Analysis Overview
SHA256
af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734
Threat Level: Likely malicious
The file RobloxPlayerLauncher.exe was found to be: Likely malicious.
Malicious Activity Summary
Sets file execution options in registry
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Registers COM server for autorun
Checks computer location settings
Checks installed software on the system
Checks whether UAC is enabled
Checks system information in the registry
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Modifies system certificate store
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 14:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 14:43
Reported
2024-04-06 14:48
Platform
win7-20240221-en
Max time kernel
267s
Max time network
304s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\PermanentMarker-Regular.ttf | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperFramework\PageNavigation\button_control_end.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialGenerator\Materials\Ice.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\PathEditor\Tangent_Handle.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\meshes.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\MenuBarIcons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\Sliders\gr-slide-bar-empty.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialManager\Gradient_Hover_DT.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\button_hover.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\icon_picker_disable_dark.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\wangIndex.dds | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\water\normal_01.dds | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AssetImport\btn_light_filepicker_28x28.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AudioPreview\play.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\RecordDown.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Help\ResetIcon.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\SpeakerLight\Unmuted60.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialGenerator\Materials\Marble.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\creations.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Slider.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\SelectOn.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\Misc\UnmuteAll.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ViewSelector\bottom_hover.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\sky\moon.jpg | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\CircleCutoutLarge.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\DarkPixel.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\import_selectImg_dark.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarCompatibilityPreviewer\bg_light.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Keyboard\close_button_selection.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\AccanthisADFStd-Regular.otf | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\img_eventMarker_border.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\XboxController\ButtonX.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Slider\More.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\TopBar\HealthBarTV.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\configs\DateTimeLocaleConfigs\it-it.json | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\PathEditor\Control_Point.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TagEditor\VisibilityOnDarkTheme.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\dialog_purpose_quest.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Radial\BottomRight.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\gr-item-selector.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\pebble\diffuse.dds | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\compositing\CompositRightLegBase.mesh | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Cursors\KeyboardMouse\IBeamCursor.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialManager\Favorites.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\RightButton.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\Unmuted20.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\SpeakerLight\Error.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VR\Radial\Icons\Backpack.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\transformFiveDegrees.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\ic-checkbox-off.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AvatarEditorImages\Sliders\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperInspector\ToolbarIcon.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\ScrollBarBottom.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\ResetIcon.png | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe" | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5f4,0x5f8,0x5fc,0x5c8,0x604,0x698c44,0x698c54,0x698c64
C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=60fbaa906b1f866e4f443e8242ad94e1319ed1ef --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5b8,0x5bc,0x5c0,0x594,0x5d0,0x15fdec8,0x15fded8,0x15fdee8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | ephemeralcounters.api.roblox.com | udp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.qq.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.qq.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | setup-ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-ll.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-hw.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| ES | 3.160.231.34:443 | setup.rbxcdn.com | tcp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| ES | 3.160.231.34:443 | setup.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\PCClientBootstrapper[1].json
| MD5 | cba4e37d2b13f0efe66a96453122d494 |
| SHA1 | a68d460683eea5ef3cd5c0003bbb46354652f7f0 |
| SHA256 | 614dc46ab69f5f07992be9e4df35228d39ca43423fa2e52767822c3d0572fc05 |
| SHA512 | ee1cecfe66642e203b1f5e0e29e95631c628b5231d04097f82c8377ee622bbf710a1c492700f997a4c47a508007073307458748b4513816d95b475a77cc916b1 |
C:\Users\Admin\AppData\Local\Temp\Cab908E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57ca23294ea674cfac521f7373aeb8a3 |
| SHA1 | 24b9fb53eddac6fa066c99566cebc14650a2ab63 |
| SHA256 | e1f9a1aa937f0fd171594b9dbd8a7c27e74ff2857bc4f451a5b201d06cebe003 |
| SHA512 | 7cb39fd62014298388a49a3a0ea1c9201959ce271ec82c7e83b21af44ee1fe15edaa8716a533374b6109d1955290b63c6a24d178a6357beca6a5cc4b790dd139 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | cb5c1b37e863532e1725fcc3a1e0d41a |
| SHA1 | 687e809d67ab00d0186dbc94f32360b63337cf0b |
| SHA256 | 947cd125806704ac752b9d72cb6ea5af1f5c689c38c59e7c537445514d29540b |
| SHA512 | 34d428d756784c117b99617f9746c8ba5afe300170487334804b062e6452cffdfb0430074a6dd935c1611f3bceaf8a5ff37d72affede65a0b9ffa3d5e422f98a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 4b794c0088725de4362c65d884cb01ba |
| SHA1 | 06741eba5210f4dde36bdcce88db09c53821b77b |
| SHA256 | a19c5cefb2ed7437ab61148f46d7c704dfeebfa1dd988229a9ab0450cba39fe6 |
| SHA512 | 6069c10cd7635e90febcef8c8f00e6ca70bae927c04a14d800a46face8dba288719197a8b3be63929984091c8608006a04a5ecc624441ea5d87669367b3577d8 |
C:\Users\Admin\AppData\Local\Temp\Tar91EA.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eec48af455f6ec0304a013e39d7d93e6 |
| SHA1 | db2da8d3a4e48ef746f09d9a385234b42b8cacfa |
| SHA256 | 2394da05f88ecab252e634cd19a9639e453df1167c1dbe55f40fb28b9752f938 |
| SHA512 | 1c14a829c3f9290a0252940bc8f595fefb8d7eab056502cfed95c6ce245c8b6e2747d61282a08b8b8586c791e8810a8a1c0c2c02b26406c5417e142e884de596 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34e761af91cdeb5b545d210b632bc02d |
| SHA1 | 26bfd3755e129a24b228da00029004e944c7381d |
| SHA256 | ff4ab888c446f1960a049d7d58ca8984d040bdc52f463928e1129a96c93f5225 |
| SHA512 | fcf95afd513b678b33599c350e2a3eb8e8507daf654e2dfea219334fb2157e5c53c5eb5968c7e16ea5db7138852552c97967a85ec43fe03476024553e2f7797f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 0edd390a9ee9f40e466c803a9b62ea8a |
| SHA1 | 614a61309859badbae8df3fd3cfda54762e2cae8 |
| SHA256 | c3fd50b460eda0bdb628a07078dc6902f9b5446216e12b900015e46f7306563b |
| SHA512 | 277b4bd3bb8823936d18fb9efb12261e579d1ba454a56285ff8160739656f7c8af3fb42ae9e8986290d8de055e0bc65c81fc5296afe36a8bb716858d6fd8b51a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | aa983455606cafe78b1bb79d875066e7 |
| SHA1 | 190513f2ac18d44daa361d5fa406268bd1fda6af |
| SHA256 | 8ea9dbc9227b4f06644ff786e42b25a091b50ac73c422e0eb9ba6b13b0fc5c5b |
| SHA512 | 698d2904fa96df50b87cec02f406fe43e2c048cfb220484a5d6940e5f8ce8022f49287047aa6670160042a002044e5858344bedbc1aeec0c8ceb21013d8d93cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 4bde18d2f5b811fed86d03d6adc8286e |
| SHA1 | 63b6992b87267f42e1ce495db1fe41f0217db09c |
| SHA256 | 213737f3914c8d8ab9addf3452701855be5f6ac138ed962b29f16c5f250977fb |
| SHA512 | 4734ae474878ced5b76b998bf25f73eacf4a417443506e5e89bd05e4f847911dfdca56462270fd3a2c7e97f45bec210ae5347c722bf4d1ba682e2fae84496ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | a12215d224aa9a0bce0403a1e2d48d80 |
| SHA1 | 46ffc513ed5a72b31a08b7b415664b6be0c88f1f |
| SHA256 | 30ebf56b2e961c2c0337363f0417494c000e1e3d7c6290a10a58f270af3271b8 |
| SHA512 | aecab16da7f48068a5aba1dbdd6a03dcdf9bdcf748455735cf043e11df591f5e5edbe9d769d23745acae4077eca9370d8bf9c90b08cf3f97a0098d5588d811a5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\BatchIncrement[1].json
| MD5 | bedbf7d7d69748886e9b48f45c75fbbe |
| SHA1 | aa0789d89bfbd44ca1bffe83851af95b6afb012c |
| SHA256 | b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61 |
| SHA512 | 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 928e9ebda5fd2053a6ac3dec2c70c7bd |
| SHA1 | d2eedd1f6c82754f44aac8d30dbb76d883983ae6 |
| SHA256 | 2d3b391de9acae0cfd0aaf5ffca2063510ff446c28c416c5b1c7726910372a2f |
| SHA512 | 04f8b4d38ed13fd07dff3d3297db52ade41644224279353d3f595d70ca9901891742015ab59da28496a9794c8c692d4c5b1085fde187e25dee9cd56c8a758538 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a650b9a7eb400415b4aeea95c4f1616 |
| SHA1 | f96ed9d3f85059ba8a705d1d3aaa8533bf89bdd1 |
| SHA256 | aa51ce0b1f4975e1b3fd8a8d9e3e2f6d26ca13cf41f5a664a59b667320527d95 |
| SHA512 | 3ac037c7310f15c2e74b72902553977bbbb17a91f9364dc892b7bbb61859475184897294f6ed089a39565229a5efa8a8c39c99892fc1856e2f2fc1457d6fa1a5 |
\Users\Admin\AppData\Local\Temp\RBX-D6082C09\RobloxPlayerLauncher.exe
| MD5 | f54b7571f1901e471133d4723140048a |
| SHA1 | 1076f97284ecb4e0b53be62af0c8de7bcef507f1 |
| SHA256 | 32182938735b51764cb2b4f788a5ee316fbd56581aecb9698a77470981392b71 |
| SHA512 | df79b7b13d24e9f3c2fb8b62c58eb06e69f0dff88ecfe57190df1118f0c4e800dee7e6f10db41140c42bbf689405ba2a44f37521ba30679c866c195ef9732b2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4861f5b15da00b14d0cb24de3412043b |
| SHA1 | 872431aaea8fcb19f5875a6981910e4cfad9cc11 |
| SHA256 | 059116d00a282e0e08a45c5b9d0e7f3aa233c5c3762867c234e7ffc57a35f5af |
| SHA512 | a84e8de8a8b4bda5791a3430f82f7932c2cc912e70fd7e6f8d69a3500bee84a5ee400c8517d2594c0897324b9bf7f560eb024604bdb5ff31234362ba30bfc8ab |
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
| MD5 | 464e6838abe376ed3311904f0bd7a1c9 |
| SHA1 | e1c62671b7ac304029254d1686c36d4650bca6e1 |
| SHA256 | 684f27b8768561956c36bd78ed8caaf11b4719b18cd466fd289841ce0b02d4d9 |
| SHA512 | eb282bc5e7f95fc5b2b41b03c9ae37ce4c9aba3295f38651c7c33df028dd9ec36ab5fd4831285d6a53f28f71bd70c05cc0ac06d669e5d2000c502f585e44bf00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | ca6271ea1f2b3d9441a1b8b1c2ed15cb |
| SHA1 | 295ccbca55db90571d70b6b7921a56959fcf1e1a |
| SHA256 | a4f5f3ba47ec3f583cce78d6569d29a0eee678e717e215a97b4e09e923336961 |
| SHA512 | 27933d9db461d1c3fbad1e81dc0a413daf825288a64838ac8c0948b16f9575bb300b162b7b2affd2cc036a18a91030ea841964204fba035fd9197cd819181f32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | d59087cb5953a2284316dcc9682563fc |
| SHA1 | c481d64d184de18444dbc9968b9149c3e60f1de0 |
| SHA256 | 477522b7844f4649dd615db4c6205a7d757b681a38cc555b3b11f54b870541e6 |
| SHA512 | 59a585b3e62971aba8204c8771316d41ef3fd836aca1589554c0a0d4d54b08f034a543a629549cb5b1d78a8dcb24fcf21463315b214a0c08e8a953ea0b4e4e11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c8ce547c83881ae2e561a11a3d1b312 |
| SHA1 | f49e60d74cd540945ed082ead44d8418228cf04f |
| SHA256 | 8f3c47d530d44f38ec120f5e2b3a64a918f44618767d451a6dc128f9d72e8a66 |
| SHA512 | 14ac03124cdd10d4dc42c6a54b1f4ecef6bbe2621380a9ee3a81b0bea55bcfbd847be8a7eb7ec9e4f56f500301303dc9d437654d3b97a084e2e1272052a4c38d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\WindowsPlayer[1].json
| MD5 | 7a4f61c16994714c7d10abd10576f64d |
| SHA1 | 51a9595244bf96fcbef153cde2606d9cd4762384 |
| SHA256 | ef0f0903449e72b1bb72ad78f8a313b43863736996f08934f433f27c7c3672af |
| SHA512 | 4988214e504492db493af674dc07bdaad0e41fe780129a3669524dd9474a383f74bd30742cc6b8bd02fdd1dc247a5cdcfd4b8e2f307a5465378d6252c8bff862 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\version-8764cc9c84a5459a-rbxPkgManifest[1].txt
| MD5 | 1c7b214e4eca77fde043a5e29bcfb295 |
| SHA1 | 260a3512f06fe20b5838895fec47883efae9f758 |
| SHA256 | 3f3ac87c23d98322c7a3faa1a9fad14da9562aacabd06daef9e6960ae9e23b94 |
| SHA512 | 56226c74cff52bcaad4665dbae01ac1d0be55fdd0fed457544b46fab07100bd7d35955fe0e8f526188a09fb67ab10469f01761df30a60c22f2722c607be3a658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 074540d391479062c54a478d16da061f |
| SHA1 | ba64224663e926ecae58b176761781d8054a20ca |
| SHA256 | 11c087265ef3d54c00d7c6f52b8024be61ce244360cff0f6498ec9b3c2f263ae |
| SHA512 | acf7a0911930cb02ddb398576f8a5ba2e69f6560e0c9cf55d152506910444b97bab47878658f325b3c52310e0ad235392141f7884beb673e091b272a60c0d9dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 3cba3b57f5faeaac18f660bdf00f7c25 |
| SHA1 | 21104b4abf6134c895f1f6d8148496e18724fd2c |
| SHA256 | 391b2b7685c0962929b65eb56682acc677f4ed5d093333f8e45d3e499bd820b9 |
| SHA512 | e910a1fa6add17de6344dec2e106a224869e78a75ca50fed99b5f502847f52f7bc790b8a2d3a56f56ccf03abcba5715fe20c284cddb1a78382c48bf790902e64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | caa69afc60129f8e6daf61f469ce54ec |
| SHA1 | e55c75d0a4c564531ad16ff030758b630fd26a2f |
| SHA256 | 65759e50035df226452e6340b6d99aca1ea337bccafb3c6fafa13352f512f538 |
| SHA512 | 15466aad605c96c77ff22d3fb7613fcf46c644142c6bb782aa2f1fd8d30fd02e89a142522b37190de37a0ceca9d01f8e1bf6d5496ca0bcb22d873893eb7a81a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 0f3734364fd6107c3897385bc7d689c8 |
| SHA1 | f4ec874e00d858d7aecf101a53de3309013ecc0c |
| SHA256 | 7f172daab6977a3636f0ae6d7e2cceb88429b293d3ccec22e556c003466938bb |
| SHA512 | 82f855cc3b28beced973dc5fe0e7190cbb5d5d399f9093cc9f4b63bff4becc502410f063fa3f98ca82010b4a6ba529629fca59b8995d91793df52df18586898c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d5ba0623b36b5d1050f9ff3da64983cb |
| SHA1 | 7be9b5aba84322a9c3b7d9ef3dbfcc6ea74fbf96 |
| SHA256 | ce80ce96a335d89024fe6ad74214693cc16f334db0a65bf5c3be4f2706e11721 |
| SHA512 | 51764a3792b2c675ab1b6148bc7421fe966baceb0bb7723c0c40029ae6ec595f0b2537c20d263a8b58d49911638d57ead731133cf17fe17e10036efac16b2a02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 73a3bd62102d1fb2a02460b50d637c94 |
| SHA1 | eb4b84d70ab299812b3b6c8ca65ea9b19acd7471 |
| SHA256 | a6e2bb47920cd3853f052e48ab67ea1830156123aa84ab3f22f467a7f5f36395 |
| SHA512 | 3e08f3fb965a01384a5b3a481878b13e3a6a7b746807c66a245292864046ec47e5fcc53b438544f930c52620df7436feb8f901d15900fba7b3149f248f929a06 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
| MD5 | ae62ef723642e510c8b4947b4282ab7b |
| SHA1 | 81077adc6aa8bec313449ba3f6a9ace7215686b0 |
| SHA256 | f99809b75bf1c380dc7b84c64fcf91e450e3d1658a0b4697691655bd242d9a23 |
| SHA512 | ba7a35557269abdc921e2f0180577ef30bea4a3379bca47f97a331ad0aaa14214c0f8665a696615f82b00ea6b31d07fabfc802af5606e9238b15b430a9d3f358 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 14:43
Reported
2024-04-06 14:48
Platform
win10v2004-20240226-en
Max time kernel
300s
Max time network
285s
Command Line
Signatures
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\ArrowExpanded.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\diamondplate\diffuse.dds | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Menu\buttonActive.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_vi.dll | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedgewebview2.exe.sig | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\families\RomanAntique.json | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Cursors\Gamepad\PointerOver.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialGenerator\Materials\Marble.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Help\YButtonLight.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\statusSuccess.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Input\Disk_padded.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\MenuBar\arrow_right.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\graphic\TopBottomBorder.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\cy.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperFramework\slider_knob.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioPlayerEmulator\player_emulator_32.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\psuser_64.dll | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\Merriweather-Regular.ttf | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicDark\Unmuted60.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\heads\headJ.mesh | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TagEditor\Close.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\gl.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\button_default.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\xboxmenu.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PerformanceStats\OvalKey.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\LegacyRbxGui\Cement.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\Misc\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_pwa_launcher.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\button_control_start.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\marketplace.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\terrain\reflection.dds | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\SearchOptions.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\ic-close-gray2.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_kn.dll | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\SourceSansPro-It.ttf | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\CollisionGroupsEditor\manage.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\mtrl_ground_2022.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicDark\Unmuted20.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\scrollbuttonUp_ds.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\DeveloperFramework\PageNavigation\button_control_start.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ManageCollaborators\FriendIcon_light.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\whiteCircle.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\Sigma\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\mtrl_brick.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Mu\Fingerprinting | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\heads\headA.mesh | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\ScrollBarTop.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\button_hover.png | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\webview2_integration.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x794,0x78c,0x778,0x784,0x7c0,0xbd8c44,0xbd8c54,0xbd8c64
C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe"
C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=60fbaa906b1f866e4f443e8242ad94e1319ed1ef --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5d4,0x5d8,0x5dc,0x5b0,0x610,0x10cdec8,0x10cded8,0x10cdee8
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkVCMDlCMzYtQkZDNy00QTFELTk2NDktQjM4OUQzNzIzOTQyfSIgdXNlcmlkPSJ7OEQwREM5MUEtRkZGRC00RkIxLTlERUQtNUU1QzJGQUU5MEZBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszRDA2OEQxMC1DQTA4LTQxN0EtODFCMi0xMzk3ODA4REFFRjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDc2NzkzNTk4IiBpbnN0YWxsX3RpbWVfbXM9IjE1NDIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{FEB09B36-BFC7-4A1D-9649-B389D3723942}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkVCMDlCMzYtQkZDNy00QTFELTk2NDktQjM4OUQzNzIzOTQyfSIgdXNlcmlkPSJ7OEQwREM5MUEtRkZGRC00RkIxLTlERUQtNUU1QzJGQUU5MEZBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMTU5MkU3RS1FNkQ0LTQ2QzYtOEYzQS1CREI2MTA1MzQ3M0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDg2ODIyNjIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{72993400-5646-4600-B173-3F3757AEEDC9}\EDGEMITMP_591A3.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff75072baf8,0x7ff75072bb04,0x7ff75072bb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkVCMDlCMzYtQkZDNy00QTFELTk2NDktQjM4OUQzNzIzOTQyfSIgdXNlcmlkPSJ7OEQwREM5MUEtRkZGRC00RkIxLTlERUQtNUU1QzJGQUU5MEZBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0NkQyRTg4RC1FOEU0LTQwMTEtODZCRi1GRjI5N0YyQzk3Nzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxMDc2NjMwODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTA3OTU0MDExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2NDM3MjkzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMwMTk0NzAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9a2ZYQzQ4dW92NEdmVjEwakdFMTNyQXo2MDclMmJVQkVpbjI3bEJCdEpGaE5YY1dtQkh4NnI0JTJiJTJiYm8yTzF4ckI3VEx0SEhqSlh1cDRxeE5Ob05kTDg0YnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwODY3NDQiIHRvdGFsPSIxNzIwODY3NDQiIGRvd25sb2FkX3RpbWVfbXM9IjI1MDU5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ2NDYyMzI1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0OTExODMxOTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxNzE5MDQyNTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMjQ2IiBkb3dubG9hZF90aW1lX21zPSIzNTYzNiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2ODA1NCIvPjwvYXBwPjwvcmVxdWVzdD4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ephemeralcounters.api.roblox.com | udp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.qq.com | udp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.qq.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | setup-ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-ll.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 4.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setup-hw.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| ES | 3.160.231.64:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 64.231.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.122.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.244.67.18.in-addr.arpa | udp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | setup-ll.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-hw.rbxcdn.com | udp |
| ES | 3.160.231.64:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.114.58.89:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.58.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 104.109.143.5:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 5.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| DE | 128.116.44.4:443 | ephemeralcounters.api.roblox.com | tcp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OCSF5S5B\PCClientBootstrapper[1].json
| MD5 | cba4e37d2b13f0efe66a96453122d494 |
| SHA1 | a68d460683eea5ef3cd5c0003bbb46354652f7f0 |
| SHA256 | 614dc46ab69f5f07992be9e4df35228d39ca43423fa2e52767822c3d0572fc05 |
| SHA512 | ee1cecfe66642e203b1f5e0e29e95631c628b5231d04097f82c8377ee622bbf710a1c492700f997a4c47a508007073307458748b4513816d95b475a77cc916b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 0edd390a9ee9f40e466c803a9b62ea8a |
| SHA1 | 614a61309859badbae8df3fd3cfda54762e2cae8 |
| SHA256 | c3fd50b460eda0bdb628a07078dc6902f9b5446216e12b900015e46f7306563b |
| SHA512 | 277b4bd3bb8823936d18fb9efb12261e579d1ba454a56285ff8160739656f7c8af3fb42ae9e8986290d8de055e0bc65c81fc5296afe36a8bb716858d6fd8b51a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | f7f6bc69b91a95870c4f8a794ef47009 |
| SHA1 | c1e8602fbb4e296e8031a4bce6104f620eaa8299 |
| SHA256 | b2bb33ff2ec2cb9e5403cd5e49c10c1b8de1c35670ec9ae72a2a64b22be1c246 |
| SHA512 | d8af3128d95f24cd71c0e5ce7e3be3eb17769d60003d4548e2c6ac1d66a1e2be7b4645eddd7a816d4fdd0ad70a8586a89e5c2adcb5d25e3ff98ae522be8ec7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 4bde18d2f5b811fed86d03d6adc8286e |
| SHA1 | 63b6992b87267f42e1ce495db1fe41f0217db09c |
| SHA256 | 213737f3914c8d8ab9addf3452701855be5f6ac138ed962b29f16c5f250977fb |
| SHA512 | 4734ae474878ced5b76b998bf25f73eacf4a417443506e5e89bd05e4f847911dfdca56462270fd3a2c7e97f45bec210ae5347c722bf4d1ba682e2fae84496ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | cef12f9a9ea2987455f87b9b826333ca |
| SHA1 | 793b0fc2cd8f441c8f7ffd2a19fd3ab68963a93e |
| SHA256 | 2bb56d7a8fbef8b918c0815c35f1c4fb32a4135c516f025b15c179d3ee411d8a |
| SHA512 | 5906dffdd0897010920b8b7ef65b24da18629480521da5c9148238671f58602710d07266444f5c4c75e0ad2bd514fd88678339a7e6c723c7ccae12f9664599cf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C52098XD\BatchIncrement[1].json
| MD5 | bedbf7d7d69748886e9b48f45c75fbbe |
| SHA1 | aa0789d89bfbd44ca1bffe83851af95b6afb012c |
| SHA256 | b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61 |
| SHA512 | 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6 |
C:\Users\Admin\AppData\Local\Temp\RBX-5437B359\RobloxPlayerLauncher.exe
| MD5 | f54b7571f1901e471133d4723140048a |
| SHA1 | 1076f97284ecb4e0b53be62af0c8de7bcef507f1 |
| SHA256 | 32182938735b51764cb2b4f788a5ee316fbd56581aecb9698a77470981392b71 |
| SHA512 | df79b7b13d24e9f3c2fb8b62c58eb06e69f0dff88ecfe57190df1118f0c4e800dee7e6f10db41140c42bbf689405ba2a44f37521ba30679c866c195ef9732b2f |
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
| MD5 | 358ea9db6755c9fe2f1e9aa3b8582be3 |
| SHA1 | 6f0412022821f7a81d1b78f37893e3df59120a30 |
| SHA256 | 1461efa1402bfa8d12d3865ad8a15a4080fb29bb835fd30452bbc28adaf106e6 |
| SHA512 | b445de70d386136c193c2d60bbad53efdec21a10a3415326d002b4c2e48996c1b747e02eb99ea127746afc541a71e4a5f7e72cc130015eb3696a8e044ef71bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | dea771ee56acc4c70b7786d3235f1ba0 |
| SHA1 | 18ffd79cc9f08d1de24b48de22f3e2e1a9d19fea |
| SHA256 | 7d5f4857ffeec794a3ace4d380d300e3186063a3a03f1eac43c4c8812ad30404 |
| SHA512 | dcdf7b6888d0099fe005ffebec15713b9962b3c91b275f976ac6d7c1a717241cb4a16eb016d3bcad96778c22e688d95fb440cce9241f1d7a10852c26f6ea50a5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7TWCMRP\WindowsPlayer[1].json
| MD5 | 7a4f61c16994714c7d10abd10576f64d |
| SHA1 | 51a9595244bf96fcbef153cde2606d9cd4762384 |
| SHA256 | ef0f0903449e72b1bb72ad78f8a313b43863736996f08934f433f27c7c3672af |
| SHA512 | 4988214e504492db493af674dc07bdaad0e41fe780129a3669524dd9474a383f74bd30742cc6b8bd02fdd1dc247a5cdcfd4b8e2f307a5465378d6252c8bff862 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C52098XD\version-8764cc9c84a5459a-rbxPkgManifest[1].txt
| MD5 | 1c7b214e4eca77fde043a5e29bcfb295 |
| SHA1 | 260a3512f06fe20b5838895fec47883efae9f758 |
| SHA256 | 3f3ac87c23d98322c7a3faa1a9fad14da9562aacabd06daef9e6960ae9e23b94 |
| SHA512 | 56226c74cff52bcaad4665dbae01ac1d0be55fdd0fed457544b46fab07100bd7d35955fe0e8f526188a09fb67ab10469f01761df30a60c22f2722c607be3a658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 074540d391479062c54a478d16da061f |
| SHA1 | ba64224663e926ecae58b176761781d8054a20ca |
| SHA256 | 11c087265ef3d54c00d7c6f52b8024be61ce244360cff0f6498ec9b3c2f263ae |
| SHA512 | acf7a0911930cb02ddb398576f8a5ba2e69f6560e0c9cf55d152506910444b97bab47878658f325b3c52310e0ad235392141f7884beb673e091b272a60c0d9dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 0f3734364fd6107c3897385bc7d689c8 |
| SHA1 | f4ec874e00d858d7aecf101a53de3309013ecc0c |
| SHA256 | 7f172daab6977a3636f0ae6d7e2cceb88429b293d3ccec22e556c003466938bb |
| SHA512 | 82f855cc3b28beced973dc5fe0e7190cbb5d5d399f9093cc9f4b63bff4becc502410f063fa3f98ca82010b4a6ba529629fca59b8995d91793df52df18586898c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 9db289004e7417dd2657adae72d1c6b8 |
| SHA1 | a16f1260c71a295a2b7143095102075ed3a97f7d |
| SHA256 | aca9069e12967a70fd3ae001a323d0fd3342abe677eacdf2bb7341d3b15edda0 |
| SHA512 | 00ebec90fc0c77dd6c3eed228f4763738c6d7b14c6797c9783a5d6406ecc930a8286728e2d26d65d07b7b298ff4ebc1b72747f07b6133107e319680c149abaf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 3cba3b57f5faeaac18f660bdf00f7c25 |
| SHA1 | 21104b4abf6134c895f1f6d8148496e18724fd2c |
| SHA256 | 391b2b7685c0962929b65eb56682acc677f4ed5d093333f8e45d3e499bd820b9 |
| SHA512 | e910a1fa6add17de6344dec2e106a224869e78a75ca50fed99b5f502847f52f7bc790b8a2d3a56f56ccf03abcba5715fe20c284cddb1a78382c48bf790902e64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 4575712d106138690579db3228787d36 |
| SHA1 | 60fd1643483eef191c2cc6de42290b3d1e86e9c1 |
| SHA256 | acc334a2a9cb3fbd0c673e8596c5547e43dd629a3e354e74eebf31c48380d9ef |
| SHA512 | b3947c66b5a23508de91d417d3576fa7482b77001cca344fbb2eb24f88420b79ba06256068f5c332fd9c2a1e985a60324c35b9d769beecaf505e917b8f5970bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 59c6d7009cf2633a8eedd130334e71a0 |
| SHA1 | 29e7be31cb4f459c97fbc6b27eda5b87817feccd |
| SHA256 | e955708aa488d1d7f29a2b8af60161baecf9702ac0919b0e287d01fa8eb5ebed |
| SHA512 | 06526a602db528dc4041214441a65e661620ae8a707ae52cc4fb3fea98057a27cf4b48a03a5defe60f7ac0a71c9734682a82e349832e227bfe1e5c196db70d49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 6562bdfe1e0119e62a751dbf31afd99b |
| SHA1 | f2b700ea8d7cf0536adc7c01f9dd20f0db850bac |
| SHA256 | ef809fbc32653d1e37c5a7b8c8c1bae375ff8296d05c2a2d4917dadb7b4c1aaf |
| SHA512 | 01aa8a74fe4dc453f1c25c4f6df9483c48ff2a9d0ecf6c367d146e21e4aacc59ad4b0cf14d293780a1af2b0c9a587e0cf5c89dfce0b71bab1733b7ccb29c48e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | cb5c1b37e863532e1725fcc3a1e0d41a |
| SHA1 | 687e809d67ab00d0186dbc94f32360b63337cf0b |
| SHA256 | 947cd125806704ac752b9d72cb6ea5af1f5c689c38c59e7c537445514d29540b |
| SHA512 | 34d428d756784c117b99617f9746c8ba5afe300170487334804b062e6452cffdfb0430074a6dd935c1611f3bceaf8a5ff37d72affede65a0b9ffa3d5e422f98a |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
| MD5 | ae62ef723642e510c8b4947b4282ab7b |
| SHA1 | 81077adc6aa8bec313449ba3f6a9ace7215686b0 |
| SHA256 | f99809b75bf1c380dc7b84c64fcf91e450e3d1658a0b4697691655bd242d9a23 |
| SHA512 | ba7a35557269abdc921e2f0180577ef30bea4a3379bca47f97a331ad0aaa14214c0f8665a696615f82b00ea6b31d07fabfc802af5606e9238b15b430a9d3f358 |
C:\ProgramData\Roblox\Downloads\roblox-player\666f69bae6e56a62b7af6cb8496f677f
| MD5 | 666f69bae6e56a62b7af6cb8496f677f |
| SHA1 | ae052de936deeebe5fb8d8c059eb84fa38707c4d |
| SHA256 | 586adc8fe02d5ac562fbc338df3555732d9d0b77db7cad306aadec22447ce6f8 |
| SHA512 | ee479171bf4dbc0b7d690202e0a6c09ba88cac1a1a34e4f115c9d0c65f1ca752cf3d180d6047fa1066da933a48e8cac070d4f1dceec8abfd8ee1ab3590ff50ee |
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_gl.dll
| MD5 | 84a1cea9a31be831155aa1e12518e446 |
| SHA1 | 670f4edd4dc8df97af8925f56241375757afb3da |
| SHA256 | e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57 |
| SHA512 | 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU3D3.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 32cfcd19361d5e2c1c4dbea6fc2906d5 |
| SHA1 | 1242d5847916a5495d608c5c37a65e6ebd8825bb |
| SHA256 | 96a59efa2a16851f9d15550e9397a556c7efec15316645aa55a2c068a2d7ec6e |
| SHA512 | 7ca438d22ad178269f30e5ce88b4d41ca93e3b02ea8fb31ea8447c3da8621dcd17f3fa9a2b1d42ab45d10800187af213215d6feb78e1a3bac5cd0e9dbc173e47 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe
| MD5 | cf5144a59c3b26558c05a5226c4b53fe |
| SHA1 | bcf541fbd1bf0168a2d63ead5b06d8918b89b296 |
| SHA256 | 3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea |
| SHA512 | 2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | d9919f617eb47c1495496257719ffac7 |
| SHA1 | d39352cd4238c76824eebbd43c76d08f979ca1db |
| SHA256 | ee97d92e25abcf28922d504f9b3cf9a8d5b73d12f82f7c56c01619801308e630 |
| SHA512 | 4283969a55f91bf7e97d5bb98d5bf9d5bf4665b8291c111faec5af729d34c4e86875825367ee44714a21f100b8ae140b5af2abc365118db3704ac106d20caddd |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe
| MD5 | 149e6b831dee17cc2122c64124654b5a |
| SHA1 | c4f67f0781345cfc6fdfc5670dcbecf3848afee2 |
| SHA256 | 3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40 |
| SHA512 | 679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085 |