838abe376ed3311904f0bd7a1c9
SHA1 e1c62671b7ac304029254d1686c36d4650bca6e1
SHA256 684f27b8768561956c36bd78ed8caaf11b4719b18cd466fd289841ce0b02d4d9
SHA512 eb282bc5e7f95fc5b2b41b03c9ae37ce4c9aba3295f38651c7c33df028dd9ec36ab5fd4831285d6a53f28f71bd70c05cc0ac06d669e5d2000c502f585e44bf00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 ca6271ea1f2b3d9441a1b8b1c2ed15cb
SHA1 295ccbca55db90571d70b6b7921a56959fcf1e1a
SHA256 a4f5f3ba47ec3f583cce78d6569d29a0eee678e717e215a97b4e09e923336961
SHA512 27933d9db461d1c3fbad1e81dc0a413daf825288a64838ac8c0948b16f9575bb300b162b7b2affd2cc036a18a91030ea841964204fba035fd9197cd819181f32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 d59087cb5953a2284316dcc9682563fc
SHA1 c481d64d184de18444dbc9968b9149c3e60f1de0
SHA256 477522b7844f4649dd615db4c6205a7d757b681a38cc555b3b11f54b870541e6
SHA512 59a585b3e62971aba8204c8771316d41ef3fd836aca1589554c0a0d4d54b08f034a543a629549cb5b1d78a8dcb24fcf21463315b214a0c08e8a953ea0b4e4e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c8ce547c83881ae2e561a11a3d1b312
SHA1 f49e60d74cd540945ed082ead44d8418228cf04f
SHA256 8f3c47d530d44f38ec120f5e2b3a64a918f44618767d451a6dc128f9d72e8a66
SHA512 14ac03124cdd10d4dc42c6a54b1f4ecef6bbe2621380a9ee3a81b0bea55bcfbd847be8a7eb7ec9e4f56f500301303dc9d437654d3b97a084e2e1272052a4c38d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\WindowsPlayer[1].json

MD5 7a4f61c16994714c7d10abd10576f64d
SHA1 51a9595244bf96fcbef153cde2606d9cd4762384
SHA256 ef0f0903449e72b1bb72ad78f8a313b43863736996f08934f433f27c7c3672af
SHA512 4988214e504492db493af674dc07bdaad0e41fe780129a3669524dd9474a383f74bd30742cc6b8bd02fdd1dc247a5cdcfd4b8e2f307a5465378d6252c8bff862

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\version-8764cc9c84a5459a-rbxPkgManifest[1].txt

MD5 1c7b214e4eca77fde043a5e29bcfb295
SHA1 260a3512f06fe20b5838895fec47883efae9f758
SHA256 3f3ac87c23d98322c7a3faa1a9fad14da9562aacabd06daef9e6960ae9e23b94
SHA512 56226c74cff52bcaad4665dbae01ac1d0be55fdd0fed457544b46fab07100bd7d35955fe0e8f526188a09fb67ab10469f01761df30a60c22f2722c607be3a658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 074540d391479062c54a478d16da061f
SHA1 ba64224663e926ecae58b176761781d8054a20ca
SHA256 11c087265ef3d54c00d7c6f52b8024be61ce244360cff0f6498ec9b3c2f263ae
SHA512 acf7a0911930cb02ddb398576f8a5ba2e69f6560e0c9cf55d152506910444b97bab47878658f325b3c52310e0ad235392141f7884beb673e091b272a60c0d9dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 3cba3b57f5faeaac18f660bdf00f7c25
SHA1 21104b4abf6134c895f1f6d8148496e18724fd2c
SHA256 391b2b7685c0962929b65eb56682acc677f4ed5d093333f8e45d3e499bd820b9
SHA512 e910a1fa6add17de6344dec2e106a224869e78a75ca50fed99b5f502847f52f7bc790b8a2d3a56f56ccf03abcba5715fe20c284cddb1a78382c48bf790902e64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 caa69afc60129f8e6daf61f469ce54ec
SHA1 e55c75d0a4c564531ad16ff030758b630fd26a2f
SHA256 65759e50035df226452e6340b6d99aca1ea337bccafb3c6fafa13352f512f538
SHA512 15466aad605c96c77ff22d3fb7613fcf46c644142c6bb782aa2f1fd8d30fd02e89a142522b37190de37a0ceca9d01f8e1bf6d5496ca0bcb22d873893eb7a81a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 0f3734364fd6107c3897385bc7d689c8
SHA1 f4ec874e00d858d7aecf101a53de3309013ecc0c
SHA256 7f172daab6977a3636f0ae6d7e2cceb88429b293d3ccec22e556c003466938bb
SHA512 82f855cc3b28beced973dc5fe0e7190cbb5d5d399f9093cc9f4b63bff4becc502410f063fa3f98ca82010b4a6ba529629fca59b8995d91793df52df18586898c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 d5ba0623b36b5d1050f9ff3da64983cb
SHA1 7be9b5aba84322a9c3b7d9ef3dbfcc6ea74fbf96
SHA256 ce80ce96a335d89024fe6ad74214693cc16f334db0a65bf5c3be4f2706e11721
SHA512 51764a3792b2c675ab1b6148bc7421fe966baceb0bb7723c0c40029ae6ec595f0b2537c20d263a8b58d49911638d57ead731133cf17fe17e10036efac16b2a02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 73a3bd62102d1fb2a02460b50d637c94
SHA1 eb4b84d70ab299812b3b6c8ca65ea9b19acd7471
SHA256 a6e2bb47920cd3853f052e48ab67ea1830156123aa84ab3f22f467a7f5f36395
SHA512 3e08f3fb965a01384a5b3a481878b13e3a6a7b746807c66a245292864046ec47e5fcc53b438544f930c52620df7436feb8f901d15900fba7b3149f248f929a06

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

MD5 ae62ef723642e510c8b4947b4282ab7b
SHA1 81077adc6aa8bec313449ba3f6a9ace7215686b0
SHA256 f99809b75bf1c380dc7b84c64fcf91e450e3d1658a0b4697691655bd242d9a23
SHA512 ba7a35557269abdc921e2f0180577ef30bea4a3379bca47f97a331ad0aaa14214c0f8665a696615f82b00ea6b31d07fabfc802af5606e9238b15b430a9d3f358

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 14:43

Reported

2024-04-06 14:48

Platform

win10v2004-20240226-en

Max time kernel

300s

Max time network

285s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\ArrowExpanded.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\diamondplate\diffuse.dds C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Menu\buttonActive.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_vi.dll C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\families\RomanAntique.json C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Cursors\Gamepad\PointerOver.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialGenerator\Materials\Marble.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Help\YButtonLight.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\statusSuccess.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Input\Disk_padded.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\MenuBar\arrow_right.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\graphic\TopBottomBorder.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperFramework\slider_knob.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioPlayerEmulator\player_emulator_32.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\psuser_64.dll C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\Merriweather-Regular.ttf C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicDark\Unmuted60.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\heads\headJ.mesh C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TagEditor\Close.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\button_default.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\xboxmenu.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PerformanceStats\OvalKey.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\TopBar\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\LegacyRbxGui\Cement.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicDark\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\Misc\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_pwa_launcher.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\button_control_start.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\marketplace.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\terrain\reflection.dds C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\SearchOptions.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\ic-close-gray2.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_kn.dll C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\SourceSansPro-It.ttf C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\CollisionGroupsEditor\manage.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\mtrl_ground_2022.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicDark\Unmuted20.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\scrollbuttonUp_ds.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Players\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperFramework\PageNavigation\button_control_start.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ManageCollaborators\FriendIcon_light.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\whiteCircle.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\mtrl_brick.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\heads\headA.mesh C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\ScrollBarTop.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\button_hover.png C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\webview2_integration.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3124 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 3124 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 3124 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
PID 3124 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
PID 3124 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
PID 3124 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
PID 5108 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
PID 5108 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
PID 5108 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
PID 5108 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
PID 5108 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
PID 5108 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
PID 3012 wrote to memory of 3152 N/A C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe
PID 3012 wrote to memory of 3152 N/A C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe
PID 3012 wrote to memory of 3152 N/A C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2700 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2700 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2700 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2700 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2700 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2700 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 3152 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 3152 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4932 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4932 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4932 wrote to memory of 2924 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4932 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe
PID 4932 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe
PID 2960 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe
PID 2960 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe
PID 4952 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe
PID 4952 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe
PID 4932 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4932 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4932 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Processes

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x794,0x78c,0x778,0x784,0x7c0,0xbd8c44,0xbd8c54,0xbd8c64

C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe

"C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe"

C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe

C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=60fbaa906b1f866e4f443e8242ad94e1319ed1ef --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5d4,0x5d8,0x5dc,0x5b0,0x610,0x10cdec8,0x10cded8,0x10cdee8

C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkVCMDlCMzYtQkZDNy00QTFELTk2NDktQjM4OUQzNzIzOTQyfSIgdXNlcmlkPSJ7OEQwREM5MUEtRkZGRC00RkIxLTlERUQtNUU1QzJGQUU5MEZBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszRDA2OEQxMC1DQTA4LTQxN0EtODFCMi0xMzk3ODA4REFFRjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDc2NzkzNTk4IiBpbnN0YWxsX3RpbWVfbXM9IjE1NDIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{FEB09B36-BFC7-4A1D-9649-B389D3723942}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkVCMDlCMzYtQkZDNy00QTFELTk2NDktQjM4OUQzNzIzOTQyfSIgdXNlcmlkPSJ7OEQwREM5MUEtRkZGRC00RkIxLTlERUQtNUU1QzJGQUU5MEZBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMTU5MkU3RS1FNkQ0LTQ2QzYtOEYzQS1CREI2MTA1MzQ3M0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDg2ODIyNjIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff75072baf8,0x7ff75072bb04,0x7ff75072bb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkVCMDlCMzYtQkZDNy00QTFELTk2NDktQjM4OUQzNzIzOTQyfSIgdXNlcmlkPSJ7OEQwREM5MUEtRkZGRC00RkIxLTlERUQtNUU1QzJGQUU5MEZBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0NkQyRTg4RC1FOEU0LTQwMTEtODZCRi1GRjI5N0YyQzk3Nzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxMDc2NjMwODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTA3OTU0MDExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2NDM3MjkzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMwMTk0NzAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9a2ZYQzQ4dW92NEdmVjEwakdFMTNyQXo2MDclMmJVQkVpbjI3bEJCdEpGaE5YY1dtQkh4NnI0JTJiJTJiYm8yTzF4ckI3VEx0SEhqSlh1cDRxeE5Ob05kTDg0YnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwODY3NDQiIHRvdGFsPSIxNzIwODY3NDQiIGRvd25sb2FkX3RpbWVfbXM9IjI1MDU5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2NDYyMzI1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0OTExODMxOTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxNzE5MDQyNTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMjQ2IiBkb3dubG9hZF90aW1lX21zPSIzNTYzNiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2ODA1NCIvPjwvYXBwPjwvcmVxdWVzdD4

Network

Country Destination Domain Proto
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 233.69.68.104.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.qq.com udp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.qq.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 setup-ak.rbxcdn.com udp
US 8.8.8.8:53 setup-ll.rbxcdn.com udp
US 8.8.8.8:53 setup-cfly.rbxcdn.com udp
US 8.8.8.8:53 4.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 setup-hw.rbxcdn.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
ES 3.160.231.64:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 64.231.160.3.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 72.122.157.108.in-addr.arpa udp
US 8.8.8.8:53 224.244.67.18.in-addr.arpa udp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup-ll.rbxcdn.com udp
US 8.8.8.8:53 setup-hw.rbxcdn.com udp
ES 3.160.231.64:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 89.58.114.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
NL 104.109.143.5:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 5.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
DE 128.116.44.4:443 ephemeralcounters.api.roblox.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OCSF5S5B\PCClientBootstrapper[1].json

MD5 cba4e37d2b13f0efe66a96453122d494
SHA1 a68d460683eea5ef3cd5c0003bbb46354652f7f0
SHA256 614dc46ab69f5f07992be9e4df35228d39ca43423fa2e52767822c3d0572fc05
SHA512 ee1cecfe66642e203b1f5e0e29e95631c628b5231d04097f82c8377ee622bbf710a1c492700f997a4c47a508007073307458748b4513816d95b475a77cc916b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 0edd390a9ee9f40e466c803a9b62ea8a
SHA1 614a61309859badbae8df3fd3cfda54762e2cae8
SHA256 c3fd50b460eda0bdb628a07078dc6902f9b5446216e12b900015e46f7306563b
SHA512 277b4bd3bb8823936d18fb9efb12261e579d1ba454a56285ff8160739656f7c8af3fb42ae9e8986290d8de055e0bc65c81fc5296afe36a8bb716858d6fd8b51a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 f7f6bc69b91a95870c4f8a794ef47009
SHA1 c1e8602fbb4e296e8031a4bce6104f620eaa8299
SHA256 b2bb33ff2ec2cb9e5403cd5e49c10c1b8de1c35670ec9ae72a2a64b22be1c246
SHA512 d8af3128d95f24cd71c0e5ce7e3be3eb17769d60003d4548e2c6ac1d66a1e2be7b4645eddd7a816d4fdd0ad70a8586a89e5c2adcb5d25e3ff98ae522be8ec7c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 4bde18d2f5b811fed86d03d6adc8286e
SHA1 63b6992b87267f42e1ce495db1fe41f0217db09c
SHA256 213737f3914c8d8ab9addf3452701855be5f6ac138ed962b29f16c5f250977fb
SHA512 4734ae474878ced5b76b998bf25f73eacf4a417443506e5e89bd05e4f847911dfdca56462270fd3a2c7e97f45bec210ae5347c722bf4d1ba682e2fae84496ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 cef12f9a9ea2987455f87b9b826333ca
SHA1 793b0fc2cd8f441c8f7ffd2a19fd3ab68963a93e
SHA256 2bb56d7a8fbef8b918c0815c35f1c4fb32a4135c516f025b15c179d3ee411d8a
SHA512 5906dffdd0897010920b8b7ef65b24da18629480521da5c9148238671f58602710d07266444f5c4c75e0ad2bd514fd88678339a7e6c723c7ccae12f9664599cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C52098XD\BatchIncrement[1].json

MD5 bedbf7d7d69748886e9b48f45c75fbbe
SHA1 aa0789d89bfbd44ca1bffe83851af95b6afb012c
SHA256 b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61
SHA512 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe

MD5 f54b7571f1901e471133d4723140048a
SHA1 1076f97284ecb4e0b53be62af0c8de7bcef507f1
SHA256 32182938735b51764cb2b4f788a5ee316fbd56581aecb9698a77470981392b71
SHA512 df79b7b13d24e9f3c2fb8b62c58eb06e69f0dff88ecfe57190df1118f0c4e800dee7e6f10db41140c42bbf689405ba2a44f37521ba30679c866c195ef9732b2f

C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

MD5 358ea9db6755c9fe2f1e9aa3b8582be3
SHA1 6f0412022821f7a81d1b78f37893e3df59120a30
SHA256 1461efa1402bfa8d12d3865ad8a15a4080fb29bb835fd30452bbc28adaf106e6
SHA512 b445de70d386136c193c2d60bbad53efdec21a10a3415326d002b4c2e48996c1b747e02eb99ea127746afc541a71e4a5f7e72cc130015eb3696a8e044ef71bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 dea771ee56acc4c70b7786d3235f1ba0
SHA1 18ffd79cc9f08d1de24b48de22f3e2e1a9d19fea
SHA256 7d5f4857ffeec794a3ace4d380d300e3186063a3a03f1eac43c4c8812ad30404
SHA512 dcdf7b6888d0099fe005ffebec15713b9962b3c91b275f976ac6d7c1a717241cb4a16eb016d3bcad96778c22e688d95fb440cce9241f1d7a10852c26f6ea50a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7TWCMRP\WindowsPlayer[1].json

MD5 7a4f61c16994714c7d10abd10576f64d
SHA1 51a9595244bf96fcbef153cde2606d9cd4762384
SHA256 ef0f0903449e72b1bb72ad78f8a313b43863736996f08934f433f27c7c3672af
SHA512 4988214e504492db493af674dc07bdaad0e41fe780129a3669524dd9474a383f74bd30742cc6b8bd02fdd1dc247a5cdcfd4b8e2f307a5465378d6252c8bff862

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C52098XD\version-8764cc9c84a5459a-rbxPkgManifest[1].txt

MD5 1c7b214e4eca77fde043a5e29bcfb295
SHA1 260a3512f06fe20b5838895fec47883efae9f758
SHA256 3f3ac87c23d98322c7a3faa1a9fad14da9562aacabd06daef9e6960ae9e23b94
SHA512 56226c74cff52bcaad4665dbae01ac1d0be55fdd0fed457544b46fab07100bd7d35955fe0e8f526188a09fb67ab10469f01761df30a60c22f2722c607be3a658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 074540d391479062c54a478d16da061f
SHA1 ba64224663e926ecae58b176761781d8054a20ca
SHA256 11c087265ef3d54c00d7c6f52b8024be61ce244360cff0f6498ec9b3c2f263ae
SHA512 acf7a0911930cb02ddb398576f8a5ba2e69f6560e0c9cf55d152506910444b97bab47878658f325b3c52310e0ad235392141f7884beb673e091b272a60c0d9dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 0f3734364fd6107c3897385bc7d689c8
SHA1 f4ec874e00d858d7aecf101a53de3309013ecc0c
SHA256 7f172daab6977a3636f0ae6d7e2cceb88429b293d3ccec22e556c003466938bb
SHA512 82f855cc3b28beced973dc5fe0e7190cbb5d5d399f9093cc9f4b63bff4becc502410f063fa3f98ca82010b4a6ba529629fca59b8995d91793df52df18586898c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 9db289004e7417dd2657adae72d1c6b8
SHA1 a16f1260c71a295a2b7143095102075ed3a97f7d
SHA256 aca9069e12967a70fd3ae001a323d0fd3342abe677eacdf2bb7341d3b15edda0
SHA512 00ebec90fc0c77dd6c3eed228f4763738c6d7b14c6797c9783a5d6406ecc930a8286728e2d26d65d07b7b298ff4ebc1b72747f07b6133107e319680c149abaf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 3cba3b57f5faeaac18f660bdf00f7c25
SHA1 21104b4abf6134c895f1f6d8148496e18724fd2c
SHA256 391b2b7685c0962929b65eb56682acc677f4ed5d093333f8e45d3e499bd820b9
SHA512 e910a1fa6add17de6344dec2e106a224869e78a75ca50fed99b5f502847f52f7bc790b8a2d3a56f56ccf03abcba5715fe20c284cddb1a78382c48bf790902e64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 4575712d106138690579db3228787d36
SHA1 60fd1643483eef191c2cc6de42290b3d1e86e9c1
SHA256 acc334a2a9cb3fbd0c673e8596c5547e43dd629a3e354e74eebf31c48380d9ef
SHA512 b3947c66b5a23508de91d417d3576fa7482b77001cca344fbb2eb24f88420b79ba06256068f5c332fd9c2a1e985a60324c35b9d769beecaf505e917b8f5970bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 59c6d7009cf2633a8eedd130334e71a0
SHA1 29e7be31cb4f459c97fbc6b27eda5b87817feccd
SHA256 e955708aa488d1d7f29a2b8af60161baecf9702ac0919b0e287d01fa8eb5ebed
SHA512 06526a602db528dc4041214441a65e661620ae8a707ae52cc4fb3fea98057a27cf4b48a03a5defe60f7ac0a71c9734682a82e349832e227bfe1e5c196db70d49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 6562bdfe1e0119e62a751dbf31afd99b
SHA1 f2b700ea8d7cf0536adc7c01f9dd20f0db850bac
SHA256 ef809fbc32653d1e37c5a7b8c8c1bae375ff8296d05c2a2d4917dadb7b4c1aaf
SHA512 01aa8a74fe4dc453f1c25c4f6df9483c48ff2a9d0ecf6c367d146e21e4aacc59ad4b0cf14d293780a1af2b0c9a587e0cf5c89dfce0b71bab1733b7ccb29c48e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 cb5c1b37e863532e1725fcc3a1e0d41a
SHA1 687e809d67ab00d0186dbc94f32360b63337cf0b
SHA256 947cd125806704ac752b9d72cb6ea5af1f5c689c38c59e7c537445514d29540b
SHA512 34d428d756784c117b99617f9746c8ba5afe300170487334804b062e6452cffdfb0430074a6dd935c1611f3bceaf8a5ff37d72affede65a0b9ffa3d5e422f98a

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

MD5 ae62ef723642e510c8b4947b4282ab7b
SHA1 81077adc6aa8bec313449ba3f6a9ace7215686b0
SHA256 f99809b75bf1c380dc7b84c64fcf91e450e3d1658a0b4697691655bd242d9a23
SHA512 ba7a35557269abdc921e2f0180577ef30bea4a3379bca47f97a331ad0aaa14214c0f8665a696615f82b00ea6b31d07fabfc802af5606e9238b15b430a9d3f358

C:\ProgramData\Roblox\Downloads\roblox-player\666f69bae6e56a62b7af6cb8496f677f

MD5 666f69bae6e56a62b7af6cb8496f677f
SHA1 ae052de936deeebe5fb8d8c059eb84fa38707c4d
SHA256 586adc8fe02d5ac562fbc338df3555732d9d0b77db7cad306aadec22447ce6f8
SHA512 ee479171bf4dbc0b7d690202e0a6c09ba88cac1a1a34e4f115c9d0c65f1ca752cf3d180d6047fa1066da933a48e8cac070d4f1dceec8abfd8ee1ab3590ff50ee

C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_gl.dll

MD5 84a1cea9a31be831155aa1e12518e446
SHA1 670f4edd4dc8df97af8925f56241375757afb3da
SHA256 e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57
SHA512 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 32cfcd19361d5e2c1c4dbea6fc2906d5
SHA1 1242d5847916a5495d608c5c37a65e6ebd8825bb
SHA256 96a59efa2a16851f9d15550e9397a556c7efec15316645aa55a2c068a2d7ec6e
SHA512 7ca438d22ad178269f30e5ce88b4d41ca93e3b02ea8fb31ea8447c3da8621dcd17f3fa9a2b1d42ab45d10800187af213215d6feb78e1a3bac5cd0e9dbc173e47

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe

MD5 cf5144a59c3b26558c05a5226c4b53fe
SHA1 bcf541fbd1bf0168a2d63ead5b06d8918b89b296
SHA256 3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea
SHA512 2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 d9919f617eb47c1495496257719ffac7
SHA1 d39352cd4238c76824eebbd43c76d08f979ca1db
SHA256 ee97d92e25abcf28922d504f9b3cf9a8d5b73d12f82f7c56c01619801308e630
SHA512 4283969a55f91bf7e97d5bb98d5bf9d5bf4665b8291c111faec5af729d34c4e86875825367ee44714a21f100b8ae140b5af2abc365118db3704ac106d20caddd

C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe

MD5 149e6b831dee17cc2122c64124654b5a
SHA1 c4f67f0781345cfc6fdfc5670dcbecf3848afee2
SHA256 3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40
SHA512 679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085