Analysis Overview
SHA256
1321556ca5ab30b214580e8dce307b4d7aba27e42907f4a3c7af1147a51d7b25
Threat Level: Likely malicious
The file PTR_Fleetwood.zip was found to be: Likely malicious.
Malicious Activity Summary
Sets file execution options in registry
Modifies Installed Components in the registry
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
Adds Run key to start application
Installs/modifies Browser Helper Object
Checks whether UAC is enabled
Checks installed software on the system
Drops desktop.ini file(s)
Drops file in System32 directory
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks system information in the registry
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Checks processor information in registry
Enumerates system info in registry
System policy modification
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-01 11:05
Signatures
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1484s
Max time network
1513s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104074" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2808269378" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1832 wrote to memory of 4832 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 1832 wrote to memory of 4832 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\modDesc.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\modDesc.xml
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.98:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/1832-0-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-2-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-4-0x00007FF8E37A3000-0x00007FF8E37A4000-memory.dmp
memory/1832-3-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-1-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-6-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-5-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-7-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-8-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-9-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-10-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-11-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-13-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-14-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-15-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-16-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-12-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-17-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-18-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-23-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp
memory/1832-20-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-19-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-22-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
memory/1832-21-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1467s
Max time network
1496s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window1.dds
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:34
Platform
win11-20240426-en
Max time kernel
1792s
Max time network
1510s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4632 wrote to memory of 476 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 4632 wrote to memory of 476 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\horn.ogg
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\horn.ogg"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 23.62.61.123:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/476-5-0x00007FF6F1770000-0x00007FF6F1868000-memory.dmp
memory/476-6-0x00007FFD7DD20000-0x00007FFD7DD54000-memory.dmp
memory/476-11-0x00007FFD7CFE0000-0x00007FFD7CFF7000-memory.dmp
memory/476-14-0x00007FFD7CF80000-0x00007FFD7CF91000-memory.dmp
memory/476-13-0x00007FFD7CFA0000-0x00007FFD7CFBD000-memory.dmp
memory/476-12-0x00007FFD7CFC0000-0x00007FFD7CFD1000-memory.dmp
memory/476-7-0x00007FFD7D2D0000-0x00007FFD7D586000-memory.dmp
memory/476-9-0x00007FFD7DE10000-0x00007FFD7DE27000-memory.dmp
memory/476-8-0x00007FFD7E0A0000-0x00007FFD7E0B8000-memory.dmp
memory/476-10-0x00007FFD7D000000-0x00007FFD7D011000-memory.dmp
memory/476-16-0x00007FFD6B1C0000-0x00007FFD6B3CB000-memory.dmp
memory/476-27-0x00007FFD73070000-0x00007FFD730D7000-memory.dmp
memory/476-30-0x00007FFD6C690000-0x00007FFD6C6EC000-memory.dmp
memory/476-29-0x00007FFD71F00000-0x00007FFD71F11000-memory.dmp
memory/476-28-0x00007FFD71D60000-0x00007FFD71DDC000-memory.dmp
memory/476-26-0x00007FFD7CDF0000-0x00007FFD7CE20000-memory.dmp
memory/476-25-0x00007FFD7CE20000-0x00007FFD7CE38000-memory.dmp
memory/476-24-0x00007FFD7CE40000-0x00007FFD7CE51000-memory.dmp
memory/476-23-0x00007FFD7CE60000-0x00007FFD7CE7B000-memory.dmp
memory/476-22-0x00007FFD7CE80000-0x00007FFD7CE91000-memory.dmp
memory/476-21-0x00007FFD7CEA0000-0x00007FFD7CEB1000-memory.dmp
memory/476-20-0x00007FFD7CEC0000-0x00007FFD7CED1000-memory.dmp
memory/476-19-0x00007FFD7CEE0000-0x00007FFD7CEF8000-memory.dmp
memory/476-18-0x00007FFD7CF00000-0x00007FFD7CF21000-memory.dmp
memory/476-17-0x00007FFD7CF30000-0x00007FFD7CF71000-memory.dmp
memory/476-15-0x00007FFD6B3D0000-0x00007FFD6C480000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:12
Platform
win11-20240419-en
Max time kernel
1488s
Max time network
1511s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\gen_dirt_1.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1475s
Max time network
1504s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\new_shaders\orange glass.dds"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:24
Platform
win11-20240419-en
Max time kernel
1790s
Max time network
1495s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4016 wrote to memory of 1112 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 4016 wrote to memory of 1112 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_run.ogg
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_run.ogg"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004FC 0x00000000000004F0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/1112-6-0x00007FFF091F0000-0x00007FFF09224000-memory.dmp
memory/1112-5-0x00007FF7CEB40000-0x00007FF7CEC38000-memory.dmp
memory/1112-13-0x00007FFF053D0000-0x00007FFF053ED000-memory.dmp
memory/1112-14-0x00007FFF053B0000-0x00007FFF053C1000-memory.dmp
memory/1112-12-0x00007FFF053F0000-0x00007FFF05401000-memory.dmp
memory/1112-11-0x00007FFF05480000-0x00007FFF05497000-memory.dmp
memory/1112-10-0x00007FFF06310000-0x00007FFF06321000-memory.dmp
memory/1112-9-0x00007FFF06440000-0x00007FFF06457000-memory.dmp
memory/1112-7-0x00007FFEF4170000-0x00007FFEF4426000-memory.dmp
memory/1112-8-0x00007FFF065E0000-0x00007FFF065F8000-memory.dmp
memory/1112-15-0x00007FFEF3D30000-0x00007FFEF3F3B000-memory.dmp
memory/1112-30-0x00007FFEF2B30000-0x00007FFEF2B8C000-memory.dmp
memory/1112-29-0x00007FFEF4DD0000-0x00007FFEF4DE1000-memory.dmp
memory/1112-28-0x00007FFEF2B90000-0x00007FFEF2C0C000-memory.dmp
memory/1112-27-0x00007FFEF2C10000-0x00007FFEF2C77000-memory.dmp
memory/1112-26-0x00007FFEF4DF0000-0x00007FFEF4E20000-memory.dmp
memory/1112-25-0x00007FFEF9790000-0x00007FFEF97A8000-memory.dmp
memory/1112-24-0x00007FFEF97B0000-0x00007FFEF97C1000-memory.dmp
memory/1112-23-0x00007FFEFBAE0000-0x00007FFEFBAFB000-memory.dmp
memory/1112-22-0x00007FFEFBB00000-0x00007FFEFBB11000-memory.dmp
memory/1112-21-0x00007FFEFBB20000-0x00007FFEFBB31000-memory.dmp
memory/1112-20-0x00007FFF052F0000-0x00007FFF05301000-memory.dmp
memory/1112-19-0x00007FFF05310000-0x00007FFF05328000-memory.dmp
memory/1112-18-0x00007FFF05330000-0x00007FFF05351000-memory.dmp
memory/1112-17-0x00007FFF05360000-0x00007FFF053A1000-memory.dmp
memory/1112-16-0x00007FFEF2C80000-0x00007FFEF3D30000-memory.dmp
memory/1112-42-0x00007FFEF2C80000-0x00007FFEF3D30000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:12
Platform
win11-20240426-en
Max time kernel
1478s
Max time network
1505s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104056" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3942743846" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 776 wrote to memory of 3320 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 776 wrote to memory of 3320 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\RV.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RV.xml
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| NL | 23.62.61.152:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/776-0-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-2-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-1-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-3-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-5-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-4-0x00007FF9D1C43000-0x00007FF9D1C44000-memory.dmp
memory/776-6-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-8-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-7-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-9-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-10-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-12-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-11-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-13-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-17-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-19-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-18-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp
memory/776-16-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-15-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
memory/776-14-0x00007FF991C30000-0x00007FF991C40000-memory.dmp
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1484s
Max time network
1511s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\default_specular.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 112.61.62.23.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1482s
Max time network
1512s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\gen_wear_dirt_2.dds
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | 89.2.16.2.in-addr.arpa | udp |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.61.62.23.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:22
Platform
win11-20240419-en
Max time kernel
1792s
Max time network
1500s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 844 wrote to memory of 964 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 844 wrote to memory of 964 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_load.ogg
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_load.ogg"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
memory/964-5-0x00007FF77F920000-0x00007FF77FA18000-memory.dmp
memory/964-6-0x00007FFFF0900000-0x00007FFFF0934000-memory.dmp
memory/964-10-0x00007FFFF08E0000-0x00007FFFF08F1000-memory.dmp
memory/964-14-0x00007FFFEC9A0000-0x00007FFFEC9B1000-memory.dmp
memory/964-13-0x00007FFFEF2E0000-0x00007FFFEF2FD000-memory.dmp
memory/964-16-0x00007FFFEBAE0000-0x00007FFFEBB21000-memory.dmp
memory/964-15-0x00007FFFDE7E0000-0x00007FFFDE9EB000-memory.dmp
memory/964-12-0x00007FFFEFE10000-0x00007FFFEFE21000-memory.dmp
memory/964-11-0x00007FFFEFE30000-0x00007FFFEFE47000-memory.dmp
memory/964-7-0x00007FFFDEC20000-0x00007FFFDEED6000-memory.dmp
memory/964-9-0x00007FFFF0BC0000-0x00007FFFF0BD7000-memory.dmp
memory/964-8-0x00007FFFF3790000-0x00007FFFF37A8000-memory.dmp
memory/964-30-0x00007FFFE5090000-0x00007FFFE50EC000-memory.dmp
memory/964-29-0x00007FFFEB9A0000-0x00007FFFEB9B1000-memory.dmp
memory/964-28-0x00007FFFDF5E0000-0x00007FFFDF65C000-memory.dmp
memory/964-27-0x00007FFFE6310000-0x00007FFFE6377000-memory.dmp
memory/964-26-0x00007FFFEB9C0000-0x00007FFFEB9F0000-memory.dmp
memory/964-25-0x00007FFFEB9F0000-0x00007FFFEBA08000-memory.dmp
memory/964-24-0x00007FFFEBA10000-0x00007FFFEBA21000-memory.dmp
memory/964-23-0x00007FFFEBA30000-0x00007FFFEBA4B000-memory.dmp
memory/964-22-0x00007FFFEBA50000-0x00007FFFEBA61000-memory.dmp
memory/964-21-0x00007FFFEBA70000-0x00007FFFEBA81000-memory.dmp
memory/964-20-0x00007FFFEBA90000-0x00007FFFEBAA1000-memory.dmp
memory/964-19-0x00007FFFEC980000-0x00007FFFEC998000-memory.dmp
memory/964-18-0x00007FFFEBAB0000-0x00007FFFEBAD1000-memory.dmp
memory/964-17-0x00007FFFDD730000-0x00007FFFDE7E0000-memory.dmp
memory/964-43-0x00007FFFDD730000-0x00007FFFDE7E0000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:25
Platform
win11-20240426-en
Max time kernel
1790s
Max time network
1510s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3020 wrote to memory of 4848 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 3020 wrote to memory of 4848 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_start.ogg
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_start.ogg"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4848-5-0x00007FF760230000-0x00007FF760328000-memory.dmp
memory/4848-6-0x00007FFDAC970000-0x00007FFDAC9A4000-memory.dmp
memory/4848-13-0x00007FFDA9730000-0x00007FFDA974D000-memory.dmp
memory/4848-14-0x00007FFDA9710000-0x00007FFDA9721000-memory.dmp
memory/4848-12-0x00007FFDA9750000-0x00007FFDA9761000-memory.dmp
memory/4848-11-0x00007FFDA9DA0000-0x00007FFDA9DB7000-memory.dmp
memory/4848-16-0x00007FFDA8F20000-0x00007FFDA8F61000-memory.dmp
memory/4848-15-0x00007FFD98140000-0x00007FFD9834B000-memory.dmp
memory/4848-19-0x00007FFDA8F00000-0x00007FFDA8F18000-memory.dmp
memory/4848-27-0x00007FFD97020000-0x00007FFD97087000-memory.dmp
memory/4848-30-0x00007FFD96F40000-0x00007FFD96F9C000-memory.dmp
memory/4848-29-0x00007FFD9F1D0000-0x00007FFD9F1E1000-memory.dmp
memory/4848-28-0x00007FFD96FA0000-0x00007FFD9701C000-memory.dmp
memory/4848-26-0x00007FFD9F1F0000-0x00007FFD9F220000-memory.dmp
memory/4848-25-0x00007FFD9F220000-0x00007FFD9F238000-memory.dmp
memory/4848-24-0x00007FFDA8390000-0x00007FFDA83A1000-memory.dmp
memory/4848-23-0x00007FFDA8B50000-0x00007FFDA8B6B000-memory.dmp
memory/4848-22-0x00007FFDA8B70000-0x00007FFDA8B81000-memory.dmp
memory/4848-21-0x00007FFDA8B90000-0x00007FFDA8BA1000-memory.dmp
memory/4848-20-0x00007FFDA8EE0000-0x00007FFDA8EF1000-memory.dmp
memory/4848-18-0x00007FFDA96E0000-0x00007FFDA9701000-memory.dmp
memory/4848-7-0x00007FFDA91A0000-0x00007FFDA9456000-memory.dmp
memory/4848-10-0x00007FFDAC7D0000-0x00007FFDAC7E1000-memory.dmp
memory/4848-9-0x00007FFDADA90000-0x00007FFDADAA7000-memory.dmp
memory/4848-17-0x00007FFD97090000-0x00007FFD98140000-memory.dmp
memory/4848-8-0x00007FFDAE220000-0x00007FFDAE238000-memory.dmp
memory/4848-43-0x00007FFD97090000-0x00007FFD98140000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:25
Platform
win11-20240419-en
Max time kernel
1792s
Max time network
1495s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2860 wrote to memory of 1620 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 2860 wrote to memory of 1620 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_stop.ogg
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_stop.ogg"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004E0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/1620-6-0x00007FFFA3250000-0x00007FFFA3284000-memory.dmp
memory/1620-5-0x00007FF7EF650000-0x00007FF7EF748000-memory.dmp
memory/1620-13-0x00007FFFA24E0000-0x00007FFFA24FD000-memory.dmp
memory/1620-14-0x00007FFFA24C0000-0x00007FFFA24D1000-memory.dmp
memory/1620-7-0x00007FFF91300000-0x00007FFF915B6000-memory.dmp
memory/1620-12-0x00007FFFA2500000-0x00007FFFA2511000-memory.dmp
memory/1620-11-0x00007FFFA2520000-0x00007FFFA2537000-memory.dmp
memory/1620-9-0x00007FFFA3470000-0x00007FFFA3487000-memory.dmp
memory/1620-8-0x00007FFFA36D0000-0x00007FFFA36E8000-memory.dmp
memory/1620-10-0x00007FFFA2540000-0x00007FFFA2551000-memory.dmp
memory/1620-15-0x00007FFF90EC0000-0x00007FFF910CB000-memory.dmp
memory/1620-19-0x00007FFFA1410000-0x00007FFFA1428000-memory.dmp
memory/1620-30-0x00007FFF8FCA0000-0x00007FFF8FCFC000-memory.dmp
memory/1620-29-0x00007FFF8FD00000-0x00007FFF8FD11000-memory.dmp
memory/1620-28-0x00007FFF8FD20000-0x00007FFF8FD9C000-memory.dmp
memory/1620-27-0x00007FFF8FDA0000-0x00007FFF8FE07000-memory.dmp
memory/1620-26-0x00007FFF91CC0000-0x00007FFF91CF0000-memory.dmp
memory/1620-25-0x00007FFF977E0000-0x00007FFF977F8000-memory.dmp
memory/1620-24-0x00007FFF97800000-0x00007FFF97811000-memory.dmp
memory/1620-23-0x00007FFF97820000-0x00007FFF9783B000-memory.dmp
memory/1620-22-0x00007FFF98AA0000-0x00007FFF98AB1000-memory.dmp
memory/1620-21-0x00007FFF98AC0000-0x00007FFF98AD1000-memory.dmp
memory/1620-20-0x00007FFF98AE0000-0x00007FFF98AF1000-memory.dmp
memory/1620-18-0x00007FFFA1430000-0x00007FFFA1451000-memory.dmp
memory/1620-17-0x00007FFFA23F0000-0x00007FFFA2431000-memory.dmp
memory/1620-16-0x00007FFF8FE10000-0x00007FFF90EC0000-memory.dmp
memory/1620-42-0x00007FFF8FE10000-0x00007FFF90EC0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1485s
Max time network
1498s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2683198765" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4612 wrote to memory of 4780 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 4612 wrote to memory of 4780 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\RV.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RV.xml
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
memory/4612-0-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-1-0x00007FFAB95A3000-0x00007FFAB95A4000-memory.dmp
memory/4612-3-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-2-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-4-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-6-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-5-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-7-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-8-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-10-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-9-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-11-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-13-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-12-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-14-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-15-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-17-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-16-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-18-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-19-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-22-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-23-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-24-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp
memory/4612-20-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
memory/4612-21-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1486s
Max time network
1511s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\Wood.dds
Network
| Country | Destination | Domain | Proto |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1485s
Max time network
1494s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\chrome.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:12
Platform
win11-20240419-en
Max time kernel
1488s
Max time network
1498s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearPlastic_diffuse.dds
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1488s
Max time network
1498s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_light_tint.dds
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1485s
Max time network
1513s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\RV.i3d.shapes
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 19:54
Platform
win11-20240426-en
Max time kernel
692s
Max time network
698s
Command Line
Signatures
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls\Private\ScrollBar.qml | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\fonts\JosefinSans-Regular.ttf | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\FileSync\Dark\Large\Refresh.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\CursorKind.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\qu.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\PointLight.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Analytics\Navigation\BtnValues.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ExpChat\RoactRodux.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_lv.dll | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\Notifications\Light\Large\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\TopBar\Flags\GetFFlagChangeTopbarHeightCalculation.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\LuauRegExp.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-2.4.1\JestUtil\formatTime.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AccountSwitching\RobloxAppEnums.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserSafetyTestSuite\InGameAssetReporting.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls\Styles\Base\images\slider-handle.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\Performance.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Test\MockAnalytics.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NotificationModalsManager\Dev\Rhodium.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiShell\TenFootUiControllerBar.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\fr-CA.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\BuiltInPlugins\DepFiles\ViewSelector.d | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Flags\GetFFlagIBGateUGC4ACollectibleAssetsBundles.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\Dash\Dash\collectArray.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NavigationRodux\SharedFlags.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\fa.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Actions\SetTryingOnInfo.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SystemInfoProtocol\SystemInfoProtocol\default.rbxp | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\hi.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\PlayerScripts\StarterPlayerScripts\PlayerModule.module\CameraModule\ClassicCamera.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\TestEZJestAdapter\TestEZJestAdapter\Reporters\JestDefaultReporter.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Analytics | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameLaunch\PlayabilityRodux.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Window.2\qmldir | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Settings\LeaveGame\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\Notifications\Dark\Large\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\ChatSelector.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestCircus\JestCircus\circus\globalErrorHandlers.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ExperienceLoadingScript\Dev\JestGlobals.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialOnboardingButtons\Dev\SocialTestHelpers.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\t.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestDiff-edcba0e9-2.4.1\LuauPolyfill.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\ReactFocusNavigation\ReactFocusNavigation\FocusNavigationContext.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\libEGL.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\TaskScheduler.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Thunks\DeleteFavoriteForAsset.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoduxContacts-8363ecbf-ce1067fc\RoduxContacts\Selectors\sortContacts.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Shapes\qmlshapesplugin.dll | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\CoreScriptsRhodiumTest\Tests\Settings\SettingsFullScreenTitleBar.spec.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\TopBar\Reducer\DisplayOptions.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends\RoduxFriends\Actions\RecommendationSourceCreated.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Loggers\Lumberyak.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\designer\images\combobox-icon16.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\AnimationEditor\FaceCaptureUI\Background.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Vehicle\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\AvatarCompatibilityPreviewer\Dark\Large\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\FileSync\Dark\Standard\Refresh.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\CylinderHandleAdornment.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Chrome\Unibar\WindowManager.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "8" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "4" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "6" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "9" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590662051260763" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "3" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Roblox.Place\shell\Open\command | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.rbxl\Roblox.Place\ShellNew | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass03_diffuse.dds
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd7d63ab58,0x7ffd7d63ab68,0x7ffd7d63ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4844 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4712 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2440 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3148 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3948 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4428 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3280 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3124 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5036 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2784 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3344 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3148 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3252 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4552 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM5RENDMTYtODE2Ni00OTFCLUE1RjItODcyQ0UxQzMwMjQ1fSIgdXNlcmlkPSJ7OEY4MjI3M0ItMUQ1Qi00NkM1LThEQjUtMTVBRTdBQjA2NEFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDQkU3REY5Qy03QjI5LTQ1NzktOEUxMS02NDA0NDI4QUEwMTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMTk3MTA5MjQiIGluc3RhbGxfdGltZV9tcz0iMzUyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{439DCC16-8166-491B-A5F2-872CE1C30245}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM5RENDMTYtODE2Ni00OTFCLUE1RjItODcyQ0UxQzMwMjQ1fSIgdXNlcmlkPSJ7OEY4MjI3M0ItMUQ1Qi00NkM1LThEQjUtMTVBRTdBQjA2NEFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1QkE4OTA1Ny1FMENGLTQ1ODktQjI5Ri1CQjI2RDlFQUE4NDB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMyMjk3MDg2NiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7caa088c0,0x7ff7caa088cc,0x7ff7caa088d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM5RENDMTYtODE2Ni00OTFCLUE1RjItODcyQ0UxQzMwMjQ1fSIgdXNlcmlkPSJ7OEY4MjI3M0ItMUQ1Qi00NkM1LThEQjUtMTVBRTdBQjA2NEFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5QUEzREE3RS01MkFGLTRFQjUtQTBEMy05NDhEOTM1Q0Y4MTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzMwNzQwOTAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMzMDc3MTAyMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1NjU4NDUzNDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTk3NzQ3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWl4bTZyeDJKcyUyZnJwbnBGcXU2SnJSWjAlMmZJSUxTdVdhRyUyYjNSa3Rja0Z2RmpLVkpQJTJmVG1VQ3VCVkNwRmlobmFiT0NiT1l1cGNJenF5R0FxeHZyMnJKV1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjE3MzczIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODU2NjAwMTY0NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1Nzk3NTE3MjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjkwMDk3NTIxODciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNDAiIGRvd25sb2FkX3RpbWVfbXM9IjIzNTIwIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2368.404.5553719525741325327
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x184,0x188,0x18c,0x160,0x114,0x7ffd6602ceb8,0x7ffd6602cec4,0x7ffd6602ced0
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1644 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1972,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2040,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3396,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3700,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3468,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4944,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5080,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5592 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1714593137479+avatar+browsertrackerid:1714592662901005+robloxLocale:en-US+gameLocale:en-US+channel:+browser:chrome+userId:2490176024+distributorType:Global+launchmode:edit+task:EditPlace+placeId:14499138401+universeId:5006053822
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
Network
| Country | Destination | Domain | Proto |
| GB | 184.28.176.114:443 | tcp | |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| FR | 128.116.122.4:443 | twostepverification.roblox.com | tcp |
| FR | 128.116.122.4:443 | twostepverification.roblox.com | tcp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.26:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | twostepverification.roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| FR | 128.116.122.4:443 | twostepverification.roblox.com | tcp |
| US | 8.8.8.8:53 | 95.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| US | 2.18.190.83:443 | apis.rbxcdn.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| US | 18.239.208.98:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 18.239.208.48:443 | create.roblox.com | tcp |
| US | 18.239.208.48:443 | create.roblox.com | tcp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | tcp |
| CZ | 104.64.120.140:443 | clientsettingscdn.roblox.com | tcp |
| US | 18.239.208.15:443 | webblox.roblox.com | tcp |
| US | 18.239.208.15:443 | webblox.roblox.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 104.77.160.138:443 | tr.rbxcdn.com | tcp |
| GB | 104.77.160.138:443 | tr.rbxcdn.com | tcp |
| GB | 104.77.160.138:443 | tr.rbxcdn.com | tcp |
| GB | 104.77.160.138:443 | tr.rbxcdn.com | tcp |
| GB | 104.77.160.138:443 | tr.rbxcdn.com | tcp |
| GB | 104.77.160.138:443 | tr.rbxcdn.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | udp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 18.239.190.57:443 | doy2mn9upadnk.cloudfront.net | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 18.239.190.57:443 | doy2mn9upadnk.cloudfront.net | tcp |
| US | 18.239.208.13:443 | t1.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 13.208.239.18.in-addr.arpa | udp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | udp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 119.208.239.18.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| US | 8.8.8.8:53 | webblox.roblox.com | udp |
| US | 18.239.208.20:443 | webblox.roblox.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| US | 8.8.8.8:53 | o293668.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| US | 8.8.8.8:53 | 20.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itemconfiguration.roblox.com | udp |
| US | 8.8.8.8:53 | premiumfeatures.roblox.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| US | 18.239.208.84:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 84.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t4.rbxcdn.com | udp |
| US | 18.239.208.9:443 | t4.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 9.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamejoin.roblox.com | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| N/A | 127.0.0.1:51420 | tcp | |
| N/A | 127.0.0.1:51424 | tcp | |
| N/A | 127.0.0.1:51427 | tcp | |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 18.239.208.47:443 | setup.rbxcdn.com | tcp |
| US | 18.239.208.47:443 | setup.rbxcdn.com | tcp |
| US | 18.239.208.47:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 134.237.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:51430 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.142:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp | |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| DE | 23.32.242.125:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | ephemeralcounters.api.roblox.com | udp |
| FR | 128.116.122.4:443 | ephemeralcounters.api.roblox.com | tcp |
| N/A | 127.0.0.1:51779 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 125.242.32.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:51788 | tcp | |
| N/A | 127.0.0.1:51791 | tcp | |
| N/A | 127.0.0.1:51795 | tcp | |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.32:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.32:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.25:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| FR | 128.116.122.4:443 | metrics.roblox.com | udp |
| FR | 128.116.122.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 2.18.190.82:443 | apis.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| N/A | 127.0.0.1:52323 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| GB | 104.91.71.146:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| FR | 128.116.122.4:443 | users.roblox.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| FR | 128.116.122.4:443 | users.roblox.com | udp |
| FR | 128.116.122.4:443 | users.roblox.com | udp |
| N/A | 127.0.0.1:52431 | tcp | |
| FR | 128.116.122.4:443 | users.roblox.com | tcp |
| N/A | 127.0.0.1:52623 | tcp | |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | tcp |
| N/A | 127.0.0.1:52625 | tcp | |
| N/A | 127.0.0.1:52627 | tcp | |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| N/A | 127.0.0.1:52629 | tcp | |
| N/A | 127.0.0.1:52631 | tcp | |
| N/A | 127.0.0.1:53904 | tcp | |
| N/A | 127.0.0.1:53906 | tcp | |
| N/A | 127.0.0.1:53908 | tcp | |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| US | 18.239.208.83:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 83.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:53919 | tcp | |
| N/A | 127.0.0.1:53922 | tcp | |
| N/A | 127.0.0.1:54033 | tcp | |
| N/A | 127.0.0.1:54043 | tcp | |
| N/A | 127.0.0.1:54045 | tcp | |
| N/A | 127.0.0.1:54064 | tcp | |
| N/A | 127.0.0.1:54084 | tcp | |
| N/A | 127.0.0.1:54086 | tcp | |
| N/A | 127.0.0.1:54133 | tcp | |
| N/A | 127.0.0.1:54135 | tcp | |
| N/A | 127.0.0.1:54148 | tcp | |
| N/A | 127.0.0.1:54318 | tcp | |
| N/A | 127.0.0.1:54320 | tcp | |
| N/A | 127.0.0.1:54322 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | gamejoin.roblox.com | udp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| N/A | 127.0.0.1:54348 | tcp | |
| N/A | 127.0.0.1:54355 | tcp | |
| N/A | 127.0.0.1:54358 | tcp | |
| N/A | 127.0.0.1:54361 | tcp | |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| N/A | 127.0.0.1:54368 | tcp | |
| N/A | 127.0.0.1:54371 | tcp | |
| N/A | 127.0.0.1:55643 | tcp | |
| N/A | 127.0.0.1:55645 | tcp | |
| N/A | 127.0.0.1:55647 | tcp | |
| N/A | 127.0.0.1:55667 | tcp | |
| N/A | 127.0.0.1:55672 | tcp | |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | gamejoin.roblox.com | udp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| US | 8.8.8.8:53 | avatar.roblox.com | udp |
| FR | 128.116.4.33:61660 | udp | |
| FR | 128.116.122.4:443 | avatar.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| US | 18.239.208.83:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 33.4.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.71.91.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:55678 | tcp | |
| N/A | 127.0.0.1:55680 | tcp | |
| FR | 128.116.122.4:443 | chat.roblox.com | tcp |
| FR | 128.116.122.4:443 | chat.roblox.com | tcp |
| FR | 128.116.122.4:443 | chat.roblox.com | tcp |
| US | 8.8.8.8:53 | assetdelivery.roblox.com | udp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 18.239.208.99:443 | c0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t6.rbxcdn.com | udp |
| US | 8.8.8.8:53 | c3.rbxcdn.com | udp |
| US | 8.8.8.8:53 | c2.rbxcdn.com | udp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.126:443 | c2.rbxcdn.com | tcp |
| US | 18.239.208.123:443 | c3.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 99.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:55808 | tcp | |
| N/A | 127.0.0.1:55880 | tcp | |
| N/A | 127.0.0.1:55886 | tcp | |
| N/A | 127.0.0.1:55888 | tcp | |
| N/A | 127.0.0.1:55890 | tcp | |
| N/A | 127.0.0.1:55892 | tcp | |
| N/A | 127.0.0.1:55901 | tcp | |
| N/A | 127.0.0.1:56067 | tcp | |
| N/A | 127.0.0.1:56070 | tcp | |
| N/A | 127.0.0.1:56073 | tcp | |
| N/A | 127.0.0.1:56076 | tcp | |
| N/A | 127.0.0.1:56092 | tcp | |
| N/A | 127.0.0.1:56101 | tcp | |
| N/A | 127.0.0.1:56107 | tcp | |
| N/A | 127.0.0.1:56113 | tcp | |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| US | 8.8.8.8:53 | 126.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t4.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t1.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t5.rbxcdn.com | udp |
| US | 18.239.208.15:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.15:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.72:443 | t0.rbxcdn.com | tcp |
| US | 18.239.208.13:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| US | 18.239.208.13:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.72:443 | t0.rbxcdn.com | tcp |
| US | 18.239.208.15:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| US | 18.239.208.13:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.99:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.99:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.72:443 | t0.rbxcdn.com | tcp |
| N/A | 127.0.0.1:56163 | tcp | |
| N/A | 127.0.0.1:56165 | tcp | |
| US | 8.8.8.8:53 | 72.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:56177 | tcp | |
| N/A | 127.0.0.1:56179 | tcp | |
| N/A | 127.0.0.1:56181 | tcp | |
| US | 18.239.208.72:443 | t0.rbxcdn.com | tcp |
| US | 18.239.208.99:443 | t2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t3.rbxcdn.com | udp |
| US | 18.239.208.116:443 | t3.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| US | 18.239.208.116:443 | t3.rbxcdn.com | tcp |
| US | 18.239.208.116:443 | t3.rbxcdn.com | tcp |
| US | 18.239.208.99:443 | t2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 116.208.239.18.in-addr.arpa | udp |
| US | 18.239.208.13:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.99:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.99:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.83:443 | t5.rbxcdn.com | tcp |
| US | 18.239.208.83:443 | t5.rbxcdn.com | tcp |
| N/A | 127.0.0.1:56218 | tcp | |
| N/A | 127.0.0.1:56220 | tcp | |
| US | 8.8.8.8:53 | itemconfiguration.roblox.com | udp |
| FR | 128.116.122.4:443 | itemconfiguration.roblox.com | tcp |
| FR | 128.116.122.4:443 | itemconfiguration.roblox.com | tcp |
| FR | 128.116.122.4:443 | itemconfiguration.roblox.com | tcp |
| US | 8.8.8.8:53 | inventory.roblox.com | udp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| N/A | 127.0.0.1:56423 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:57059 | tcp | |
| N/A | 127.0.0.1:57092 | tcp | |
| N/A | 127.0.0.1:57094 | tcp | |
| N/A | 127.0.0.1:57096 | tcp | |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:57126 | tcp | |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| N/A | 127.0.0.1:57129 | tcp | |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:57141 | tcp | |
| N/A | 127.0.0.1:57144 | tcp |
Files
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e91ba7113b9ee73bf73cfbf795374b4f |
| SHA1 | beef122500329c4babf0903b183e7ecc933a234a |
| SHA256 | 71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98 |
| SHA512 | 7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2b4dd1474237a4dc70e20f421915ac73 |
| SHA1 | d584be2833b590e89e2de69626463c89f6637baf |
| SHA256 | f3d1b90af58e98b943ee01c3ced5d13c6bdbc5f0c2eaeca9a204aff10c2d3b9d |
| SHA512 | f7b5470b68bc07270f01cd0032b61e60803406bb5f1fc06093dde8fc00ea7c309a9d1c467853c7af5521adf8bacc2257649a4c65d97023357950353707f31c1e |
\??\pipe\crashpad_1572_QIHIONINNXMVWMQA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bc53802fc6a2a2f00cdf7cea15fed7c5 |
| SHA1 | 3eb20ff11c7f4c535a47018df3857601c84059f3 |
| SHA256 | 2683c88ad3c74a749f2d6a3f9e8d79f7193ab8c0188ed0451ab4f7ccf4eb614d |
| SHA512 | 36486549367081d561598644fb11c5a203cb91d5c380c20ee64e30d669c84ef99d9f652fdb1357a35200ba616406f60bb245aed40a0fd880bd874b511a4a250c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c2f64b7bd40089a71a08253f2773a55 |
| SHA1 | ab950e118e064f73e82ac02ec5236dc0cdb78f4f |
| SHA256 | e941871349910686abb2333a07fa8783998b59bb6c9909f6cb8fa63d074c57be |
| SHA512 | 8c97f40233400536f2a7463e1cc7c643f8ab761894eec75b59caa379f6920152ee869ee087f634c5c2825d6fe996c78fbc27857a0a07a05b7740ee2a8a78327e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1816ae8ad0310aaba831fc4904ce986 |
| SHA1 | 92547c54815151c59818ae5e5b9dc837858ccbb3 |
| SHA256 | bc194caf1090f02b521f9bd21ce357ed58f2700a469eeee610613369ba9e1c33 |
| SHA512 | d30a7016c764d7b0cd3d43d9643478f1935ec8c4aa77bdbf18ddbf535a22466ff09d17aa49bf6923a0810b9e78b3192756eaa4015b9a90ea41e58754b82b56b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | fabd5cdcfa7b1107d5abbb2e52aaab6a |
| SHA1 | 6254a5ad8c4405ff320447a57d80d00c3af45e8d |
| SHA256 | aff8dd4ddbe6e66291199565741abfed6384bdced337f113cd4e1aa6df2c5c2c |
| SHA512 | 6550ba5e9d12b91eec540d8aea4fe498b6dce5db2a926c87125f91eb731d9dee25a9f4799d0364e7edf7f9a912337dea44a9e8d7e47f6d2bcc1ced04d37663fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ac14bbf068b5ebf97321102ff0787d91 |
| SHA1 | ca79d74d16724914c08f80a523603e5a9113b3d1 |
| SHA256 | deb3755fd787bfe03c437f76688173a13708a8dafa5328463ba6a2e42c599f90 |
| SHA512 | 897e445dfcfea631c1e553675413976ad01476df903eef221c3c71ba6ac11a8c11e3d372456dbe3836c9d2f2654d7be0ba454500ef4b817eea5006abaa261e3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8cf8d0f06f1e7f5bcd23781e2062a983 |
| SHA1 | 2874eccad5a700eb207632e34543bb4384a9fb2c |
| SHA256 | f19bfeeaa0d720f500053ed1757f953c198eeb1e13ba71429d756b5b6ba6266b |
| SHA512 | 1e3a792f08f90d167991c9be2cc133af217aefef3f40dc49d789a66db78d8207981f9866ff7b86bc3f0716419955de973bee5be145622c77ae0e7ae9fbfa9791 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93d77cab90c2154ca30d7bf21218d135 |
| SHA1 | e0e3e3c60a8364ef36d54945143a526f98758f57 |
| SHA256 | 05f12c947bed6f64442d2606a1624fb2706be377eac83601f8546a187cc11b33 |
| SHA512 | b79e8ce98edbb7cd96e066c6cd05497ff224ce36a71901f60f1b924d6ed14e1e1c947d26d07a9b8e8c5ca95ac8198be4bf624fb59d8fe4d3c64f5d9cba820071 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6e9e8f21876f6136ed029f968e153a6 |
| SHA1 | 0c455f473c527bc7089aa8bf368c89812a350216 |
| SHA256 | 8a6522d910b961797fc4861b7a80f0857fb3d50a6656bd0f7012c0fe785da694 |
| SHA512 | e83e0368083cb07e833c594dd1b7492887900701bb862a5bd1602bf28d7bb77c5086d2376a5d92f223926467f90c2639f2cb89a4b150e8bdc8940f587909a968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8546edc4afc5eec93c0dbf6afa84d3f0 |
| SHA1 | b6cb2e5631edd1a87f194518dfa6ea0498739e14 |
| SHA256 | ff2ea8ae703b1b427815fb12e2f0ddeab8efa6075b76f27c22b65c3c2b889bfc |
| SHA512 | 5541e7cde62808d4a8a9a5efdb1e5c4834ae9d9e8a3348db63c06be0e4f0e8968359e087fd94e2c43f79fb1de346a4f704a4a19ee98139885ab353df9e263a50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9611d77959ca4a3cec65b892df246bf1 |
| SHA1 | 019b286212a373cb2162e3478f4a075de5d550b9 |
| SHA256 | 725782b5805786e56fc59b1feaea2073552ae45e2509c8ffbfe75808c5d3b72a |
| SHA512 | 9789ff16b60bb37a364df043af5f76d2a723b4d1c3671d1019ba8387ebd3f6e56b1b80f8444a2584a58be2cb08b99484905e42d3eaacfa544166f9a83224345a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c457db8d5998515d74962f76e6f7dac4 |
| SHA1 | 261974b64b7b9977a1e995db89bbb1c9304d8102 |
| SHA256 | a91d1eeb8a8b68fdc52230b4a65d3a95599da9963df80e45fc88723b65ccc40a |
| SHA512 | e8721562d5d485873b40c466613a3818181bc5fed2bb3af348057f9c8a32907ef42bce7519eb820007135337f59191419cc77b6d783056efad9c22552aefed0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bca03b49f63c0f8761720f68db574a11 |
| SHA1 | 9ee84a8f8fc686f55a5531f142814cebd35a8c9b |
| SHA256 | 711589528820f891e4c4c88a1b2d694d49ed159906e682df494ddb30ab0ae07a |
| SHA512 | 1e7a42332a5d8995a1e316cfa7a0a185e2e4e44569dbce6cc582c1b607fa75d75ba519b02a330eb7032312de011278f9a9b28156afd26764c160f73d9d3abf50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c21c9136-b85d-4f7d-9352-4606c33571d2.tmp
| MD5 | f73cb0d8a3bc42b7a03be0ac12756f76 |
| SHA1 | bd2f19a2c62867409370700d9d8bb679eabc238c |
| SHA256 | 7a1ccda4a2f0cc0706ebbd1b5a5181db5502132e83f921fa79e54b4666a7150f |
| SHA512 | 8d67a42d5ae25ccf343cb5498b60223692a74f002d8f3a9afbf216cb5272dc7d5a5e5d21383759599ac3aeb52c31794d34987ecf77bac7f9a8b6d2d2c7801be5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 15048ee57e7afd49a0133eb275b0aebd |
| SHA1 | 61bc0ce35a0e141f48fa8af85744b209d5789c6c |
| SHA256 | 5355e81f13d667764d1cde1ec9bc5ef3d00aa4f84eee80c3acfbeba0eaa7ceef |
| SHA512 | 32d29dae89844e70001e6568dd8ca3de9740c6164e53ec942144df7650d59863d466bd7e6dabbd21622c22b1f71e9c1b1840b3a186dabeb15fe0650844064096 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df7718c455d64e965550f98c84981f77 |
| SHA1 | 449c05aa1b93cb5d4a863d8fcef3dd9d163084a5 |
| SHA256 | e84334bad07f0913c07f64dff013814bdcf1619297a9448382e070e4cb679561 |
| SHA512 | 25394b7d21d3a8a953b96e94401eb0217831c3b49aee58c856c0738da0447a498969d4f2f60dd62a33aca403c5969b0aca49eccdf75a74bf4ef9bbcba60852f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1854e42dd14009ac703dd655c11e95c6 |
| SHA1 | bce5b2b94edc6675779cbaacd9462bf003669ebc |
| SHA256 | eda8edcfd85e217ffefb34c89b08e89c4b78a9baa16f8a3d77fd6dd56e094aa4 |
| SHA512 | dbab1a8735dabe3393fb326a5ecaf64a429c69f8ba2e120ec3dd9d199b0f993c1c53e6e7495f88da07e42e54e351b1bde10b6277309549db49b8f42416374563 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5907d6.TMP
| MD5 | fc5194ae1eab6f7490cd905016f72c8f |
| SHA1 | 63c9caf93da91144fa64145adf0ad1baa3b5e8c7 |
| SHA256 | eb4615ed6dd76d5830168cde839d36b430007c4e686e9bce111f66c46c3f6420 |
| SHA512 | f8613a3780309596f42751e3a27607a0cae61d1a4ccb9f5860e240923988f4150cdbddb1d95faf8958361291dc8f649fa622cf8c3cec5e53f675d8df23f75384 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9406961ba9311ebd1c316ed77adc16a |
| SHA1 | 0d41a59a857ebfaca26082e472a324ae15f94aee |
| SHA256 | cd6ac919d339864b26a67626bf388b03aa60368d1ed684477130c6f8f4661436 |
| SHA512 | 9306c52afb1510e941c49590be6967a2c7ccf15425e38ffb6b9b64932580e36ef06687af6072686f2611beb2982044deed0d1fb134c67e9926e0abd7d1370436 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 508491e1276d7484c4f9e44e4502bbe3 |
| SHA1 | e823f470e53201bae52be2a863a0d2f66742d85e |
| SHA256 | 92c49633391804f09679320d0999381201fa1c334fd0585a90b1424dd6720208 |
| SHA512 | 0f9b71bf1312c4a8000900a8a39a7fabe242268e2b6962e52c48b63141162266100e35258a8f10772b7a54a51b4c0fa5cc0cf803f50b32f7b10f27a3beec2ed2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 793b639f0483074bf878fcf19c131678 |
| SHA1 | b1a2ef0fd4d7944a9519e54e3201a05c62c90415 |
| SHA256 | b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869 |
| SHA512 | 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6585bde066dc1bbcceeda9ff7ccae8a5 |
| SHA1 | da3dbce2388513627b15e2408ac0e1c26e44702c |
| SHA256 | c5e0ba8c80245cad53daf52551a03ade581d5abf0851d9e4ee674bd887d7bd15 |
| SHA512 | 40539a3445a2f6194f2851d22a2133ec8686d46da511b4d2ec4307bf098735d1e78585d944b46f9ebb4b3072f6be9307c75bb2993c82e1c3e3071d3a52d15d14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09603ff26d03527cef18ba7ddf5a347c |
| SHA1 | ffcb724b2750600e08db382dba200dd35014eefc |
| SHA256 | 8fc0123f61d76ab117a89a53b74c9425a71272927c4e937bb730560311059089 |
| SHA512 | 6fdd628e47584166c48c47ebe6c586016f193a12be295a634b8b3476b9c5e5097691f01f690ba6cbdfa13dd7fb8d37ffc8a0c8e9c6ea5fa8aa6c219312b804e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 76683753cbaa49abb0a0aba804f024cf |
| SHA1 | 4514ac5766f01b21022bde839e2995dc0dd8b3d5 |
| SHA256 | 1a5c38f5a3ddead04a2819c12db5920e6f4111a8cba7eface7e5a979e94fbed5 |
| SHA512 | ee4a6dbf41090799da181aa32cf3c427ea9218eecded7ed82bd39776f36bb46133a623dbac4ab88f099a70165af3cdf7550963aa3dff6eb54d79f07394e9e0cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 471b1b5cd75e055f00b29d4f2213e089 |
| SHA1 | c29902c53124ff01159752a05482cc6c9a082fb9 |
| SHA256 | 6c600eb07cde9af41c06efa9d13a03e59ad5bc4f1dc770f862dcc997c79eb29b |
| SHA512 | 3dbf59331120087bc5995c65d030c54012d62072250bead24d19e15289fc5254857b26922c46d442849e28483f06112b1094dca684d0e7803808d7510392201f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e2e38325e039c999915e7adf9ffa642e |
| SHA1 | ed32471ed35148ce8cc9b1f37b0725faef6870e0 |
| SHA256 | 720b7a24b1c0a305385cb76418aeb3eaafffa08def4e5a90b1d694bf7e3cce4f |
| SHA512 | 1ff44054f8d2165197c9c22694a2b9e9dca7634ab3f4d252f0e69dd21590dc7159516afe221a492cfc01aa63752c0d9be5349cbab1f3365fcb28ec37660c6f02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cc192cada7ffa1513bcb54d9bfb0c6b4 |
| SHA1 | 326eb879f39eab96bac7e65baebff1da00471148 |
| SHA256 | 43e1bfb2af62912f8c8065881b94276ee11a89c3a9cdf95f4308b368ed1979b1 |
| SHA512 | 3e4fb17e1f1fe6d820af6ec56c9b0163132dc22a8467ccd413398fd31b299566c42c0e05f9149ab2a6b7ab2975d9d970aac36e09a138b31dfdb350ac039d6ef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe59d3b1.TMP
| MD5 | b512fef3ae2a49e3666c9de647b4b032 |
| SHA1 | 88aed2549c6c5f26e8db889c95ff41502c53b25b |
| SHA256 | 2a332e2b8a9ef43b52416bb95946594f1ff8a8b94e5a3ae1594eab84fcb9043f |
| SHA512 | a3042002e77ae720d0ff7b8e16704b9cc84296f8e04787505e5ed340f24d1846385e9f559c064d931793bc9c3710430cab67378bfd308a42a53f55de48ea65ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 7de76b3005daefc567aaefab57450838 |
| SHA1 | 22743349b63c0e9ddcacd0334d56119c0984c5be |
| SHA256 | 82542d403a55474f0716b9a6e0f439450c029d9e589aeb47ebefc681b7d839d4 |
| SHA512 | 1de84aa7c30337cce3d3ff0aa97e32274c240e69e21fc3d456f1c6e222a1a38c907d0aab1b97c5208f130e9c360d8416f4355f977bc9b672714ddfa0e6dc05ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 652fa3fc1cdfcfecfd66df3dc9c7d638 |
| SHA1 | 228eaaf4e02b9c4bcc3fefaa3135a9660fe32000 |
| SHA256 | d161b2814c7a9016bcc34c5b890dd21ac948a4d5902be092e3490a1594be2965 |
| SHA512 | eb5ebd07520ebee068bbd42f3ab99ce31d745c35aff9a2e096369bea34a5b91e63955b9a22391a26fed5b964270af8b9ee507442122f4a0a8edf96ce18f5da44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7ae96652f52385b109932a361b87c0b9 |
| SHA1 | 30b114c9f0bba961db9883d6641c1cfa93d89b2c |
| SHA256 | 2192ed99cba3e6aaa6aef98d54f2f2cdcdfabcb4a9498e121bc88ecdd673c06d |
| SHA512 | c07ba0e55ebcdadbcf9c748bc277e5cc71fc600c9f65a0c2bbca482a70596538a28ae951d108a37100e513981bfd2e48894471162bc2c53af0705d653e8ef5ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | db1362746191c90f0ef01e3aadd33ede |
| SHA1 | d07d6578b22228dbc44b61c8a2fe763a92bd23cb |
| SHA256 | 2af12d33c5a25da3ae789d2adf4bdedea8841094e247837b74a75f54cad5d1d0 |
| SHA512 | b9a50a7808fbec1e48b8abd841f896abe30cc995cc787d33715572aed7f6bb6d09163ea0b0341c580a8730c36bf91bb8c44ff220581c92be851f718c19723c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 14f42866d539fd4f1f0f38691a536722 |
| SHA1 | 99807b35920894fdfd20a4aaa05f7ed33c777047 |
| SHA256 | f845677d14a22aeb2cb88342aaccaa29174ad1766136991b8ce08421c2ad1294 |
| SHA512 | cb8dde1656c2efd8e619713f4b00da5955f3b10166678efb2e9c4bdf8c9f59ed9e17efe54b166159f1322f16ad4caf292994714a08eb33177028b96e7655d8e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d2bc0527560218ab1318fe38eae3d3ed |
| SHA1 | f96603588e99f30611a6a31c47778988dcfa313a |
| SHA256 | 769338fbf84da6d1b5b839c7ca6d57fd82175161f99ba164c024eb006bce75cb |
| SHA512 | 3af410e44b858997561af32473ad87ef17c6aad967eda59a39c13367f4c7998fef480f50e62eb6c68d6f3565768858ca302e9d8b8a10b69e3dfb50d38e046b97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 035433b71fd54a077c64896b079c7158 |
| SHA1 | f482a995f8a4f7ea5750adc4dcc3d7728ea59973 |
| SHA256 | 14501af0164cd704b87fccb028acc1334f6247cb46652de0e25571fa5a51e596 |
| SHA512 | d720b485c2debbd75b162006056bff8ec3184fa8a7a1ee93ba2d0c0d504671e7ad9e0e18992fbbe806c50a2e4eb8a21c84e2f3de3222c346c35c6b8cea91fd1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3e4db3c7ebde64b0ea7a623d3c09a8c |
| SHA1 | 24b3cd1c0b3f4f02975fac92e5f6050f5d4c0937 |
| SHA256 | 569e048e6b2c17b1f3676acdaa3fbe9522a88a30249c940b4e7156701e4fa5e4 |
| SHA512 | cac4848cbf3b7a08e3742c72f320cf1005032aaefc1c9f93062adbf34252cf2bd5b0081ae80dca924dfcd027954651983a7da2efb098d532d74526f21fec3bd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b8d026a3acab3c4b6b24f45f59823058 |
| SHA1 | 62f04944e4ad87a4c2d976d1def523e549dd50aa |
| SHA256 | 670ca8e332fae14bb00fa90b279f4a966616c24e3bd232453d3498d7271192f3 |
| SHA512 | 72990b10958aa9a34f39958af589a8b5865d615c34bd82d7f55914464117f1398e61329e67ae70b96c70aeb73778f59889deb976826d4078f7d5e9e1545b9f5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce3d332570ecd170f0858158f00aaa7c |
| SHA1 | b6bd27239404abc0e3e525a823e5d35ca4924ee2 |
| SHA256 | cb7d5bb9df03323878034fdcedb13e7409432024c2c7975dc725851da4aebf3a |
| SHA512 | 96b00b240267b8fe2d4706cd670af3a60207e80f6131ccfb76ab222dac0162b58c55a89d2fa8b66cb87afa06f2a68e678661488e15f361e9de95d5da363e5c30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1811957434639b4d53d9821a7556dc21 |
| SHA1 | b7e7645996d69f1f1a476efdca26d50c70672e2e |
| SHA256 | 91e25082019eac4ce883feaab69c1931e2a9e35e573cc76b40ea34bd7945d3c4 |
| SHA512 | 1ee3ccb1b0ae838fe5ab7042d7131a141322855789e050d79310a5810fa69e40f194355a4372dc53afa7128e97fcfb7462595d807e846cabed103145243c60ab |
C:\Users\Admin\Downloads\Unconfirmed 675361.crdownload
| MD5 | e284a7bdf53b953d5514c6abe985ed60 |
| SHA1 | 91655419b0e29b53bebbd102127056f396af6bb0 |
| SHA256 | de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e |
| SHA512 | 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7dc245a1d73925553d81e9ac31d008bc |
| SHA1 | 89e51bffbb86d2b09a3d73bbfcfce885ad3706d8 |
| SHA256 | c0b4346f5326c9bc601f29945f723e3b43511f198e865a6723c22e0c317a4a35 |
| SHA512 | 7789dabcd5766ed4edb2f44d1048a255ec479932182461c07b11316b0db53a2d095a144cdc979c8c015ba0d14cc1238347d18bd9dd6fc99dc581e3bc8d82236e |
C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 223d0ab8a2df8cfc07c68649a5103f4e |
| SHA1 | fe48cb11aba6c1bc964038e8992b4768d9a78d00 |
| SHA256 | ee88384c2ff1be69b64f0e73a4535c72915d394e5e9fc875fe272984a75f08c8 |
| SHA512 | 03484ac1f2b3b380724091c0bc1ec5d5952bd98f0cae402dceba7794e4834093c406af068e585acc9125b7f857975c4bd6a1a11208661dbf5accc56afb965f1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2c9a240c16699f6f11b65006aba5cc65 |
| SHA1 | 81639efbecc4da9045c806414d8c5194e4a19c0c |
| SHA256 | 6c8e5deb3e5b0187c72532bae8c80625827e447e1d072dd9c89c7687094de90c |
| SHA512 | e171c300ea08a68088f3329b5fd8ea7c2d56545547b55020bbc9e427c8cc92a8ccdc7b784db08e11f9e61af6ac48be869ef0fffb67c1af97a0e9d8224eb98fb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5b6356be36d85237e772d65b2c1bdcee |
| SHA1 | 4f6fba9ea254b0a2ff0e52b2152eec5eca171dff |
| SHA256 | 275f7b726982efa0ac2ca536937774284659c0041d69989045d72b66f41443cb |
| SHA512 | 4afbcd5367f8e7af261a030627426beb09d7a90c100562042eb21c922d1a94dff5848a0e70748f7210788c4b23b3b67dccd5b9bf9efcd784807b2faf6e707f8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2ec18f244701f9ecb984334ed65f7ba5 |
| SHA1 | d8777cbd0903f532bd580c3b9e87aebb54f3e540 |
| SHA256 | 170cf53549c346c1709057188f2068addec64c51984920eb5a19a7b52fb70f9a |
| SHA512 | 313a196049b1f905ed4ddd832c8fb04725d59fdde9176c82891534a0e5fa005c6263baedbb8acfeb69a2271ba60b33ed667d22800bbfda53ed292cf2ebc17935 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 273bdd58e20b3653bf86d24d45dfcf18 |
| SHA1 | 4febb5f491ad6199d6c250fbc4a88c9188961fc7 |
| SHA256 | 38fd0c7811a16bff13b6f30ad4782c94ce4dad3db83697766b1e7d4698c42533 |
| SHA512 | c255a83be18baf2aca7456b48ca3bcea2b79be2c2c764a259d43a234ce4c67acb0b37af2e5884b95affd2fc70e632e5ee34926d0f47b5449ceff0a34a62c4c50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | f118ccf634b98f8441e9c134a9617ec0 |
| SHA1 | e80e1e7907e14c86c2441355f1982538cab98b0f |
| SHA256 | e21c862a76ebe37ddc88542d4b9109a249bd79477f4647da29569a2028675e79 |
| SHA512 | cda9a79811d059a405b52f9aa60ac21949ef8a510824fbab8008c738ce770d225abfe0c2b4391bc8bcb9d125396972bfac6dd9c9284383440d37e3485bdb318f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b
| MD5 | d8b1ac4748ee8e1e706aa1d1cef322ec |
| SHA1 | 8991e7db3c373bc2a9543abde941846e3f4151a4 |
| SHA256 | 3dcfa509cb799df45fde01850c662abad137fdfc3e323cca551479b810887d6b |
| SHA512 | 95b1eb087a4af6a3544d646a4dc322989ed17409ae07068966169d2bc065407b68891b090175b59d6c90330a3615a466d2b6be55edaef6a916490f721fa23387 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d
| MD5 | 9c7ef531a7b8d7d644d2c81b53f3617f |
| SHA1 | ab47bc7eedaf050352050053a6fe6c0b21dc3aef |
| SHA256 | f7e9958aecacb7d273f6175a903887f209770c18c53f04c00f4a58a3696b2822 |
| SHA512 | 232f0398f805b20121fa07e2e1af27c2139891d7846785d5dfdc2025b985b44b7d652c80bd25ce60c53ac0d1a9c55f0079efa6f811a82fbeb990a60dc71590ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 7235e4613a85a7ab660d2cdc4259e20f |
| SHA1 | 36dba6f57ce9f820fa17335f03ae36c35e23e7c7 |
| SHA256 | ebeff062fc4fc06902c0febe6f87acc205f4078d9b810ff93fd92b85c407fb22 |
| SHA512 | 1b6fb540a494bfac5856da0f306c60f87e28e64ca8dd178c7b799d2142fff71ec076398b9e91cac26cc9d84dfe6f2664468fbbf4dc29a6f51558d2cbb32d279e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c
| MD5 | 3618d846f630a40b26ccb3b1c0be46aa |
| SHA1 | a60526e2a44638f9f20454bfcbc151709299ea63 |
| SHA256 | c29db5d5e18917d72f8bb8d19391ac76f053f5a722ce755b0a5e6cc8ab4c3026 |
| SHA512 | 4cab2f037ecdf010c0cfa81f817a73620a8054dcfc3e1e92eab46502d89ec8ac973af74322e50cd74efab5062afaf64d696b01004d7e4f8ae5453301d9cc52c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061
| MD5 | 8790d421354bb7771a8929b6db718a3c |
| SHA1 | 14091d88f1d36dcb3ccfc9ef3684126921565768 |
| SHA256 | a8e41ea4214c5f8b8d572c468b00cf2368c29429f8aa81757787a7801c5551e1 |
| SHA512 | 77a9e43626a2a5bf267f08dad5acbb5f3e2a0dc1aeec22d2d365bf850a66e5b491f63010257d5ace615288421c898159d01ff0e0ece1f984b8c47910191805e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060
| MD5 | 0d21e203bbef801fec11d9816c9e2884 |
| SHA1 | 6e9c3a72a6cfbd4a3320304b5afa7a65e4f704c2 |
| SHA256 | 1550c6a1e26787750a7e7049e1f7d42662e080119a704b1d0d0ed22df55f535c |
| SHA512 | 09b22c645f2a0cb64a139429f718547c4f741af6b30adef41b872ad8710bf9d4d67a7fa6583c834f16d20781320940c5b1bca0c25da71c5e89cad6dabe9ec5bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | cd9c3bdf6d468a4c3661380daf942e02 |
| SHA1 | 97e8b56135e79f00d6e8493efa4574420673f99b |
| SHA256 | 809ff7cb6466ca6a86cd4cd2641cd69c9b30ff5039aa3847c321fda05c3ed879 |
| SHA512 | 880ba6531c2d7a866e8a0fd84566268f69cd03e24f00fdd9130f80266061fdd0de934c53ebe191ea581483b2797719f0a9f6ab62dc9f824b450c34ea8afee133 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | 1516686d2988c0dc2ab8198a39b74780 |
| SHA1 | 9706f958733e370b6019dd02a3d34b102906b205 |
| SHA256 | 486433d9925cade9dca858a4ab3ee4d0970f34ec7a68ca68ddff1ac59569a442 |
| SHA512 | a3a69e0c79d6a878bfcb095e5f9db6006bc5a57e619ea230f2ee1f4e4fb0417e3ef3d130b8f1a45b0f3ae7afa35f43a135e2e52671f4b02cded9b24edddc6fda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e
| MD5 | 474f2e4e1b8886b827d498c2e34879ac |
| SHA1 | caee67e3c63f928b85e99c31bb9428580e20dac0 |
| SHA256 | 8a3a1abe743a7f2058f718b02bf7e242d2d447269ad66c27a79af235b2bf6798 |
| SHA512 | f4cc0ad4bd286c5153d68853fe381111172b1c1aad04b91eb63b2b5b284514a2150879600b8781a16b346f71e96b1f040d47565a5feaf94fab11ce9a07befcf7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | dfa90e7dd6d9a1941cea629d2f821dec |
| SHA1 | fa7c71c8e2884cdbc177e650d8c4db93ba663b8c |
| SHA256 | 300231d0eff5c31fbc13ebe40c60775c617abde6366ac52f8af7329184eeba54 |
| SHA512 | 29f7f9921d06af70c7d7c990ed4877726c45f3a78756badadb4c9610e5aaf5271e9aca11017139d5a7c6c3aee0eb01a6980c210fd37c864a121a2864ba954c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064
| MD5 | 12dd54c925bba66fdc3dba47e65d8181 |
| SHA1 | 711dd3c37f55fbb7d9353a135e15d1e413c1d844 |
| SHA256 | debca6d9d73ff5841ec14038c43d26ef045af354f278949e9a95a8cd86ac98f3 |
| SHA512 | b636b983b7e043f52ed2e4c7c14433782e3b2a18bfc89283a721320c05e7ce29dffb4e2c65877ca31157090d7762a02aaa20244b21b5b7c43b5b30260f26f979 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 547904377f2ac9e6842898ed45eb075b |
| SHA1 | 3e7d1b5ec6c4c251ba5dcd1fc3bef1c1cfe01744 |
| SHA256 | 362b2f41d8ddfb546263392e5b30def94a003103a714a8637d48d2c1a046f563 |
| SHA512 | b8ca1d68d5bfdc9715ea7beba6e7a47a295f72f6410905c63c5b6a14a52e3cade0745c7ab067cf245b27803f4bcb418a75253c86427fc67af9da6491091de218 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bef4cd5f2149462a6ecdb54f0c32e4d7 |
| SHA1 | 0834fcbbcccd3730a61e0b09041b2382a0ca5c88 |
| SHA256 | bea5a0fe371a720fc67c6f0f4ecea286d3861465b4e0895b51ac2c8d4235ade0 |
| SHA512 | d6b7280e7612f1808b08950a11e4f6220238ea5608fb240af26d231f90c539cfc8b5ed5720c12f14124592844b5f6d012bdf7256fe3fe4cb37ecac98292560b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9c787feb55b1807166648be8c35e2861 |
| SHA1 | 05ff55ed287b6fc22adb60049ae688c92e6fd865 |
| SHA256 | af6e581c549d12e09618b39118a5339c75823997e47e7abb26631f509e58bbd6 |
| SHA512 | 857b7dce0ac592373c106b1b39853b13332c93e15464b87b306d13bd076884e95822cd2772652e9e09d5d8acb609155b6af86cf994856c6ce013a8d908d1153d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56ee210944e4b1ae649a4a15539dbfa0 |
| SHA1 | a93987b8dfa86bfecffd6465fd60d06a432d695b |
| SHA256 | 18376f8d477da0b6ce8e4f3662d01cb026fd9e003f37d451087ed015b8d6d78e |
| SHA512 | 383bf50a6613fa6da2770b842d315f2f4c41993232a7233bde561b06c20d614be0f6ee3783c6ef979dfb84133dd7ee4f5527bbe3a1c7ed73a790813a029944b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bec6a91e03e2bcf0639a06b04089b71b |
| SHA1 | 95221784d80363ed0d3e3f7a32b76d9c6c1c955d |
| SHA256 | 62c6434eb19843facfe46fb4ef8803439547c1a0ff3ffc34ea2044be171cbee1 |
| SHA512 | caa583fc9ff736d5896e7691ebbcdddd6b1ebd2b8149602790d9181c32395834d006ee8ccf5ead9e82adc623db48127295c99ff85d429b666dfbf1cedb900cf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 02dc1859d2c7698b228df5102f90a301 |
| SHA1 | 9f41aeeb3e07c061196ced5cf2abb5db71c9b0c1 |
| SHA256 | db954efd5b2699816991c0f5f6d14ca5ce8d2e297322c248a10669f8553c6dcf |
| SHA512 | 0664a9761cd50d04b0c6168512a6200eb3667716b3d24dd983edde6d38229b20003d0639687726e0e9d64b1702f74e36f25f3c9c88a21ca39de73adc3866b868 |
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 23041910d63a0fe31ee31f41767d2b82 |
| SHA1 | dc9a2e9f4d279001b6b17d503c77006c415d5c84 |
| SHA256 | dec2c2133a0128241c943a2ddbf9de246538c6123266fdd41673ca25a84068d7 |
| SHA512 | 04da761ba67806c749f0f39f5efeb88e2b2f88ff50243e77c722bd8e4b6deca641b5981b4f9695bbf97eef9833696c386b9b09ab0caf28a8105e3aa04225b00a |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
memory/2204-1851-0x0000000000500000-0x0000000000535000-memory.dmp
memory/2204-1852-0x00000000738A0000-0x0000000073AB0000-memory.dmp
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | ca8e6840d99b0b5eec8943d3bf39f37e |
| SHA1 | 9a801ae1ddb28f07384a47c9c32497f41f262868 |
| SHA256 | f88f756ceafc6dfa1b5dfa532e82f53c4ff0a37e41ba6b46798832561f70d5c2 |
| SHA512 | 40675ae8bd26971c77a8637760c1337d46f811a6342005f55ae7c4a1b230d9f2e0280e30ff13de80582b1ea7642495ffdfe83e80b1d27afb3328ad70fa6a2ddb |
memory/2204-1880-0x00000000738A0000-0x0000000073AB0000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe
| MD5 | c31297188ec9fbaa60449f769339963e |
| SHA1 | 8502d9e0cef18137529f0a46ad6e69a1577e6cae |
| SHA256 | 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9 |
| SHA512 | 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a |
memory/2204-1913-0x0000000000500000-0x0000000000535000-memory.dmp
memory/2368-1918-0x00007FFD690A0000-0x00007FFD694A2000-memory.dmp
memory/2368-1919-0x00007FFD68390000-0x00007FFD688DC000-memory.dmp
memory/2368-1921-0x00007FFD690A0000-0x00007FFD694A2000-memory.dmp
memory/2368-1920-0x00007FF628AF0000-0x00007FF629AF0000-memory.dmp
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | 426222ba37a49ad0c694f65d50c07f46 |
| SHA1 | 5a3edab589e1af5da827aea0cbf2ae56cea0add4 |
| SHA256 | bdb18ce3049f3e2092ad8fcc836debd7294eb723de056f0023c8d496aae8c5bd |
| SHA512 | a78fcb3376683016f4f95573fb354457461cb1b2b486d4eb186354049172d0922e4ab1b14d11b44d4eca25982904a2fbb3c3c796acfa3227be937e64aa039788 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | d224ce8ac535163af1971f784f0b5b01 |
| SHA1 | 3d7fdb0c4d187450c1397751c825c476c0e73cd6 |
| SHA256 | 656253d4c05acaa5336e2a240d3989f0f21db4e01cd9cf0e040aadeefd77e661 |
| SHA512 | dce861fd36d834b88907f5836da0bb46e824c569ddf4b308fdd59def6e7b186b2bf99e3b9d93d7329e8203b18061fb8f2d10131ad39e196e826a2d462b05039b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5e30d2.TMP
| MD5 | ec826b9a8b6fb180ec7f7cf56d7dbb22 |
| SHA1 | f174fddef83ca09145639481132dbfaf36e53538 |
| SHA256 | 360f59ada4c27ec8461fd031f0a32f6f3a8451e21122ee961ca196f9871ac973 |
| SHA512 | 8cd0f6443bdac54385152c6470b8ff4d0f847ba3df137ff91d2ec55c1a4a6e6b1247c78ccb80098614fa8293fbe91a66a49086ad85b18e3ff3302607daf02797 |
memory/4724-1952-0x00007FFD8BF30000-0x00007FFD8BF31000-memory.dmp
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 880d0199458cef52ffff20eba9524a14 |
| SHA1 | fee8d2574a102632ba6b282f2cb0c8ec9baa84f3 |
| SHA256 | 94c17a444b475db995b7f65e345f903f54ef6f3fa42c1c1f644033abc33ee71c |
| SHA512 | 2139c1e104ee6c453481cbfd3f43f27124657a9dc991befba165a952e85d1f149348d6bb32a7c44e7947501dee1f2ad81164f6d67216830b888c2e294b8577d4 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/736-2028-0x00007FFD8BF30000-0x00007FFD8BF31000-memory.dmp
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000c
| MD5 | 6eafc48312528e2515d622428b6b95cc |
| SHA1 | 8c21c748004366757a93c587668ab55cb6a4bdf0 |
| SHA256 | dee6942321440ad24c989d45fd96bf0c0c11e63e04357af2128118eb75eb887b |
| SHA512 | c501160df9b93014d510cd22060704b434fac4c6ba242d3e625e1bb6e838aca31889197e74fd4d082f4333147ec18197b2a31619d55d37c9157ec275621ee64a |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000019
| MD5 | 0acd8ff34f3a5c177d02e9011ee74eb3 |
| SHA1 | 7985774d3676c27586c71bbf28b1f53598951a05 |
| SHA256 | ecc55e4682a2b83956e183e86dc4d475e91bf192ea71faab52a8ed8cde83a3a3 |
| SHA512 | bd5402b5214bbe9e499ec5cd9c6933592e1d3599ee80f72fd2ce2076fcd50dbc355cf3d58e923ae2400d09742768bbe9086c7cebc8d2560e741726bb37374ac2 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001b
| MD5 | 66d562e3299ee732a53db150038c026e |
| SHA1 | f514a9e346cd443d196c1bc401f078a9fa147323 |
| SHA256 | 252d971616775193836fe6c0c057edc13c511ed2bdbdb61fbe3c4567a3a8e530 |
| SHA512 | ee24be2709cb98ccbde710654eb1ba533e432819caa8c6bf1fedfeceec452fa3c5f3b2402efc06e75d59e55b6e7beaa71f88bd049fad8e17449c0fde217a6468 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001a
| MD5 | 38e00f7de6f417aa3a458560a15e2b8a |
| SHA1 | b451a3a2ab0b04170804d6cf823c6465f33f6f44 |
| SHA256 | cafe3fe334035fb21ebef6484cfbe1efa85c46f02113c57f8047c875fb9928c5 |
| SHA512 | 659f0a9a53e98b2e5dd3256c55b96e5cff82f6b323edd5f92f8eb9897e1376329454734c6c799963ae392833d948eac84fb9b483a5a099c9ab942990a18e7f91 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | d5a593cf86e6623baf3abbc9cf2191a2 |
| SHA1 | f815b271c19cd9bb3cc1080ffc811067a59195c8 |
| SHA256 | 297abafdd42b36abc65fc5f87aa5d0cd973aeb62e7ef753c37d5d5f5d25b23d4 |
| SHA512 | c2f6dbfeb50f058ce3458403ce164461ae5e63a11a8fef3589e2b565d9ed5a1976db32b3869b58f082def5e94dcffcb4daf89c88f08ddab4eb0f08f1d17530fb |
memory/4724-2318-0x00000224C0EC0000-0x00000224C0FAA000-memory.dmp
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | 2867b59b55d97ddf0a70c9b64f3eb2e4 |
| SHA1 | 488f4b7a0b969bd24d4e0b5981a0bb21a3eda57a |
| SHA256 | d245b346c564fd32e0f01a9a1ae0cfdd08e45437be318aac513a6e8728df3d5a |
| SHA512 | cb8d3542f4042cb4ce1a39b32dd641317932f9c7451a82ae707d9f2997c65a73ad3874bff21a2afc83957cffafb4133fe714c0c6483c7ce6d1aa6aa68f54d73a |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5e853b.TMP
| MD5 | 3c67858a866d778714a305a476c4f7d9 |
| SHA1 | 885b71892e242862c244f27f1fdb3e5556edbfc8 |
| SHA256 | f685419e101d106a24e702386e3c03885949145a5dcea54bc2de18c77e398675 |
| SHA512 | 9ae187b638b42a7098cc72f0e47fbccb36023a64d6450a65a9425b576fde3922f597578c961bee237c3c41445e6f6b3d30e1b876ab3972ae237742783b05bee6 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5e86f1.TMP
| MD5 | e3b13c31d6654c3a40e0a6605d7ae5d7 |
| SHA1 | 81c50b7d54a6f76049d91997bd95dfdaf64c137d |
| SHA256 | a365943c88d3caae9335d4b326166185473a528c2e8156313c937f22d5f4db28 |
| SHA512 | ffe225920862de215420ffd8889c65eb5ad10e95be6c2b1d6191a2b3b9306bb26989666dc05bd4e40b4919ae11354c3c6f1e212d4bc91420aae9d44416785004 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e9695db58d6b8a3433f679c2b42f2ca |
| SHA1 | 3daf388b5fe4de31c0b37db9cf7371d0adf04d41 |
| SHA256 | ae309eb32dbf0329e1afc55c2d423999f881bdf441ac9feb6dee286122f05ac4 |
| SHA512 | 5b3ba1694523a5f3f445d3cc4018461ef4be3ebadf7a8159d035aeb9efe876e1879f48c9609d95619515618924c18252b514907cdf4fcd0917356bd146b2ebea |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | c887104b7bb0a15015003a01ccfee39b |
| SHA1 | 6a9f773be28462d4477837238750f3f107275a28 |
| SHA256 | a161be3085eb15e05744ad46cb6c5321e7f5596c41ec6ba27636b61fff93c653 |
| SHA512 | 03af0d9dc8137bf352d4cd4a7f4745b99312b4ea0c827f705817065700cd4538ffaf3fa73f3707c14fac603424eb12817df1774a6654a7ce3492a22af332c767 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe5eb89f.TMP
| MD5 | af4aa3968b9513985c51be8c527ea7a4 |
| SHA1 | ec992cb4944680a685959e7fd193ee09b652c829 |
| SHA256 | e691abed221c8547a41770b82e375e8e25a0a4f30fba283dbf776027e32052fe |
| SHA512 | 1dfcd288dacb9412785dc21220bf57e2eedf0f2c8ea46d11a3b2d14c94d06c7014d569968455a5c32cfcd5315ade77ca1bb8e61a59669961b1af60b1378bc216 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001d
| MD5 | 3c102ace52ea35b16da4383819acfa38 |
| SHA1 | 91a9953eeaf4ed11a424ea57bd3c2dfaa686c948 |
| SHA256 | eb447eecadbf640fa5e062754192cd7c2b60b4d37c621320ca3eb7ab25b0c3ca |
| SHA512 | 1fc15585854512f6b5652719b8443c3e421eb88699035f18a6e13de5528b72d858e5bde40b9c2863effb3c9cd570197fc718d0c2a61b334ef5133efabd050a95 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | 47a509edcf60311a33dae7b4306b64a8 |
| SHA1 | 05f31220a28fc3e0c886ad7ed99f9f796329bef5 |
| SHA256 | a07caf35673d820c7363bf67fd9427988cf2c4699ae81ca672671697c12b5a75 |
| SHA512 | 198493566619f4ec86179e96668b959ec4f740085cce7bedd5f2df24ce5042189ec0bacd935151cd2974c1e6c9c03007b2ca32d74e6bd1270de3d64fc3c3e123 |
memory/5820-2425-0x00007FFD8AB70000-0x00007FFD8AB71000-memory.dmp
memory/5820-2424-0x00007FFD8AA50000-0x00007FFD8AA51000-memory.dmp
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\keys.json
| MD5 | af8fcadd95b5f42bdb56962938f7d078 |
| SHA1 | 2713e1da42c96163d18f84ee662b8b61a1e56d35 |
| SHA256 | 142c07267a3e13f64862d83748ff110704354d3facc3b60743602fc47e651ab3 |
| SHA512 | a45d792cb98509a1ec7e87e8371f6dd16b7c12b167f62ab68af43f7f3c3d2e5f5890a9556826dc80565adc2db20f7f06eeb3f12cef797ed2d1b132bd6c304d28 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\manifest.json
| MD5 | b2ac91ca2bec034d1a335f9e2f574526 |
| SHA1 | ae9d2be2c07bfe84fea807d18a235609ac5cae8e |
| SHA256 | dfa347c4668c5d16a7d946e9330f08d3551a89dea06e53e1cf24bcf3510ea40e |
| SHA512 | ff3dd90c1dc9b10754f54c5c54fff2a6877f00fda09f47e07ab05bcaa40a8d3e960a3654b1cad498cd233c0c09d44d686b523b882a385525b60040d708e88b44 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | 280b3e086f12efe40d1a54192949cacd |
| SHA1 | 5d2255eb959c14785d6c06b485513d6a8280f11e |
| SHA256 | f97a9c8f31004f37391b1b500d1f359ecd22208a9728ab6db18e410e91b58258 |
| SHA512 | 8328d29fa635ff51d3da7db45d768bf012a8a7b30fef5ad64f2af2f6e3779aff6ecd5e2453c4e482e5682ba2acce330729fa45a5f967981203637a44a623efc5 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5f4474.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_2030064083\manifest.json
| MD5 | 55cf847309615667a4165f3796268958 |
| SHA1 | 097d7d123cb0658c6de187e42c653ad7d5bbf527 |
| SHA256 | 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877 |
| SHA512 | 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | 386351c532fc78075353642e017aa1a1 |
| SHA1 | b86d1c850c9a9ba8a2ea1e7d6c2f189d59b7a7c9 |
| SHA256 | 3796d5ccd4d373d3eafb2898c3c1502f65974a43eb72b68dab82e7d74b0ab057 |
| SHA512 | 66b0573e6a7350bda57327d88f06a03af69ef7ecb721c79580edae299cac8a83f8cae4a376305ece1e6217519e61ae5f544d65395722b6b39acfe37c69b601ef |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | 3c1e2b6ca29e48341bc30bc55b314b52 |
| SHA1 | e991a687499786716923da1d085a464eab0c6806 |
| SHA256 | 0df269c2c8516ee0693565d526a293aca6c83b8ac737ac169c07e5affdb6a053 |
| SHA512 | 00d6a49a86162d75ff6b2514730c45a112ec57c090c6b7ded7609d9c5e9a8c236e698ee707157eb2bc21efb89f4862b46c0bd74551de6c7a975700c2399dff40 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | 6efda8f3d2db43659dbebdf96fac9c25 |
| SHA1 | bd5fe80c52feb15ecd4899ade0da8e475630a8c7 |
| SHA256 | 8e833ad4ae0bd39fe364ebc66c05934f5aadc61b79c97404ca1547550cf74f19 |
| SHA512 | 775d96cfbad25fc6a12f06239c9ec234d1b67a4d8317b8675f17f0cb682220f888b7c3c23a9e4d6216b1568a5dc51351da2e467d39853040a04a9e209b1ea999 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | c99c0c440acf559b3f833b9a4e9cf711 |
| SHA1 | 212ea0a36def472912445246ed3b2f32e20de09a |
| SHA256 | af89647535f2718066112771c782b4b577e6adcb04e2845da6e9c1bfd2358eb3 |
| SHA512 | 767c654cd0d619c147c55abf3b289d13e916f38412149986178d3ad9239fb81ae99b459e4f1c579f3a0fa6c396e0b02e98a87cca9fbd1d23bf0fdb3cbf9378a1 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | fc76827d1d3cd515a5066b3dde98d1f4 |
| SHA1 | 0d476bb815abf98276ceba186fe9de0b31133875 |
| SHA256 | 09fa4aeec9d2150e6eea61f8666107b9985544a8efd2aa829e5c02767160c1cb |
| SHA512 | ad499275c3933300382e87767e7587e68bde74e725bc072e5e007990ece0fa0aa5f9539f19e3b51758e66aa9cf8b870fb8b3c3d363c1c3aa52c8eef78da80019 |
memory/2368-2716-0x000001E61D020000-0x000001E61D460000-memory.dmp
memory/2368-2717-0x000001E60C4B0000-0x000001E60C6B0000-memory.dmp
memory/2368-2722-0x000001E60C700000-0x000001E60C701000-memory.dmp
memory/2368-2720-0x000001E60C6F0000-0x000001E60C6F1000-memory.dmp
memory/2368-2719-0x000001E60C6F0000-0x000001E60C6F1000-memory.dmp
memory/2368-2723-0x000001E60C6F0000-0x000001E60C6F1000-memory.dmp
memory/2368-2724-0x000001E60C700000-0x000001E60C701000-memory.dmp
memory/2368-2726-0x000001E60C700000-0x000001E60C701000-memory.dmp
memory/2368-2725-0x000001E60C700000-0x000001E60C701000-memory.dmp
memory/2368-2728-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2738-0x000001E61D500000-0x000001E61D501000-memory.dmp
memory/2368-2741-0x000001E61D500000-0x000001E61D501000-memory.dmp
memory/2368-2739-0x000001E61D500000-0x000001E61D501000-memory.dmp
memory/2368-2740-0x000001E61D500000-0x000001E61D501000-memory.dmp
memory/2368-2736-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2735-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2734-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2733-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2732-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2731-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2730-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp
memory/2368-2729-0x000001E60C700000-0x000001E60C701000-memory.dmp
C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json
| MD5 | 30c7b2bdc35c650d2b65150241646816 |
| SHA1 | 94d466a5f5159784155b6adcc9555bfdae4710c6 |
| SHA256 | 0784d39379f0a4f971777844ba07550aff31a3d5e32ce1d1eff6f4c7d49b90b1 |
| SHA512 | 8d51ef924b6c8f46a7ced69f188f2ea583ef3feb7fd84f51a8af8810c51e5099052e2c1513f15ac6fb83fecbef8c984fb4e124ff524c2b20a437943dc127465d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0539171f06c734b8f92aa2f73d045687 |
| SHA1 | 1f4d317013515574aa650ac7b2975e4d57f9f71f |
| SHA256 | 88230b88d3c95edc2072b65b0bdb11f3f4d24ce69a123ead69fc140ec05f5651 |
| SHA512 | ec8908780c1fefae688d7441d8166c9d7faba8f5c607364396ee68ec32abd3cbb067457adcbe84868043685ca35c26b9b7638471f9ee5fb9d382a803d2e17d85 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5d34a1f5416fdc978c6e0c7edc7d67a2
| MD5 | c76ac26f80988d0fcf03874d625b86af |
| SHA1 | b04a5e95018f8eca571daa4077e66626b9ba0de6 |
| SHA256 | 3dca66141315cdee30f7604013deab2fcc1dd74af93f9630fb700b7606f531ab |
| SHA512 | 23ba1357212eb135ad87fcbb81bf73fcf2e189da34f08ca1cccd40d763a856e9ca8ce5514af395caeefca2b0dd3a6fe3b8d43e060c5baf5139fb357fedb90a59 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0cbacc9a3c6aa07deb13db83f658936d
| MD5 | e3690a37568ee9fe7f191a17a47e2146 |
| SHA1 | 476c939e0ca065001820946509e36ac2842fb1fa |
| SHA256 | b8da756d34febd98745815e7ee643c49dfdf1adeece7fbdeda22487c06472f28 |
| SHA512 | c7b777cb3616fbe210b58c1e2395ffb378ffb36c2fed3af8c634e7d39667b9b433386d1a284f936a1d4e10e76c7a678e97216fe801cf95a0fc3fb313fc4514a3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ceea000e430b7c9714bd62a61ef5eb0d
| MD5 | e6bf3b994b7bd85aa47c17406d367d2b |
| SHA1 | b18be2803acd9576aaa72bb19116b09680f0cbd0 |
| SHA256 | 92638ea5cef2b20242923fd21757df86c8c434ff12243d480250364b8480f2fa |
| SHA512 | 3e207bfe1b30c981fb533971769a4051c0c87ffbfcabc012606ec939c5b66f2bf59cefeb85c2b903856d6396584b2c96472965c11d90d6a1ac9f59b29cf3d664 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0f10b6865c21c904e29f52a54a31f37a
| MD5 | 38b25c1089062288a7a9a8876138e465 |
| SHA1 | d7dc1955cdabe9a50ef4f6b345c9012e3efeb56c |
| SHA256 | e39aceee4952e730f1a101894520b046ff21156ebc79c0f8e070e87af20fdd29 |
| SHA512 | 198469bc9aa03de2c29b322cee7714a67b1b421a8fb0b6ade7148f54fb5ea0a37f6afe5e80f052f41815174363ca2b2dc8395534c624f0f87d2f7a0e9d773dd5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1aac6bdbb2642f3f23fbed64d042c3f
| MD5 | 2c65a49f36fbe81aed88d7626a0112e3 |
| SHA1 | 832fc429cd021f288f5ef9531e7dad6c9c6507fc |
| SHA256 | eb8f138e67962a5c7db64722b78454da2e3c3d656ec8d72c9bec566f10a942de |
| SHA512 | 4fe7c7a7e439f6b43bc13af9291994ff913fa65ab1d77f162c97b18ae505b1c46ffb2c9236b7c9010580b095526a58204bf182aa5d476e3d0a006b2ca450d181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9c9142900ac97b440bb74add8dbcb3b2 |
| SHA1 | 175fd5826ee2079e04759775a7451c6a3f17dd8b |
| SHA256 | 9394153d4c9d2cb7d72ca4cf926cc5c7766ea1c3caffe8e01cfee9cf6e6594f6 |
| SHA512 | 6bcc13ef74149cd081dbe6e184b03abb72015faa044ee53bb54e4d13c8e94b6fe0552485199cfbe0c24316128906518d015e520f1bcfd6dc5e16968b660461e6 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8fbe2ad68bce1f4933b291c365e04e75
| MD5 | d6a9f27b18ba6c1cd064cfee32420a8a |
| SHA1 | 3eb4fe70132f76c96bf7f951070f437ba176fc40 |
| SHA256 | 612baaa3a5eeebe00562f3ecd4490073f3313811613ead2948c1626128191506 |
| SHA512 | 1126e9b53315742eedcb4e28bec6330c03cbeff2d311c9bca1e8280720ded31b6ad7f4f4b6899aaf23656ec46b19fc2ea6566226c1fbb1ded1c3790832d9fc1a |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3e2504bf31b5aa0ab48a8ae5f1dc5f1e
| MD5 | 6abaefefcacaf36071c43e9dc51f1bda |
| SHA1 | a562a7fc46cec9c90e86fa570267864ef2249a20 |
| SHA256 | 55941590b6aff4d570b3531c493c14c46eb687ed9e4de19200de1681987f75ae |
| SHA512 | 5fc4b6db68c03630673789ec5f5d017709e5a9011f25575c0e428f4a21c30e1f6664faa9e4ed456ae79c7ea0fc45db30b8d45ad9b4e2e94f49b27c50237872c3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ac0ab8f16fbb1afe5c7b089b5d5698e6
| MD5 | 5bff0b6da657e8e4ed652a4a5faf57f6 |
| SHA1 | ad49b5a7c4734d26061b0eea4496fc41949bc5b2 |
| SHA256 | c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f |
| SHA512 | 146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\cb8a45c1430998ec1304e4c79176816a
| MD5 | 933b1f5dc544d9868d257d80e517c112 |
| SHA1 | a8d55f9cd5f79ef7f6fa1ffb229d8bcfb30ce348 |
| SHA256 | 51a66f59fb6018efd308234879746581b50566d967cf1fbf63fd3fb6917f1295 |
| SHA512 | 6e03ebecd629ec937171a7a2d11a88c83c0267c0f153b86194683fc967f0e1c827e6393a39af735813a1cb3fe2297cd6582d2f7578355e797a5152dd92d6e600 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1a1d7a8fb35b007494a82bd5304ba1e9
| MD5 | 2414d644ab2dc0d3c58d8546b4cd7ea0 |
| SHA1 | 77a854549c69f719657f5d404ae9391c705d88f6 |
| SHA256 | 28be75fd24c5225fe212cbece08722d92c4d2816e5c3a0051294826a5fe79458 |
| SHA512 | 02bc18971dd372438e6f93b0db0e29a2b647b7e1acc5e8d8321f73857b746c5523e7c720ddadb96363664fd5652c30d5e396f7128813dfc0c30fe7ea4086a229 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0d8b0fd3715ff57ba968ae5740d39a12
| MD5 | a3366bed53be5f4fed574fc819a07072 |
| SHA1 | a79b59561cf06c8a209fb701567a67376d83924d |
| SHA256 | ec5c1697be4eba9851b9a413c13e1a94f9846f6dba1d8d0fa33e1ca7292e8030 |
| SHA512 | f8424133bac79bbf7547bf7076cbaf0bd0767f220778275c36878bb982bb69bfe64aede42d67c9db009047e66bcf5eb9604205f6b0aa9a801f6827e2034399fa |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b80d47fd48f8d137ca2aca87e1d00059
| MD5 | 7dae317d3e65c483f462a48cee3002cd |
| SHA1 | 330c91065d277740b721b723ffae4e5511e8da2c |
| SHA256 | ad244e68f3ae289677897bd171703b8ab65bb03b17621b3c8f61594b906f8b78 |
| SHA512 | 966a981204a7979932981d8870704fbe3d4afc2a0306cf149117eeb30a54debf852c8ef04fda90fb2d1d1261daec60db390a4c9b9fa77740d14171335384ecc9 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e0fce80600a43748c6cbc0ac23f6cfa2
| MD5 | 3bf49259291542dfee0f89d587c177f1 |
| SHA1 | 22328c74fce75f7918f6c4b3ca5ad9e1921db437 |
| SHA256 | 971101824fc41a26f9b1386d72750a69298f4725f266edb3c93b21f9600d2916 |
| SHA512 | 20366e5775f42da8e313d67ace54bed3b2a010a84d9b3422276a8b544186345683c00663ce4f541c9890f906344ca3400015bef988d4ffa7dd4bf1c38161e271 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\31e8a63e8fa08c8135be1c5384c3e0a2
| MD5 | 1221a85cb03fd45c001ef47af9935e7e |
| SHA1 | f209b998e8972ecf158f58270244b831d107ace1 |
| SHA256 | e7c79bc6240600fc94d67a9c0e9c1f563a3f30698d7cae3d19b1735865835d4e |
| SHA512 | 2e6846a2ea3bcf0892703f3f2024a0acdf277251c55ad9c65e61fb5a8780c67ec707d42818b3d98103504dda9984c109ec0f8e393fc063f734bbc7bce168ad90 |
C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json
| MD5 | eaef4b677b2babd4fb7b29da0f065bf5 |
| SHA1 | 655dc02137cacabfeebb0705832c3378062b1598 |
| SHA256 | c5a33fdff10981930005746e120f5cab8bd1321ea949ea5cd1b2e34a88f7aaf7 |
| SHA512 | 7ddab6aac206bbd23350667487335e674466d66b3f0c425ec3789a62749bd6073eea1e1f5785ca539a0b7e0bbd8a83605191508d97c8280644088cc7d8161aa3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\175af5595dfe9780b5b7b10ecb943336
| MD5 | 0c9078c249c45630688d2af7e0574c25 |
| SHA1 | 8fae18c0c69cf3a58abddcc9a55fba6d81aca2b2 |
| SHA256 | b0e7f0945d5de86014379ede1d9a9528a8c944534ab33e58c7b3be1b5706500e |
| SHA512 | 24e0cfdac58bc3714541bd39f6992bf0a4bd4c47e492edc40b72d045b4f06573d582d9f4e50e0c23f964ec678d857752caeec6a65ef89b70e2ecbefe749b21f0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcbcf8ab7914469e06c8fa6ee80f2201
| MD5 | 958ad6c1423022b1905d452d8772d16b |
| SHA1 | a1c5aef3f0d7550f8a9ac31ac1e295696477c02f |
| SHA256 | 8965deb3f4a35faba9f087defdbc2fb071e006f283ee7e6b1ce250c6ec12a49f |
| SHA512 | 5185a342c83ca7770ecb1103d95d061cc17c80526f755ebfac53305947b09765515221ba65b43a98eff3860e47bfc7a15f51e67d0636de7596a6859ff20804e5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1daaef2a5ce0ea927443fd099437bb55
| MD5 | e4a239995837749223ed2039a40a3a21 |
| SHA1 | b1cc97f9ffc3a367dd3a55a1a3342d59cb610403 |
| SHA256 | 36ef28d0243f78f746ddc7abb74563980829c81dcfb91abcdaf6459bc7d374af |
| SHA512 | ad81fe4cbaed589da0a3b97c20e7e5fc0deabf5910b1c41dc7d6e6e8b8f22486f71c9577886689739bdb87e34b330ce43cb60fb2e3c1305d77984ec78cc0879b |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\32c38bb4f4a560d621ab93aeb6ca5d7a
| MD5 | f7b60787135cc235066319d2412e77e0 |
| SHA1 | ff9e626cfeeb124bc95d830d20e13b15c6427c77 |
| SHA256 | e815d7145b898343e81a796bee29e8a71a678c9c3475a7b1107cdbefeefb6152 |
| SHA512 | bb21ace97ed300299a276844630c2b30aa0aab87a3a8684391bbe37a0ce7761c82011035f741cc1f596136043f1871d16b0238249d3b943b2c08fdaab8c0d762 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5b794cd8b1447c984ba301aa73a6625d
| MD5 | 2740a9a1a4020c08f3ae9fce5509416d |
| SHA1 | 371eb56fa91013a45a38486d5d77ccc12ad03990 |
| SHA256 | 239bce8cdaa04b7e91497dc8fad14e5af36ebf244712d7a04e37c2be5a0e0a38 |
| SHA512 | fbbad878010bb317d5ddc6de48c87d838db393fc52c564555883d07e62b77cd37a3584414566977fbaef792ce0d2a00cf851ce871e880d1cda34357d2fd4682a |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d8b4554062d011287069393d07af8706
| MD5 | a0c28b8252eda35f15ff0931e1817ac9 |
| SHA1 | 3fa429b9d0b8926907abc63b81a301bad2442eef |
| SHA256 | ee880812bbf7cc1f00cb363632e9746e7342cb5048765c483d56f4284e555a0d |
| SHA512 | e49af44a8fa6e0c0fe4a5f55df2910ff43a6a9360d6e0ba507375487526fa4fae8c974763e4bb757e0907036141123920024adfb312f9d53703bf6d45a83956f |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\706b550a2be783fb6e220ca8181485e5
| MD5 | be4a508de308b15bf9c711a769ed61a9 |
| SHA1 | 2b980f20a1466d2f1508bfaf8dc2a2558450c1d9 |
| SHA256 | 0ac514138710cda19cc114cafa8a3fce046654dda1cce0915f525c6f5ed0b812 |
| SHA512 | dc71cf06e2466f17b843b96fdbec856b3b67df95105895597e73fad455340d4237f1b7cf91ac2906efb9efeac89515deb79a045859a0651420edecabfef8cf8c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\9fd0b17a3402934b24f3b349c8d753a2
| MD5 | 59e7e73fef4a9df2680ff8fe1722014f |
| SHA1 | 2b9d42140ad6207b1e3f5cf8d66b345109cb1098 |
| SHA256 | 05f280e512673a8f1358b88e8706bf5a763727dc16e8c43abe1be6129a820b57 |
| SHA512 | 49edc88448345ee5bbb1093bbb62bb49b0ac3c1c0a29d4a862be76845fbbacff0347ea457d66e40f721dccb8071c18e4ca7f41cbce88d57a64a02ed400f4f783 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc27c501541df155b6fb12496e5bac70
| MD5 | f635924f866829484247044f991b14ec |
| SHA1 | 39c6f43e94e4b0d0ce9c30da5b78aab7fa5086f5 |
| SHA256 | 30b18b2546442b630f0fb8c6a7c26419a9a73988e8e1a118dae5b7241e98074b |
| SHA512 | ca145397fe454c2623651c9ccaf86fd15212fe83d758fab2f8de35e4ea00f8eb8f58aeecb2fc95a4ceda07c9bfa960ccc29b1a56c2bb317c94297c24a366be68 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4dd9b09ac0d9a7bb380a273db7cac4ac
| MD5 | d97f6e22eba42d95c89cfd439f36c1d4 |
| SHA1 | 3a439aff0b80708f6510643f70997b897500d2bd |
| SHA256 | 25f91091126b2855bcb9c2daa26fec21fe7cc6d25319925a95a55a37cc840b6e |
| SHA512 | 52ca405f845e8313b0a04657eaa9a22d1c4fbcf758d5796d2deaf41c7ed6abc28e3597dc1f5d803c009360a63db4e686e6622fac669c252b09d2a3d8dc451e72 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\77b3cd784a40d8349719b23b5c0e414b
| MD5 | 05c43f778ddcf81fb06a2fdfb4f7624b |
| SHA1 | 616dade772feb66bb1b8dee218c7a5a39d43de06 |
| SHA256 | f4a00d60cb52477dfdb2eb264470e5daffd44139c118b73c80e8fdef16f9dd45 |
| SHA512 | a2443c678bc019dcc50fd7a49d5c19dfa0c45a7c43fffa24ca225f0f24b6839865288b2fe843bb233752fe59c712c54bff8d9b5c4e8ef5ff4ad8ef20b053feed |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\78e2b6ce1224c7617a6a8c90174aa783
| MD5 | 22b25a819c414b6c626e5306888142d6 |
| SHA1 | e7d68968d0848af0e5203409227a1980dfeb4a0f |
| SHA256 | 275eacbd4554f5b0e4a4266514243c661edb1e4eea694a2fa01ac20a531dfcea |
| SHA512 | bd04fe05aedb2cf10fef09648566834b019d40a6ec8532b19edcbb2348059984dbd5c04d6fd9579dac55f99a6b4de820cda159256d236450b0d0a51594e3b15d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5477b96b8c7694aaab08397c539323cd
| MD5 | 74efd118f986358ad4cde9a57e61dc32 |
| SHA1 | 0cfe0335bb35298456edc9ed791e019b70266c31 |
| SHA256 | b973558fa71e5b3a07fe6ca6180c5bd0cffdb343af3a0d2e4e4e89b40b194ee5 |
| SHA512 | 357ad98fcdea45563ac733ff39aae16b103a1327a063445b6febb89616a61fbcd140c2148eeef122965cae78c2158bb39bd3eacac6d6c70a58546489687dd733 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\09f04b99b82b262e105a232e97395311
| MD5 | e3a0c050904f457b02b36bfebb1c0b6e |
| SHA1 | a611605082957d8eb5dcb83939e1b6bd3d870bf7 |
| SHA256 | 02c51e5a41d473f8e0befe8e5fb49073f0dec0ca88ee83e0e6a3c0ba3e18d399 |
| SHA512 | f2b6b3a7c193a951feaa1d5abeaf52316773d7895284e806f7267708672f6a7baf37191a244d2c044c785fe967d416353ab83517b28932b9e521172b89e22275 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f469136d50a09240f313e4f48b35b40a
| MD5 | 81927a5a1612202db2ce511c62ced773 |
| SHA1 | 4414e92b078a515ca699a82cc3bc64a1e264e4bb |
| SHA256 | a8a2313bedad3d93a06ce01ca1abb579013d083e2fec866cc22342713b7b6b2e |
| SHA512 | 33918119fc071674aac79062c0e4bab978d04cc957189cffdb8c1bb1c7add1bf7d9a0ab03b08d9e997bd8734266bcbc7a312b316f8303347e2aba876022e7cad |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcece68795e396ad03d6e2608d740126
| MD5 | 0ba72ed050100e6779ea0f1c713ac441 |
| SHA1 | ff585cbb4b671bd3a04f3bdb2512a896ff07883b |
| SHA256 | 0949d1f525ea9da560f02a0447eb12a33ac6db673e89754b8f3d230e24ccfd06 |
| SHA512 | 22c09e80f4af164d94ef40999572d2ce35bfb1dfacbd1762b380c9685889d515ed9aa064db4f8ab6746c8a26ea4ecffef9337014293905abb2f0cece7344b851 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7948b73360f27446739cb67376a2d7bf
| MD5 | 6c261f23c63795849eba5b1ef6f17cf3 |
| SHA1 | 464f91ce49db8b5546722bd62c4f59aae33dfc20 |
| SHA256 | e4274c467ca592398736e990eaa97a937f209768239400cd90ea59f9e58a27fa |
| SHA512 | ab6f671b1939df79ee60a873148a1763c06fa880e2f17a23c9e09c5401120873167905e49be3abaf546b9fee33096b76a5573a473b72de3806c38a128ab91ab9 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b39eb4053e10b7ff21430e80432eed8
| MD5 | be1dacdbf4fea39b16e7c11e286b7205 |
| SHA1 | 28ae9237170d6fa225c54e7a36e35549d191d450 |
| SHA256 | 3a6d14f833f7da8ddf3139d42e41b2b83d1ea0d4570db39d9c10dd98e33da800 |
| SHA512 | 72cef9e399c0652a340cb12dd239cc0dfa14a2c832fa63f76dc442308ee9f91b41ddff62fb70331895716b61fdccd332f75c0ba2003f818900e3e6f260303176 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d132016b6bd0b89da2690c24749f6ff7
| MD5 | 2e2350147bec3587e3bc14b7a1e32c2a |
| SHA1 | c275f45e728f71d24ac6d8b496865c218f972b41 |
| SHA256 | 7ddec5794d779b1ad88ffec41f00c793f21046d18c930328d662a3c2d1c27d84 |
| SHA512 | 670d3893ab1503dea9437b61b2b1488238d84d3703f94b74b5c20bb7bd26eaa0479e6d3d91319219bae1c1c357c6807101c5960ee2f29ff48475c0e6d9ac3adc |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\848d350916ab0af9758cff8167a2aea2
| MD5 | 0042d3425d57e55a4e8c899aa911012b |
| SHA1 | f260334951b11b4ace9af45974e365ecbc6cb9cf |
| SHA256 | f312918dae9b5ebf3028f14575ac8bdb78e7f152061fc59d0885ab7acb3e9581 |
| SHA512 | cbab405431b5a95ae3c9d3816b4a1c4d4a07cdc4dfcf64d0977ec80533a6029329db101ac36361114288fa18c769c85a3f238b13f63d2e1e83ef4ef64ae45521 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0af1ae578b1c58a0e785712d31028c1e
| MD5 | 4ffc139d6996c3eba2d40053423d07fa |
| SHA1 | 6da7d02805c626596d055c20cf084aafed9b9768 |
| SHA256 | 0445b87f48bfd12bf0dae91d8dd7c20ee924212b4cc8be782c0a54193546f43c |
| SHA512 | 5af3417cdb0d099add05b22090b5aea9ba39069c4704d000aa323b859e47ea67328f616ab03b7b878ef8cce0d528ac0ff5c0f8fe305175b952e840368e0d4a81 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e526d6628fea4b1243fbb953bdf85ac9
| MD5 | 3964c0c8b23c560175f4b299e1a9605e |
| SHA1 | 6c155c8a5ece5d5d7340ee4ff0fcb730e4d2b0fe |
| SHA256 | 20dc4a3272ebc6ff5edf0494d9e6e2d06c690bb079a36bd04e074818f16a2dbf |
| SHA512 | c6f53903aa3a14f3187bcec1afba4b5b07c10ebef6dd10a710f400996f2214703d29d58abff6e7e0025ea91a78ed2f799f69c542bea006dace570464acf90d64 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c36700f9b5f405f69b210d702f6087c
| MD5 | 94b44243d9e420ff19ff04f4e434b83f |
| SHA1 | 04687ed0f779c6873da97da0f16f042b2b459b69 |
| SHA256 | f76c45b8c4831588b971b25431b7b85f529a7214f99103ed82b4c2e97d9919e8 |
| SHA512 | b7778206ef730254f469214ace61b13f7031d0c4c751b2988decee93dd5a6c8336c40974af74b0aca6d42874d54e23dfcdfc743f5d633610aab2f05e948bea6e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\571e70bdfa73e0cdaa28fdbd2ca19ddd
| MD5 | bd289aae66f24d373fe9d4388f8ba9b2 |
| SHA1 | 4d248d4f9aeffef2fdd953bffbacf81ff3ac8554 |
| SHA256 | 78561a946c48755de0fce9695d30ab82d9e5dfce2eeb0ef6a0824282bc88a0d0 |
| SHA512 | 50666175b0955dbdf933302016675f035df38deeef6b4a0e8d0cf40b6e3d2c3e4a089a5b78d75015e0048b2e7f91d81b69857004d55436437d3fa0754d1ef8a0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\be241f3cbd5449b0c30c651c4834e3da
| MD5 | 2866f1aa81a7f9c354d34be6a58aa88e |
| SHA1 | c470d8ad431f9876d7966796a503c15440a35345 |
| SHA256 | 38baca61b0de1abef8c3a97557b6e246fbf9091d1193e3732f6011508e5f0a27 |
| SHA512 | 1af43841070856ee4c509080c286285ef4850d9dd8507381a5045ed748ffdd09fc32843c0d18aaac70621a8ec88064f0a3b74036cbdfe91be207594f55b24ef3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e665da7061b12f952145852fc21ef7ec
| MD5 | 4cfd979bf14b07dfed01ef9a3b1279a7 |
| SHA1 | 2e7aad8b8909d3117bb151bf4d34b608e3ab9c56 |
| SHA256 | 589b00b0a2fbada62af8b7daa8755ce68420a009bf6ce7a53e0865fcf262f94f |
| SHA512 | 79a25e0af653d6ecb5fd1908c3652c6fc8ad3d0cf1e00510801bb369728dcbe3c5e1e66f73d058c511320badca3c8ea82f2baaa5e0682f304235b68f622685cf |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\be58ec8ab04ff195247b1536cdfb3d44
| MD5 | d1d2f476fd075d55fa0e77b3c507cb0d |
| SHA1 | 5976cdae821737161f6debcba500a2842f988f8c |
| SHA256 | 650bcfb9e1c7855d2b72865695c2f4d4212ccedb53584f089c26e2087cc65d41 |
| SHA512 | 958c07812ae7e89143874ce4effb112eed3bec3436fc0b71ee70de38298130d08d89f6bce42d2b0696839f67be260791d121e81f46a4935f3985e241aec7b0df |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e385854d0ae9ba50e28a7a5629fa28be
| MD5 | 0c889bbbf77ec231120674d4843ee0b4 |
| SHA1 | fd29658b2fa416059cb30a6729030b6a6b125e92 |
| SHA256 | 5006fa1587ba1da5b7696daea22929c490049bc0f10661d9c79322b0a647efc6 |
| SHA512 | 504d43f9104b8c56ba12ae9533ad3554858ebfb4f5b4b8b1692ba339deed831a66f5441a1e4706015cc59f4de4729c0128fe7da2c8c3d095b2993e92eec378f6 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d5ee01099db60480061c57d9831c261
| MD5 | 839f812fb19680ae8e62c2ebe0355e4d |
| SHA1 | a256751297a9f82a082bc4d5ef08d5d9d89a2c17 |
| SHA256 | b414e1186136cb1f46c6cdc69dc5b637ac5de6a390d67cf25907907c61b364a4 |
| SHA512 | f2209d8bbb8f7ce1e6b675cdd2da3a10bb450d50b4f73a596fc0639f201999f32d3c1a2418e0b92c918c0a667a5750ef122e4331361e0022b66a2fc5e489e5ed |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\73b0a5d180fa4202c3e9365c3d577fd4
| MD5 | 2c2e29b04e1f7144017730d5b5ed8b87 |
| SHA1 | 8a36310825cfb7d8ea6fd487afa46dde29147199 |
| SHA256 | 6026fca2672513a7a42dc67687850d630434b2260621f77ef5b2634486048d5a |
| SHA512 | bbd5097d544d3bea8b5e97f3262a4f7765b13d5c742c9df8fd07e6a56e7c021a41de575dc1c24749631eb1003db0b9548c634eba7d6d2701fe4035f0a5880615 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcf8e7398be5b1007fef514afffffa6c
| MD5 | 864c04942289c1dee2c1aa18ea77f1c0 |
| SHA1 | 1be7f1b6c2f1472adb9b34fb6f7a51d3d1ba161d |
| SHA256 | 9855931b8e0500c6753d77200447963d1981fa7f7b4fb34067bfedbdec0db442 |
| SHA512 | 6f3934ea3ca2317756e45bcf065abae6cf34ab7c24e1847023ecee8e404294420f5cc978af2afcea986bf160eda88c020fa1b799f5ad75a5e3991e7268192dbe |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f9cfb35c8f272d46d504f99d9c00054a
| MD5 | 5a67e8e85c0ad7280e9f1ca86f138b77 |
| SHA1 | b9fc6b3311df7710e1251114946b93a72dd5d5d0 |
| SHA256 | 09e7111ea12f1236be9b1da699f8c93eb68127d0a98f2ceebfc5c2d7b25f0ed2 |
| SHA512 | ac5e400ce21e5e2503a11642cf401ab5ad4e625a01ac87f1711a02a415fc924556d0d3e50386d17e29ec20bb99b5d3a2d0496dc2ac1fc1381b29774b826cd9ad |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c9d72083ee0b41e11170f5a9845c3060
| MD5 | 92e9669fc7c748554c057eccb11a97e0 |
| SHA1 | d3fd8c1e136a2ebed238d95bfbfbf3ce61a385b7 |
| SHA256 | b29195912662d71be85e0db741dec5ef005d744d3aa0913dad8ad1e51c3aeff2 |
| SHA512 | cdc3a1b4c596fd3c9621e53887a9d503205a0d5f8663e1ee3366129ddbfa83f2b15bedef155eda2949f24d1df615ead664114310e3d3dd03f9fb2d95df2e29b2 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d27efcc314894472628caf798daafe01
| MD5 | bdec8723e953241ac3edc46458a6ed7e |
| SHA1 | 783605b1587b096807a81e32c488be272e0ad581 |
| SHA256 | c31b000a001faa6e08026a24043899ee4941371ce464146a9c78befc2a796e4d |
| SHA512 | 221cf258c9c88c857e34fda1da4290c67c3a34459f86b828ab968f5e57b2be53eb4f7aaced83151576fb843a7f1166c267de0efb116740ab2ac2b37ca0cd4d93 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d4f8d4ffe8696350702fd146346140ac
| MD5 | 084a09f4a178b2533a56610f28f252d4 |
| SHA1 | 70c343a804ea4674a214d5ca8e24bce33cf662f5 |
| SHA256 | 91b1a39172d8f6f0c98a2a3aaf8c137b29dcc4ed4c1bb4a3bd449dc16fb45e97 |
| SHA512 | fd8205ea2edc70743247666bf8ff414ef6038f6ec03bfc7590dc037024ca66eface1f3cc559511919058754a5dfc2224ca04368ed31df8aa942a7d9022b93e5f |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\697aeac1e8e025f05cf4b76086fb70df
| MD5 | 749deb1ff197b5082e2b07aa55a33d31 |
| SHA1 | 08b4d7441ffa13b8dc3610d74a56d8eb11d8acb0 |
| SHA256 | e593f31edc529b51f9b253994d8aa93d8ab0bc8faf433e737b0a09e80cf2784a |
| SHA512 | eff256220d72675ba4b23344191b963f7acdce9743af8be81020e2a74662d2f3f1b2735e686806b73198463c550b2d18921840271d515dca0b2d4ce226954d0d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\90d821a0b7efe2541659a0ff6b31b88b
| MD5 | 6f0ea4b31f2f55764db79b43833bf83d |
| SHA1 | 2522c29622377d611419babb3eba2e8cb13fe0e6 |
| SHA256 | 08f380d19a3cf8307b098cdb5e9992ed1d29e5d15226340758a1af3cb4300c64 |
| SHA512 | 6a5437574ce2db6feac98928a22c7002ce526501335ac00444190febe302dcab5f18ba33a5ae00bcd83f469b5f1cd356474c8cfd31d9992d186fdd0846db5641 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6443205f8638cd85aaa1caed016b8ac4
| MD5 | 20db412bf509b564fa765bbc0b917fbd |
| SHA1 | 938513617f173454649543b7c014ecc762ba5b5a |
| SHA256 | 8b7281d0d0576ed2b73ab842080238d7e006e1524ed48f423f61a86cecf3ad40 |
| SHA512 | f6c54fb0478c2df40776125a920621a1789d02239a78cdd3de8eb83a27a00464b2aaf8714776897a4b3ae5488da664befa604ec836fe12010a046d48eaa519a1 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\aa3db4232d83f97f5e078c526e25a6e2
| MD5 | 3e1ba08877dd32fe4178a730b0ea5e19 |
| SHA1 | c020afb22c7cde0c77a9d1d6be18ac8f1e62973a |
| SHA256 | 1a6447007e90d27fc71fa7bedef2219bda30eebc33447c2929e4488315e19641 |
| SHA512 | bad57ec1a48f686fbc5842a291c95f01db413600828b198b55615857bb1e50e4b3b6031d5896c8d7b9d6753c290c0253ddb83482f89c7fc348b8b80194a07286 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8aad44a486e1e94cb992a6a0e230f735
| MD5 | 451b527070f0cfb1431ff5052642059b |
| SHA1 | 6021d49e6b87b9ae8fa64c3cfd0180d625c7d761 |
| SHA256 | b9391062d160f5bd861cf7e5ecda919954e84a87eeb3b000bf9b93c068057c9c |
| SHA512 | 3ec22e77061670685a576d96cc3897473d11c45c24e581688da54d8700b186d3583ffc23cc2c3395fd93af36afc45083058a2bad9cffb1362be8bf4edb20cef5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5105c207d9317b50c40470887ccfd3aa
| MD5 | 481555658adb9b672941de82171b343c |
| SHA1 | 7937e7bac46ac99e1897c00285fd23059828dc12 |
| SHA256 | 5069797f8a4b926fcc5bcdb668c1f67ece5d5e8f05d6f19a260c55c9a67f289b |
| SHA512 | aa9aae6ac82a3e320ce9c1b83883263d547a82369d8f31d3db0ce6d6bc5cd07ef96157ebf234d6e31b40b32e276c233f7c2c0856394a70d183bd64e03720737d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\74f7241d43fd3efbef367cddf2de0712
| MD5 | 1e996f012273818bd88129d26108d8f9 |
| SHA1 | c193db2eca6d190e929375e617f45790cae442bb |
| SHA256 | c7c8ee23804c70ae96b1399c2f6730543f10f7678f5e3ee36fcbce97245aa8c8 |
| SHA512 | 40ea7f36824cb96dace8ff41b1e92a03e0f7e61cac33a3a81c81cba12714812504554eaa0f4344d30061ce1d89f231ab21cab164a008e1f68d18ccfcf5525173 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\afa231f024ffddec5f9d2963d20c450b
| MD5 | 64c05df26d12845b64880218a48e1b3f |
| SHA1 | 6ae26e09d6c23ea9ba5ad92d3d40790948b36141 |
| SHA256 | e41beb094c8bcc0d8825e031ec9ca5b13e45b94f3c93601c31c10955cfdd8da8 |
| SHA512 | d6925cf4d6eeb5275a7c008723410edfe1dd24b9097656e8573f749864f8fc7c61dac61b05230de13a7b9b7b866528c04adca85ad83e8e2831c43b46a70d4c27 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\77fad0fb4662c6b81630ee443153aceb
| MD5 | 183fe999017d5e5654364c0d8fd895b8 |
| SHA1 | 64cbdd4bfac3c60803acfb2871a9fc8da27d318c |
| SHA256 | 3622ef17da158e25761124720a642153fb6eee615b54da286e731ca2920216ed |
| SHA512 | d5026e42d343185e14360a292c6d13131dbdf081ba44960598e12652d99d999b4f5c70c5c02335596d18302b1cf64128a8bd06273237a48e2cc4eb0267d12307 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\251c7269a8dc64cf406e8c2d5f5cc688
| MD5 | 7e7342c1c2e3602906a1fd64acde7735 |
| SHA1 | 357de58a6c39a0fe4d7e4c13c16d8c1d25f9e649 |
| SHA256 | 24a5a23ded1de17bc3170afbe5eb7debbb47f0ed7b2a4b5303bc899e927a99e9 |
| SHA512 | c6313b65687a5ce03772ff6f1edf761aa91f07a29f8b61db7edebf1beb5c548fbc53aba721ede32d4c4bbdd31361dc724c676d41c06278904291579d25d93202 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\83eeeca932186715a9107df83747a179
| MD5 | e7ee77fadd485e9a35a1bfb4be99691c |
| SHA1 | bf1aacc9fe769fd1dd111a1009473db1dcac7399 |
| SHA256 | d98e995f0160e551443de0eba015bf29192aea408469c2fc2d9c93a5c1c82cd9 |
| SHA512 | 3ae849a12cabc409e435da98308db2ec0b86f8fa8624a23632ab0ea836a0aed001853eef600bb99f67f8f907dbb641c9c6bc37bbf959dd12c1bf2ad9c8147460 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\993f844b48dbb84a0eece0b1d1aad326
| MD5 | c05764b76e6db0114c1d6200b56a3588 |
| SHA1 | 5f96252b5a83e5c0810e4ba604dfc433ee449639 |
| SHA256 | 427939d6cefb89facb6e71e082e42ed184f0883db715e0bd8ca832a316150430 |
| SHA512 | 4c6c06afb99e99d6a7466ba40146b7fd02f83de16e5c89acbe64179860547f42dad0562b2a281706cfc6acdc5558e8fba5647874ff15d2778f3f6d8c1cd983a7 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2da892c80dea8811c616fe5e0e6c010e
| MD5 | 0dbe0b49a06c4093d004ec7d44303fd5 |
| SHA1 | 2bac861a6075854f8dc8db470558936c36201aee |
| SHA256 | b136004ec10d66b813386e21fc6c5f86d37071e01e8a82437676902eb3e63e8a |
| SHA512 | 1d306115aa97102b5d68552b591f5faeade373ff3a718d9f39dbeade32892e47fd921cd78e5dd71e91072476e5ad933ff9659ee5ea1d07133b55745f00c22828 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\584bbf8c27b2f156742be22b280cc8d6
| MD5 | 7c0764a501b7f8f1eab14fa7f9337a4f |
| SHA1 | 2e17a9b6d5bd740c4dc91af9311e4a6e77bd55ce |
| SHA256 | dc0524c0d7f9f637466570c86adad7021f9316e42e69745bf8d27081a98f09d2 |
| SHA512 | dba17c07bc4310c556ef62f157dfd3a0ea1a617ffbbc4324f9a046bf47be9a2bd500921bf02bb79d9ac2df1aeca3745ee1cbd7f33bbdb80fe67e1adaa0bd82bc |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c677a51b0924e108a9b1485dbdf883da
| MD5 | e1e4307ebd3e7f8280c75be0ccd3b5bd |
| SHA1 | 3f2a56ac3ee57082ebcf4a1ca21001821286e77e |
| SHA256 | 10dcbda8315ffe2e7215b8d61dbd26b0553b438fe94b1bdf005758b1b96d9f94 |
| SHA512 | 7f3ef600e2ecca826fc163d9092bfc10fcca9a9e6206ef29fe5d61902e3e9625bb2bcc07a58ab480ad19354bd0a1c56dd9f13c4e62aed22d87da146252144ef4 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b39250833fce2d9f0655b124db089d4e
| MD5 | 639a9c5f588be3e48a6bf5601215f027 |
| SHA1 | 1ab7c1d3d5df21a05324853fb235b848945c351f |
| SHA256 | 4fd48841bac69eaaeaa9c936347395f5eab6fd4f5549d65cf6fc541884a4b2d7 |
| SHA512 | c3aced88385dbd9b10841f72c422b17cabeca80ad11af01222f8901b950be3b42467851d5ef61fa3a1d92f7977724926f765b8bc594655e93e116d04223497dc |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ecc495a0b2b0470e25d688a9077fd977
| MD5 | 741a45f09ceaf9cba7f0ee5b8aac236a |
| SHA1 | aa6b59bba687981191db42af8a8b17dc0fc9150a |
| SHA256 | 92ee9b175404bf4aa4e346ebe4948ae5c0ee7edf5693778a5e6a4a1bed508eac |
| SHA512 | 97cb36fc2281753eb7a42f762c8ad5cdef7c14665214a71f33518f88cff24ec5e91267f834a6ea5ab0206457c7e9c730dcfb4f7a2ec527e3ce48877e2f34be6d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\477a618fe08d138e560e0c8eab9f3583
| MD5 | 4f9c826223fb8d7fb603bac0b294a706 |
| SHA1 | 44a185bf8edbfee521dc92ae012e6ed18cfae3a0 |
| SHA256 | e12f126277c8b35c48dc15cb2f37850ff5ab0816e5982eaeceb571c99bd17502 |
| SHA512 | ecf987dc0d416a7fb1779289a0bd9ba55625abff41491ec3731fd77950e91d5b454b17573be388766b20fc630ee3f125d37feda44e068d2ed0cd2a87be021fda |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5ba3b6fc7c95f933bacb9db38c93e80
| MD5 | 0de2eda8831ddddda130102597e758bc |
| SHA1 | 0fa49f0691a4ae61e422a22b07fd4e5def0ae5b2 |
| SHA256 | 2d60885d3492996ffe223ec6dfddb240eba00a9e03ac0506d3489edc4822e1ee |
| SHA512 | f466e1ea3867fae7618b76a2895cccabb0f646f54bf8c4cb6cf6a5c2eaf4b8e31eb4f8b42971ee53c929241d9f40af6a684647cc09395cfd709774503f274b75 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc70073e6562a1a0cb99b092be4629f8
| MD5 | acc9db15cdf0932e73bfd20b9857b80e |
| SHA1 | cb6455b641cdaa693de88e9b0d1f422744faa35e |
| SHA256 | f0e15f7608b3829d33eb8e057f31f21e931d9d2ab4814891b11ecf47494c141c |
| SHA512 | 7ca5152691d595acc0f0398e26f82c4cf491bea98f2c81e7a972af8fe763ef5926a716ea44112c2fa257ba0109b8848f8611f071b88902901bdee1d32a315913 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f1c2eede7a115f0fd9ddcfae03372516
| MD5 | 08ba91e62331009631f755289dcf7324 |
| SHA1 | 03786d766cac0b39437b98cb61e65c25d16325bd |
| SHA256 | c50ad1d35d0b3e81ef6780da13361923d7525a39db5c9cbc6c5344a0bf5e1380 |
| SHA512 | 3fe207322d4249f92893d0eb7a93f455374849ca583dd0fd00c79790ab7bc7f0699fe16de332b767689e0a104fb272992ddc37e002b6962cdb6c66a63618e3d5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4130cf898fa8b448f1568bfb61305e94
| MD5 | 86df60a0980b57864a2e2d68f857e0d8 |
| SHA1 | 60c24af81c8406f05ee1721b374ab8a466d878a2 |
| SHA256 | ccdedffa29231d609157ccf22019e03a721e9ca248eabf12be511b76f795c247 |
| SHA512 | c025bcd3d21ec036712ad8e40afa7da973db770bf5b9b019c73ca8b99202c8e37999e6daaeab3f1c2190f84434a5e4657a8593e8a59066e0feaf38fcd8bc41e1 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\388a60aa5e51ff44455d359825078031
| MD5 | eb62ee1626b44f54b2c444a487ef84fa |
| SHA1 | d3d918dae048e4ee9c9626608693d69c4c4ae55c |
| SHA256 | bf2f079ca21684f382d094af52836d83862c93800e8e054c2f6bc0838c442d86 |
| SHA512 | 68022f2ac538c51acc24065480cd23670efff68d56a4b5dec2c28316726ab82c81b48fbfe76c44f32dc32b0af75fe3e203aeb40610f34e2e5d75bc684f712381 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\28c39719e7218d9c2d686d4daccb1b72
| MD5 | 25a0b3d9ce5e6e1cc4cc7f4cdb328273 |
| SHA1 | 4d2dddbe9502a5373e6ea99771bb1de6e828b95e |
| SHA256 | 013275e837c61c631932167d47d5d9b838ba8b9863915d39f06d8ba4914df147 |
| SHA512 | 20df5153edab7085594382f80b5d7c6afa5f2a84741efb46961e36331c94369a7c7302c9799676e18aab171cf398dae8f314395c22238de6f8450726c4c992c7 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8ead55fcc97d21deacf012df5c33fdff
| MD5 | 16e22cfdc829405af27279c364ba2f8e |
| SHA1 | 0c75b97959d7df1586db85cd1166f99c65603c68 |
| SHA256 | aa2f6c8bba8aec6b84f7ef8a7d8c30022097b784236806e63da1f0417124a3d7 |
| SHA512 | d1f6695e255f5b7ad498ce177a16591757d5570a4ea45d396f3fa159f5658bddcb7d524c102efdd982fd9ccfa557d984280c27e57484b8f61be512ce994d7964 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc86756c9d8f409a887054cf26a854b3
| MD5 | 70461ebd3bf0f7a0beafcba1d52417ab |
| SHA1 | 53dd7894e76f0fe7c02f378d7c67107ed4a03d45 |
| SHA256 | e3ef21dd9efd05fd1260691d6dd47f76155bd0b5ef1ccb62ef1e588dca161fd7 |
| SHA512 | ccc18b368873c76fb25c97009bfd17e4456d488b16da511e61fe1dee031cce48bb25d507d7fb1237345bdc2191085bd384ce45ca98a5864d10b65b28650e553e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6d1b0fd2905f7655bf0108dd4e655991
| MD5 | efe7165d72ce56eef26da49dbefa586c |
| SHA1 | b2441c50e501f7121277d205876ec6a5811c4e67 |
| SHA256 | 4e12e3ed0da10924a1dbc49e464b0b07c017970c839f1c1cb4ecf5a8019d3ae5 |
| SHA512 | 195b3d7954627b571226a4d5293b19dd0b7b565d4b295b494361ed81f3d9e1c193533dd0e53b2ededa326278294694286669095147d769c5de343aa611ab0238 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c288ffb1fe759d2618c218fa0d2bee8
| MD5 | c914fc7a80c8ebee4ddd7216cb8e63e3 |
| SHA1 | 2e4bbbe23167be5f26e5f3e9f1e1b2409b38e7ef |
| SHA256 | c718cff1df66ac36549451bc6de0535c3f2f9e74b4fcdcea38af9eeecc42a674 |
| SHA512 | 7564812cd051e0970b3d06aa1bb839c8fae5d1e95e23615eea42d2f12b6284d06f2936cedd947e9d4d33c4656fec00494121d58cd38ddaf1ce2ad8be8685d0fd |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e4317e6c6a87bdf6f00c6c80866345fc
| MD5 | fa00f598036aff7c2e4728ff840efdd6 |
| SHA1 | 7873ee7205e2817fc8fdcb3afdc275aab494ea91 |
| SHA256 | 18fecafdfbf34c5b261f4acbd607c439e35177802c8002a0d88221258108abb8 |
| SHA512 | f72faa02c263ed200f7a296ed86ef5da614911c1cd212aedd12923ba551aabc44b33cbced8dac80aae67dc09988d53ee191755afe3d51383ce885750bb00a944 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\23f316746f014ce443f0b0adb0d9d90d
| MD5 | 4843f2fc4404a016a8a7b7f5c352f877 |
| SHA1 | 1446153b0498dd65dbb53b417d5ce5db49f0dec5 |
| SHA256 | 46ec4647b950351b091ab0bb34d1964bf24b0eb58760175def7a4a1d7a4e09b2 |
| SHA512 | 8d5198bd48be46a6aec5cb5d9eb6e75828f88742f12102a1f5091f9c8b51167fd6db13981fb875b032795b9407fa64cf3aa54224a64008262084dbfd3d98dc27 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\98c582bbf5493f077bd8f59567067f24
| MD5 | ed3f4356a5aa9295ec58f77ab387582f |
| SHA1 | 99f94109e03097ddf835c06292ecb6142c93fdea |
| SHA256 | 60e6db5121cddd5bc13b1019c85b5d962599e2548c347ee3c7d944cb20ff01b7 |
| SHA512 | cc7869759564fe9d5e1580be978727c4b0da340c052db74f677bf7cc24d93da0b837d01ae0199c6404e02b49d08fe47a2fec7165cfad841f1b6fbb1d7e8d7fc4 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bbd52b35df5f543d23b7f35ae9e845be
| MD5 | 2de5aeee01688c41f23b2ddc07c0b442 |
| SHA1 | 68bd21cd4284ff390c1f4f5f4b61c9ff3b8f2268 |
| SHA256 | 3ceb6af768ce708d114195ea3521c71370ee69172d4d0cdaeb1efff406571d73 |
| SHA512 | ce845ebebe20efbfb1a0565e69cea69e3a4f3e71289ec68379565052a2e8a3e5ac873b52e74ea26f2afae7ff64c789c348b4b9d4426ac0c0d6547d9f12290090 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\252921e7f19d826cf6778747e86132fd
| MD5 | e06fafb3ee051c215c7118dcb4a75354 |
| SHA1 | c72b3e0f2bb1139344053256bcc3ac48f590174c |
| SHA256 | ea771a4652058a4110a95a6fa24c847e7a50cdfdd711f57e02f9c7caedda7908 |
| SHA512 | 83008fcb8a91bb42f76568773c98e5dcf6658b0d7972d595eb7059b5a598faf80fcc8492351e9e98a6d3a9ddfc17fca742f07ffe4af644d99c087062ed7b14b0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\16f7441682caf62a1789b9d3e75ec170
| MD5 | cb94125a0b01b9335f3c3c9a9c6cd60f |
| SHA1 | 85ae6cca4c661270b389c00299bf7f5d81fc3943 |
| SHA256 | afd92a2c0ea64515200f7dd1c6237f18b6d1bd2065296939697d34a3d4e1b0d4 |
| SHA512 | 649155baa2d26fc6afd0496d11f37d9dcb588726806eec89be58faa54fcf3b90d1becf114c4e2f3964c98e93399b87bf5bb87709a7bd9a3540c7ddb56e2da555 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f40c00885cbd0588eebf8bd59a345579
| MD5 | 9c0241f7306bbf3cd085509dd7840c99 |
| SHA1 | 21c2a9c916d0e537c5662db2acb565615ef79962 |
| SHA256 | e2afaf1d969e104e2ffc22494e2f7e2ec4a0bda49b9de0dcb3bbaa3da9bc8655 |
| SHA512 | afdf2c9a29559645e08604b15f023475e8610f41f650f3527a4c2199fc4bda9c291bb24e2f337e00cfac6a5347fae125d8055f0af6eaca38b92ec408343cb9b0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3ca8206460663e9e944ccfb414623b40
| MD5 | 816be237e27ddb79f9fe0c46efa0119c |
| SHA1 | fe0af06e1155ba784ed6ce8b97849eb3fffb5f9c |
| SHA256 | ec6063b82a1adc4187ee0e01f413d4b5ed10277605f741295658acd3f0ceabcc |
| SHA512 | 5ca3c5bca3f5559a500de1262c133a972e776dba7192e6cade152245c0e1118fac41c48a79dd0f15c78ef177294867f041bccd3eece6a388eadcc32da8efaf00 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0407c8d6df198f6864381d3e595ae971
| MD5 | 703dee4351832fd18ef5b85c6e1bf992 |
| SHA1 | bdea9dbbdae401cd68814d9815a17bab6f3870c2 |
| SHA256 | 8fb57fee0d1c996a828a3147fdd9a38e8d1624163dad101e4bc1d44894bc3d68 |
| SHA512 | d43b5dc41be38f5fbe30a51c1abcbbc5c606c9d911dd164b5106fe2bcf0310ae8b641299c5491bbd5ba66433d87ebd17dc8a487d88d56d0ee8e81309533ef0b7 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\852240b4203e72d7bfa66fcea2e589eb
| MD5 | 547ffe689cd0af21ec616bd935f78b14 |
| SHA1 | 36e70f429bea53fc2c8dd76eaad82f7bf9f3742c |
| SHA256 | abf9ebe04321f9b8926304bc16041965dd79405783b7d3ea56d5fc802863bd9c |
| SHA512 | 3683baf37d3da8ac536ae4d2d852acfb49039b3c9d4ab42d972c23e2df6dbfd178a552ef023f48c43c6887161313d516914d26b7cca0c022e2741875d62e38d2 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\06bf3774b39be975c53ba2193da7f90d
| MD5 | 29abb94b78b9a73db28b7ba825833346 |
| SHA1 | fd6da6bc273d4a44067d8c2b625980ab8cc52aca |
| SHA256 | d929c9d2ba98883044b81894da3e921de179d5915e1f92ca9d4df9cc89f1424f |
| SHA512 | d5069ac2996929a5d1622f65ab450bd152130978b049f672b1a9f28cadcf724e317024bd95a11109e0ae488834ab184f5e4b10f6a21ba3329cf056a0b7139613 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b597c88ce139f36dee5c4afd7d80a2c1
| MD5 | f195c3e8ddb6711a2feaad4aec69b8b0 |
| SHA1 | 20b1011f280842fe6aaa58117a05f57cc17b6c69 |
| SHA256 | 9c263d2a5db10ebc2d543bbd0c125bcc5da6c2245ed133fe0abb1b308f343a71 |
| SHA512 | 52ed2e19a2b991880336b6b1694016f4c8e5a5e92a9dc989ab317f7f743f38dddaeba8fb5764826bfd9aa145028a1b3f9fa34a02f39c1e5162aef7ad282b0632 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1489d1b06ae2d917aae075e6fa9b8f7
| MD5 | 5420558b929446bbd89f3d35e72b5836 |
| SHA1 | da46e5c797831b47c4d62fb9321c420c6b0ba50c |
| SHA256 | 12d1d581ac394291754c5b042baec0904c2f3b3be6a17e0a8761b32b6e53d507 |
| SHA512 | e125c8d668b2c73d583c528f6d35bf8a1c9558c594cb3aee98e25eda051f621a6924626d845f200442da65034dd77aa4a51dd1668c07b26611909f76cf9174b4 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8550d05ebb82e2c3691bc35b7c166899
| MD5 | f3e7b2683bee3c3628f500d157a7184c |
| SHA1 | 17aa34cf9e45a2a10cc370ef0047d6ec844053dd |
| SHA256 | 66d177f97d367d8181feedc6db9f92f71dbabf58cef1355439559005be6a24ac |
| SHA512 | 48994f038f0cca5a1ad783d05490ccc209ac4ff2a9fc3b508d5225348d2202f9760ac6c0334d12f74ab8227eab5a412370459ab328f44177729f8fb6b8911088 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1cb6044427da36923148711b8796b750
| MD5 | ccdd89dadb2a17edd97a48f05de218ab |
| SHA1 | c8829afdfda3e414304f09f588a9e00cd43de4d0 |
| SHA256 | 8ebad66a66dec464ea8f6a70c240e6fac36d2155ef5460b2f1cc80451e9949ec |
| SHA512 | 79976e6623479c42c3b9babb2bbec208a8f13b580dc19419df33639e3922ab973e740fcf33c94841e833ef3ca8209b5b149d2ba5c064f08e3b6a526a651432f9 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6c536340229d1bb052a390124806163e
| MD5 | 8dda220de3bfd073f993acca9cce3f19 |
| SHA1 | c78e343e500f592bfc59de89dcf8548cd6fa1f71 |
| SHA256 | 21710259e1dbf800de1bd2dd8e19f33cf70dcf6ad306f7738a23300e40d385e3 |
| SHA512 | d21115712737f5d51c7fc887a14bb7b9dda4b9db295ecf429623a20eee02b2868956e6d66907997f100395625c42464218c36e750224e02fe0245c0292fc9e1c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\05e6fbe7faeaf27e476e2247265bd7e2
| MD5 | 774331951556eabf4930f06518bfe5f8 |
| SHA1 | 79a7b332357aa2b18cf400033bfeeb5db7614627 |
| SHA256 | c4239a4d05bd3e427245f920cd4eba313e0af75c819f89553c7b6758da9b4d57 |
| SHA512 | bf67dd1c1d57779578524ee404de1648d9a4d8ed7f524fd49643ec49c3165b9321d64bda2216cfb8617c32cb500eacc2966263dc03841af51ee37facb2b1724e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6e62dea9b6f892b37a40251f84c9e0e3
| MD5 | f48177bf38c02c3a2cb322b77d627f23 |
| SHA1 | e207f206d2f707e7feddc32c02883bb71015d23d |
| SHA256 | 4a8a4eb5baa01e72889b67caa16b69a4c2e8a07aa12f84ade87376f344b2fbd9 |
| SHA512 | bb3c4ba048199ddd3cf5d554a90c279d7b868871f1a0eea4ce27c641556fb3e483cf839e3f9a27a092021783a25d604c952fb1ea34528d722db9930fe48e38a8 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\92ca8d0a36e9ce06a1c3537675677ffb
| MD5 | ae7d26697baf4e3c0a4f7e4fd800f89b |
| SHA1 | 4f2472e39c964861701d80139cdc33bb967b2c34 |
| SHA256 | 58c1370bf264ecee15638ab670a0af85f8bc3b974670875c757751fd116f4833 |
| SHA512 | e93451a30c74751ebd6996efb038016e28370de37bfbfe2fafd1f3c3817f2e720bc3b7d96e1c0e346f08e3c581d13f77a535c30c07a487f2c4a13b4da9970a0f |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7df53404f56c9f1787b277ba9d17049b
| MD5 | ecaba5cf9469daab7c05847af2da45d7 |
| SHA1 | 78d9c8d289db9815482249769dea663f4999cac2 |
| SHA256 | 23946e247fe3bb06503a06be2b8e154d724a8c2e86fa4f441fc09ba1e5781121 |
| SHA512 | 4204260b2efe3b4c95584394b30ad7957b154229828f0ac90a04e5167c7eb78f254777fad0d4fce9c5675fccc390dfccae2ecbd8d17e0e73bb0a6933605df7d1 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7209cd4fd5e4a48a4cabe7e3498368ec
| MD5 | 643d56f3cc2d206fc1eeafd601a0e287 |
| SHA1 | 0e55be4bc02d884a40a586b44d5728f9e8fefa6e |
| SHA256 | 637c7f57eea4b46821e968a691bc2181ac0ed00252691845fefd947a4c594f66 |
| SHA512 | 10cb34ff5d98467c3de396ef4993a11c7db2545329ea473eb3ffe387f2663cfda6d21d31299f87aa3f298d2bfdb88d705b9236e9f71c48c22970713c2c3f75e6 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ec9a7853aa53bb67f2099830ce97922a
| MD5 | 0ab1d8c6659dc5952cb81416c8d9a85a |
| SHA1 | 16d889c645dd70901f87cc86f6db8a632b8518a0 |
| SHA256 | 1ebc2f03253024917e0b562d101603c2f9e04aa70a05accc5e63eed9976ea0b4 |
| SHA512 | 657a549264297c42e4783cdfc76baff2dab9b5b9c1f991b3aa8b16f2b8f87ccdb0c1a56edc23713ea7f34ffcc4cfc95b7fbba8d5fa06ea443610f06a00433f36 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\68119f28ce3eca78171a6a8c8822e1bd
| MD5 | 35e84ac53c5b6ac5714c5589d7d79153 |
| SHA1 | cedd01f0263fc9e5718b8e77b3467c14a35a1b53 |
| SHA256 | 47da60997e22feaa88bff58bd2db6320534331990a14e2b64b6d665df77b931c |
| SHA512 | 7cbdf8f0eaee0c4e00e3813d1e558cc5aa305d6e9861255d721bfb655cddbf08c70fe61f686e79154f1c36e7a4b5c29f2ecf2776fee9eb0b7ac1da8c87e75dff |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\38b0d496d6e95d4a4e1f049ecb71b4d1
| MD5 | 60dc54bc02627b188fbc37f3c81899b3 |
| SHA1 | 7065242d6e88ff9ed0e0cb891a9a6f6db2be5334 |
| SHA256 | 35fd7f2804d4edd74c14cb7bb1534edc993ab7ce9e2d64be997b12ffa8ee5b16 |
| SHA512 | 2b43c5d1f2ee4621055d94f3e04cbfed24371eea9a7c719f8392a993464e7d05635f59bf230e294c60de5656f421f4661bd5b1b8f286c4c15e79bf9c57d686c5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\234369d070cc483f7122fd415837b73a
| MD5 | 51d45f80859fca2ea5720897d7f1612a |
| SHA1 | 2a7d736969502784b96328f4fd1fc7697a099273 |
| SHA256 | 5bf07b195c3902c69653ca0294f2bdbf9124df501af426b14d6bcdbb87d70745 |
| SHA512 | 059455bc829431130377e4c8cee87ed3652b712eb46afa6f666d9e4aff7401b59068da840b91f4914d0752880cb2ed8c64a90e79e37f45b4b90996e44f2932b5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b00de5dcbb5ba1d0d58ba82e9c2f97bc
| MD5 | 9a3aa49a6c57739a171e507a3b0a90ff |
| SHA1 | f3c154299bec91f215954c1df2b03f68fa08efa3 |
| SHA256 | 6d61517c2a006e117a5d5032dc1be0f993f275b6d0c8a0fbef25bda8cfc12691 |
| SHA512 | 0a02917b5eefba73d3420852a5c66719bae97bc3c8f9adfb2dcad89dee9caf5852f660a3e787d84e9b86e3793ae0605b2db10c0a1463e0f09a733b614d2f4c1c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6105c4318cc0c25a63a6c9b8db84bc28
| MD5 | 6badf7314b5d440a6ec8dea899d7872e |
| SHA1 | 003170f75f86922af2aa5bc4b2c3c41f5f14106d |
| SHA256 | c13071122b4ff111c8ee877e0d8bde8f34ab3569df48fa81f6f4f1b0b0ba855a |
| SHA512 | 5fd8098470eb97e06e62f6d8753d3dbef34d8db6b3ff463cdc964e61e765ab844168170a64c837fa5d60c029a79ac0fe7cc661b9bae07acbaa2400120037aa13 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1f571bce12b3689efa5586c78436d68a
| MD5 | aa1cb968768ba580f7e7d559906a49de |
| SHA1 | 1a6a0906ac3c68f859790103094a617e0439d77b |
| SHA256 | b9e49fcb7d0be8aac8bf1d990f2277363077dbd34af7f5109a14bea85b9fd35b |
| SHA512 | a72d7246405dea401b6e97963ea624772f65a7b20eacf2c358fdb73d7e5c2afac79b5cd39cd548ea8c43f14b5f03cc38deee8a495e9c7a1f264c1ca7de4f2411 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5a479665357e877c36a8bc4ebab8ac84
| MD5 | f5366499a754da1e3317be61d63cc243 |
| SHA1 | 8689a3cc6a2e1af5dbd2b6c23b488283362bab0a |
| SHA256 | 14873e016597bf69824fb29a219f6d81befb11b19fe2e505544115b33f030e6e |
| SHA512 | 6920f31ed14ef4621559e67c75a69ecdb7832aac639c40febd98dcf9b7c02402510e983b84cd309bdcd7b0438b394cd6b1d11bd4c32c58488d24a5d38db930c5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3acc8af1251b7ed321f9b36da661d9ed
| MD5 | 808cb55c51b6fc55fa6cdb17892dc876 |
| SHA1 | 4487b86a3a42ff05e109800b1827c100390245c0 |
| SHA256 | eed0725bdeac66a2e53e7daaa033f06c360314d751df70176a0af3f23eb08c7d |
| SHA512 | 0d2e6534792e7d417a6fa8403f22397f406352a38bfe1019d87e0308d041b3e69d7defae77e2bf6b87adb3b7d59718efea7d5fad340847c681eeb293beb0f24e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a116d80baa851750ec02ad98f6a28052
| MD5 | db41d22b9f9f4a43ff8916ff8d513da0 |
| SHA1 | 00dee570785465bff97ec8a96ebfad3d21f1d248 |
| SHA256 | 31e6f7d03515207ae87b2f9e9594fc94db77038fcc28ee3990689c6590b7547c |
| SHA512 | df4e09d0f24ec1cf13ffa1a062f9d28a5d36d99b606f27f7ab757f82e4202e51ff4e033b6554b763e6f97c73bbe77b9d133b4b842469b96056654cc2f202124c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7deb7c677f433c0b6c649020e88fe58a
| MD5 | d76037dbae4ae81158187aeced5816b1 |
| SHA1 | 7858adc6bdb9f9b03fcb28746d7a0d08c297d058 |
| SHA256 | 8113ac3b2c1f9a16f7c5a9be473b64abfa8c9689afcbcc30750aeb3077e3e27b |
| SHA512 | e9e1b515c621e760968098b8e0a16e00cf1fc17b74065efd2f8793add04d5e506205df5d65be1db885fb958b9c5879ca728528963b4048bfe073d4249c0dc6eb |
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1489s
Max time network
1511s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3388968341" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104012" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4336 wrote to memory of 4928 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 4336 wrote to memory of 4928 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\new_shaders\vehicleShader.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_shaders\vehicleShader.xml
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4336-0-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-2-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-3-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-4-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-5-0x00007FFE809E3000-0x00007FFE809E4000-memory.dmp
memory/4336-1-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-7-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-6-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-9-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-8-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-10-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-11-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-12-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-13-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-14-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-15-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-16-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-19-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-21-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp
memory/4336-20-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-18-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
memory/4336-17-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1474s
Max time network
1483s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_diffuse.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1489s
Max time network
1499s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2116770476" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104095" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2564 wrote to memory of 3204 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
| PID 2564 wrote to memory of 3204 | N/A | C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | C:\Program Files\Internet Explorer\iexplore.exe |
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax.xml"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sounds\Duramax.xml
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
memory/2564-1-0x00007FF86FE23000-0x00007FF86FE24000-memory.dmp
memory/2564-0-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-3-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-2-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-6-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-5-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-7-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-4-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-8-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-9-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-10-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-11-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-12-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-13-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-15-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-17-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-19-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-18-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp
memory/2564-16-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
memory/2564-14-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:12
Platform
win11-20240419-en
Max time kernel
1488s
Max time network
1497s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\brand.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1486s
Max time network
1495s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\UDIM_Brakes_specular.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1525s
Max time network
1504s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\Windshield_Dirty.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240419-en
Max time kernel
1491s
Max time network
1512s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass02_diffuse.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:12
Platform
win11-20240419-en
Max time kernel
1490s
Max time network
1499s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_lightdiffuse.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:28
Platform
win11-20240426-en
Max time kernel
2700s
Max time network
2703s
Command Line
Signatures
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=0F96B1C43DEC4587BB6A5E1415681D8F" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Players\BlockIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\icons\ic-leave.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioSharedUI\RoundedCenterBorder.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation-5e891f46-2818f7fd\RoactNavigation\routers\validateRouteConfigArray.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\Dev\SocialTestHelpers.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\wns_push_client.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\BusyIndicator.qml | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\WideView.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_9.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\designer\ButtonSpecifics.qml | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VoiceChat\Dev\JestConfigs.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Components\Connection\PurchasePromptPolicy.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameCollectionViews\Dev\JestConfigs.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AvatarImporter\icon_error.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\RoactStudioWidgets\toggle_on_disable_light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\icon_placeowner.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Analytics\Dev\tutils.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\PointerLabel.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\PlayerScripts\StarterPlayerScripts_old\ControlScript\MasterControl\Gamepad.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation-067f4e4b-660967ca\RoactNavigation\routers\validateRouteConfigMap.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\Dev\UnitTestHelpers.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\LayeredClothingEditor\Icon_Preview_Clothing.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ApolloLocalState\Cryo.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\PurchasePrompt\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\he.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GamePlayButton\SplashScreenManager.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\TagEditor\Light\Standard\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\Otter-7466d762-1.1.0\Collections.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\ga.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RbxDesignFoundations-77b1a117-2f841688\RbxDesignFoundations\tokens\Common\Light\Semantic.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\ButtonR2.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\VoiceChat\SpeakerDark\Unmuted100.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ViewSelector\top_zh_cn.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\Alerts\Light\Standard\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\WrapTarget.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Settings\.robloxrc | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NotificationsCommon\RobloxAppEnums.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CompositorDebugger\blend2d.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CompositorDebugger\clip.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\StudioToolbox\AssetConfig\version.png | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\SideNavigation\HomeButton.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Test\MockPlatformInterface.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Settings\Components\ReportConfirmation\ReportConfirmationContainer.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\init.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\XboxController\ButtonSelect.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\chat_teamButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\LayeredClothingEditor\Icon_Play_Light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\ContactList\Hooks\useStartCallCallback.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Screenshots\Cryo.lua | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-STUDIO | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "17" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "21" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "8" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "37" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "62" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "26" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "34" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "54" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "49" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "75" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "65" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "38" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "46" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "66" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "67" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "13" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "51" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "83" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "40" | C:\Windows\System32\svchost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Roblox.Place\ = "Roblox Place" | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-7d64f40489634ca5" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\DEFAULTICON | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
System policy modification
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PTR_Fleetwood.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7ffe2fffab58,0x7ffe2fffab68,0x7ffe2fffab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2308 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2116 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3388 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3416 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4152 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3196 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDdGMUQ5NUEtNDJEQS00QjdCLThEM0MtMTQ3M0JCRjZDNjRDfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRTFGMDQ3Qy0xMUZBLTRFN0ItOTYxNi00QkY1RkMyNUIwRjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NTEzNDU1NTgwIiBpbnN0YWxsX3RpbWVfbXM9IjY1MiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D7F1D95A-42DA-4B7B-8D3C-1473BBF6C64C}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDdGMUQ5NUEtNDJEQS00QjdCLThEM0MtMTQ3M0JCRjZDNjRDfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCOTNEOEMzRi02MTI2LTREREUtODg2OS1FNDg3MjQ4RjhCOTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU1MTgxMzU1MTgiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5448 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3132 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5480 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x1e0,0x250,0x7ff72a5288c0,0x7ff72a5288cc,0x7ff72a5288d8
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDdGMUQ5NUEtNDJEQS00QjdCLThEM0MtMTQ3M0JCRjZDNjRDfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNjYzMDQyQi0yNThBLTRBNkYtOURDRi1BREE4OUREMUVENDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTUyNzczNTYxNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NTI3ODQ1NDE5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYxNTQxNTAxMzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTk4NDc3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PURZMHpTMXklMmZiMVlacUhhdkR1ZWZvbXVCRGxLcnFJUTNLaGMlMmIlMmZIVDJMVGRxcmRsUTFnT2IlMmY4eFhYbWVBSk9GUDBka1Jmek42em1tVkNTVGM5d3hJb0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjU2Mzc0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYxNTQzNzAzNTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjE2ODc4MDE2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY2MDE5NzAyODciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNjMiIGRvd25sb2FkX3RpbWVfbXM9IjYyNjM0IiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMzE2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3836 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:4eNyj-d7UWrUnknF02HSwPQOU2pVr8enLlbNbp_wbpNtx2dF2AqkdkUg_DLrStVZpSKKOrfveayyxcJSAUNu1DdgPpNRszJcATa2qLZDcAyAMaxH6yoy6rN_6qlO2qAb--I_1FiT_wFVZK3zaIFb-Gc-ZXW7iEEvTXY1tjgSDjZTTb6xRHkUy11S9uZ8ofbrYIyYwRfj_WvLTKfwRsEbJ97j_21VBy0ifTtCMOo6RQU+launchtime:1714593865570+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714593456339006%26placeId%3D11927338608%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbd4ee5dc-78cc-46f2-9bd2-fb2d13e3d023%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714593456339006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1756 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:K1-UG51sQJp9_tUNwN0bJ87ObrhoFHyLY__je59mENYoxlXJ5i3hvofe0PIhM4U8YfBHVPWUcb-xx7WCx9wpByis_6mV0aVP8AuC3NDDpEUYExwRyqp4lBBc4iGs_9taq0W4DQKD40Z4kp068ut08-y70L24BIQWusiM6WfdnS5vtZHqXhmzWn0r5eRMcTGL5-C8Ai3bx1QSTf8Tr1YfGa7m71TPfYZp3Cnu38rH6YA+launchtime:1714593882970+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714593456339006%26placeId%3D11927338608%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db9c33cf4-ca6e-45fb-9996-87b366460655%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714593456339006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2380 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:ulXX5LUW4mEXB3JlcVkptvIYrHH0pya5B2NNJ9Ymg9WqyrH8fsGXUgIoJEt2PajzWAfIkpY681TF_pH0BieSsMWU61p9hXiCDjnj97U5FozJYZTl3S5gZlK7T7j-B1nc1i2NjCi10fPk71zQUOma8D9iZwLghAuZnqUuMAXmXtPlQx4i7M93DSmgHRjiSBqInLeQVl8g_eWwjZggDXSv1Vbo9Ymp3erdtxhvz1vDpm4+launchtime:1714594037945+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714593456339006%26placeId%3D11927338608%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8b5c243c-20d9-489c-8c86-e8f38b9a794e%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714593456339006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B8153D7D-D86A-4EFA-BD57-1AB6599288A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B8153D7D-D86A-4EFA-BD57-1AB6599288A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{37FE22D5-2711-45A4-811A-2DBF7B2E0784}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzdGRTIyRDUtMjcxMS00NUE0LTgxMUEtMkRCRjdCMkUwNzg0fSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3MTM5RUEwRS1BQkQ1LTQzQTUtOTlEMS0xMTJBMEQxRUQ2RUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODYwMTY1NTQ5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODYwMjA1NTM3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxOTI2NzU5MDQ2MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTk4ODEwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVuUW5TRG9ZSFhRU1hsNllxYVlJQjAlMmI5bDJkOTB5MkJteXd6QVVIR0t0NTNEUjdOMiUyYlVWdXhXT3BURndYYVp1RTIlMmZDdXFKUUQ4YXg1bXp0Q25RRmV3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTkyNjc1OTA0NjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTk4ODEwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVuUW5TRG9ZSFhRU1hsNllxYVlJQjAlMmI5bDJkOTB5MkJteXd6QVVIR0t0NTNEUjdOMiUyYlVWdXhXT3BURndYYVp1RTIlMmZDdXFKUUQ4YXg1bXp0Q25RRmV3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjM2NDA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE5MjY3NTkwNDYxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE5MjcyOTA1Njg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODYxOTU1NDk3MDc0MzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNC4wLjI0NzguNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins3NTVBMThBQi1GM0ZCLTQxRDgtQUQwRi0yQzBFRTJCMjYwRDJ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{37FE22D5-2711-45A4-811A-2DBF7B2E0784}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzdGRTIyRDUtMjcxMS00NUE0LTgxMUEtMkRCRjdCMkUwNzg0fSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NzA0MjBCNjMtMzZEOC00MDFFLTk5OTEtRDFDOTU0RDlDMTUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQ1OTM2NzEiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE5MjgyNTkyMDQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5680 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4420 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3356 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1568 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8
C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1764.2708.14218718843829470814
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7ffe165aceb8,0x7ffe165acec4,0x7ffe165aced0
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1724 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1964,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2132,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3584,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4008,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3672,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4812,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=340 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5108,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5076,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5428,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x0000000000000480
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDYwNEJBQTItQzk2OS00OEY4LThCRUEtQTQ4QTkzMkNBNUFEfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QjQ4NzdEOTItODY1MC00RUE2LUE4NUUtQjExQUJGOEI2ODEwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGluc3RhbGxkYXRldGltZT0iMTcxNDE0NDQ5NSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU4NjQyNDI3NDE5NDY2OSI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQwNjgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyMjgzMDU3NTU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDYwNEJBQTItQzk2OS00OEY4LThCRUEtQTQ4QTkzMkNBNUFEfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2OUEzM0I4RS02ODdELTQ5NzUtODg4Mi0wQzU3ODg4RDE2RkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyMjkzODM3ODgxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIyOTM5OTQwNzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIzNDc1ODczNTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE5OTE1MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hbmVXMkt3b1B6UjNUNUQ5JTJiejRBZU1hYlNaOFFuYmt4dkw4Q2E2VGJYSzQ3MUpRJTJmN2c5RlZTcng4VGkzdzVQeXljSnhsVXhQR0Z4eSUyYnluUTFhbzV2dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIzNDc1ODczNTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1MTk5MTUzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWFuZVcyS3dvUHpSM1Q1RDklMmJ6NEFlTWFiU1o4UW5ia3h2TDhDYTZUYlhLNDcxSlElMmY3ZzlGVlNyeDhUaTN3NVB5eWNKeGxVeFBHRnh5JTJieW5RMWFvNXZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iNDk2OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyMzQ3NzQzNTQwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIzNTU1OTQ0ODMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMjM1OTE4OTcyNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM5MCIgZG93bmxvYWRfdGltZV9tcz0iNTM0NCIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5704 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1714594381391+avatar+browsertrackerid:1714593456339006+robloxLocale:en-US+gameLocale:en-US+channel:+browser:chrome+userId:2490176024+distributorType:Global+launchmode:edit+task:EditPlace+placeId:14499138401+universeId:5006053822
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7255888c0,0x7ff7255888cc,0x7ff7255888d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x22c,0x228,0x254,0x230,0x258,0x7ff7255888c0,0x7ff7255888cc,0x7ff7255888d8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6b43188c0,0x7ff6b43188cc,0x7ff6b43188d8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDVERDM4MUMtOUE1RS00MjU1LUI3RUYtREIyQTkwODMzNUJCfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFNjQxMEVBQS1DNkMxLTQwRUYtOTM2Mi1ENUM3MTJBOTBDRDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjg3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0ie0EyMjA0NzI1LUIwNzgtNEI1MC04MzkxLUVEOTgzRkFBQzBBQ30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODYxOTU1NDk3MDc0MzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyNzMzMjc4MDQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyNzMzMzc4MzUxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyNzkwNDA0MDY1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyODIwMTUwNzY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDIyODkzMzg5MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMwNSIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIxNDA4NzUiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0iezE1NUU0RTlGLUQyMEEtNDA5QS04QTZBLUI5M0FBOUFCNjBBOX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBjb2hvcnQ9InJyZkAwLjIyIiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTA2Nzc0OTQ2ODQ4NTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgYWQ9Ii0xIiByZD0iNjMzMCIgcGluZ19mcmVzaG5lc3M9Ins1Njg0RTVCMC1DN0EzLTRFNzUtQjFDOC05NzgyRTEzODk5MjV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.95:443 | js.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | udp |
| US | 128.116.99.4:443 | roblox.com | tcp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| US | 2.18.190.83:443 | apis.rbxcdn.com | tcp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | udp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | 75.190.18.2.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| FR | 216.58.214.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| FR | 216.58.214.67:443 | beacons.gcp.gvt2.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 18.239.208.92:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 3.134.228.184:443 | aws-us-east-2c-lms.rbx.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 54.177.223.231:443 | aws-us-west-1a-lms.rbx.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 3.134.228.184:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 54.177.223.231:443 | aws-us-west-1a-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| DE | 18.158.231.76:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.228.134.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| DE | 18.158.231.76:443 | cs.ns1p.net | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 18.239.208.102:443 | c0aws.rbxcdn.com | tcp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 18.239.208.101:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:51068 | tcp | |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| N/A | 127.0.0.1:51072 | tcp | |
| US | 18.239.208.47:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 134.237.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:51075 | tcp | |
| N/A | 127.0.0.1:51078 | tcp | |
| US | 18.239.208.47:443 | setup.rbxcdn.com | tcp |
| US | 18.239.208.47:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | voice.roblox.com | udp |
| FR | 128.116.122.4:443 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:51635 | tcp | |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 119.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:51648 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:51651 | tcp | |
| N/A | 127.0.0.1:51658 | tcp | |
| N/A | 127.0.0.1:51761 | tcp | |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | udp |
| N/A | 127.0.0.1:51990 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:52002 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:52005 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 18.239.208.114:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:52018 | tcp | |
| US | 8.8.8.8:53 | 114.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| FR | 128.116.122.4:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 112.61.62.23.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:52215 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| N/A | 127.0.0.1:52219 | tcp | |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:52222 | tcp | |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:52227 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 143.191.67.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 104.109.143.93:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.143.109.104.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | create.roblox.com | udp |
| US | 18.239.208.42:443 | create.roblox.com | tcp |
| US | 18.239.208.42:443 | create.roblox.com | tcp |
| US | 8.8.8.8:53 | o293668.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 18.239.208.15:443 | webblox.roblox.com | tcp |
| US | 18.239.208.15:443 | webblox.roblox.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | doy2mn9upadnk.cloudfront.net | udp |
| US | 18.239.190.57:443 | doy2mn9upadnk.cloudfront.net | tcp |
| FR | 128.116.122.4:443 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 18.239.190.57:443 | doy2mn9upadnk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | t1.rbxcdn.com | udp |
| US | 18.239.208.13:443 | t1.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| NL | 104.109.143.70:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 13.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.143.109.104.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| BE | 2.17.107.82:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 82.107.17.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:52818 | tcp | |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:52822 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| US | 18.239.208.119:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:52825 | tcp | |
| N/A | 127.0.0.1:52828 | tcp | |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c53.gcp.gvt2.com | udp |
| US | 35.217.93.191:443 | e2c53.gcp.gvt2.com | tcp |
| US | 35.217.93.191:443 | e2c53.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.93.217.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | ephemeralcounters.api.roblox.com | udp |
| FR | 128.116.122.4:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| N/A | 127.0.0.1:52941 | tcp | |
| N/A | 127.0.0.1:52949 | tcp | |
| N/A | 127.0.0.1:52952 | tcp | |
| N/A | 127.0.0.1:52956 | tcp | |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.25:443 | images.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| NL | 23.63.101.170:443 | js.rbxcdn.com | tcp |
| US | 18.239.208.26:443 | static.rbxcdn.com | tcp |
| US | 18.239.208.26:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 27.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.208.239.18.in-addr.arpa | udp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 128.116.102.4:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| FR | 128.116.122.4:443 | metrics.roblox.com | udp |
| FR | 128.116.122.4:443 | metrics.roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 104.117.77.144:443 | apis.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.77.117.104.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 51.140.242.104:443 | tcp | |
| GB | 172.165.61.93:443 | tcp | |
| GB | 172.165.61.93:443 | tcp | |
| GB | 172.165.61.93:443 | tcp | |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:53487 | tcp | |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| GB | 104.91.71.142:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 142.71.91.104.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | users.roblox.com | udp |
| FR | 128.116.122.4:443 | users.roblox.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:53756 | tcp | |
| FR | 128.116.122.4:443 | users.roblox.com | tcp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| FR | 128.116.122.4:443 | users.roblox.com | tcp |
| FR | 128.116.122.4:443 | users.roblox.com | tcp |
| FR | 128.116.122.4:443 | users.roblox.com | tcp |
| FR | 128.116.122.4:443 | users.roblox.com | tcp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | develop.roblox.com | udp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| FR | 128.116.122.4:443 | develop.roblox.com | tcp |
| N/A | 127.0.0.1:53952 | tcp | |
| N/A | 127.0.0.1:53954 | tcp | |
| N/A | 127.0.0.1:53956 | tcp | |
| N/A | 127.0.0.1:55228 | tcp | |
| N/A | 127.0.0.1:55230 | tcp | |
| N/A | 127.0.0.1:55232 | tcp | |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| FR | 128.116.122.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| N/A | 127.0.0.1:55244 | tcp | |
| N/A | 127.0.0.1:55247 | tcp | |
| N/A | 127.0.0.1:55358 | tcp | |
| N/A | 127.0.0.1:55367 | tcp | |
| N/A | 127.0.0.1:55369 | tcp | |
| N/A | 127.0.0.1:55456 | tcp | |
| N/A | 127.0.0.1:55458 | tcp | |
| N/A | 127.0.0.1:55460 | tcp | |
| N/A | 127.0.0.1:55462 | tcp | |
| N/A | 127.0.0.1:55464 | tcp | |
| N/A | 127.0.0.1:55473 | tcp | |
| US | 18.239.208.108:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 108.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:55648 | tcp | |
| N/A | 127.0.0.1:55650 | tcp | |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | tcp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | tcp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.169.67:443 | beacons3.gvt2.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 96.16.53.139:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | create.roblox.com | udp |
| US | 8.8.8.8:53 | webblox.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| US | 18.239.208.48:443 | create.roblox.com | tcp |
| US | 18.239.208.20:443 | webblox.roblox.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | o293668.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o293668.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | users.roblox.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 18.239.208.20:443 | webblox.roblox.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| FR | 128.116.122.4:443 | locale.roblox.com | udp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | premiumfeatures.roblox.com | udp |
| US | 8.8.8.8:53 | itemconfiguration.roblox.com | udp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 18.239.208.84:443 | t7.rbxcdn.com | tcp |
| BE | 88.221.83.43:443 | t7.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| N/A | 127.0.0.1:55930 | tcp | |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:55938 | tcp | |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| N/A | 127.0.0.1:55941 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| N/A | 127.0.0.1:55944 | tcp | |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| N/A | 127.0.0.1:55951 | tcp | |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| N/A | 127.0.0.1:55965 | tcp | |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| N/A | 127.0.0.1:57235 | tcp | |
| N/A | 127.0.0.1:57237 | tcp | |
| N/A | 127.0.0.1:57239 | tcp | |
| N/A | 127.0.0.1:57251 | tcp | |
| N/A | 127.0.0.1:57254 | tcp | |
| N/A | 127.0.0.1:57257 | tcp | |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| FR | 128.116.122.4:443 | gamejoin.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| FR | 128.116.122.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | avatar.roblox.com | udp |
| NL | 128.116.21.33:50053 | udp | |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| FR | 128.116.122.4:443 | avatar.roblox.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| US | 18.239.208.40:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 33.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.208.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:57259 | tcp | |
| N/A | 127.0.0.1:57391 | tcp | |
| N/A | 127.0.0.1:57394 | tcp | |
| N/A | 127.0.0.1:57402 | tcp | |
| N/A | 127.0.0.1:57417 | tcp | |
| N/A | 127.0.0.1:57424 | tcp | |
| N/A | 127.0.0.1:57466 | tcp | |
| N/A | 127.0.0.1:57483 | tcp | |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| FR | 128.116.122.4:443 | avatar.roblox.com | tcp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| FR | 128.116.122.4:443 | chat.roblox.com | tcp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| FR | 128.116.122.4:443 | economy.roblox.com | tcp |
| FR | 128.116.122.4:443 | economy.roblox.com | tcp |
| N/A | 127.0.0.1:57659 | tcp | |
| US | 8.8.8.8:53 | assetdelivery.roblox.com | udp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 18.239.208.102:443 | c0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c3.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t6.rbxcdn.com | udp |
| US | 8.8.8.8:53 | c2.rbxcdn.com | udp |
| US | 18.239.208.99:443 | c3.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.47:443 | c2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 99.208.239.18.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| US | 8.8.8.8:53 | t0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t4.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t1.rbxcdn.com | udp |
| US | 205.234.175.102:443 | t4.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | t4.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t5.rbxcdn.com | udp |
| BE | 88.221.83.43:443 | t0.rbxcdn.com | tcp |
| US | 18.239.208.123:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| US | 18.239.208.123:443 | t1.rbxcdn.com | tcp |
| BE | 88.221.83.43:443 | t0.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | t4.rbxcdn.com | tcp |
| US | 18.239.208.123:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| BE | 2.17.107.202:443 | t2.rbxcdn.com | tcp |
| BE | 2.17.107.202:443 | t2.rbxcdn.com | tcp |
| BE | 88.221.83.43:443 | t0.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| BE | 88.221.83.43:443 | t0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| BE | 2.17.107.202:443 | t2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t3.rbxcdn.com | udp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| BE | 88.221.83.41:443 | t3.rbxcdn.com | tcp |
| BE | 88.221.83.41:443 | t3.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 41.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.41:443 | t3.rbxcdn.com | tcp |
| US | 18.239.208.40:443 | t7.rbxcdn.com | tcp |
| US | 18.239.208.123:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.123:443 | t1.rbxcdn.com | tcp |
| US | 18.239.208.104:443 | t5.rbxcdn.com | tcp |
| BE | 2.17.107.202:443 | t2.rbxcdn.com | tcp |
| US | 18.239.208.114:443 | t6.rbxcdn.com | tcp |
| US | 18.239.208.40:443 | t7.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | assetdelivery.roblox.com | tcp |
| US | 8.8.8.8:53 | itemconfiguration.roblox.com | udp |
| FR | 128.116.122.4:443 | itemconfiguration.roblox.com | tcp |
| N/A | 127.0.0.1:57662 | tcp | |
| N/A | 127.0.0.1:57665 | tcp | |
| FR | 128.116.122.4:443 | itemconfiguration.roblox.com | tcp |
| US | 8.8.8.8:53 | inventory.roblox.com | udp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.4:443 | inventory.roblox.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| N/A | 127.0.0.1:57680 | tcp | |
| N/A | 127.0.0.1:57693 | tcp | |
| N/A | 127.0.0.1:57704 | tcp | |
| N/A | 127.0.0.1:57706 | tcp | |
| N/A | 127.0.0.1:57720 | tcp | |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| N/A | 127.0.0.1:57744 | tcp | |
| N/A | 127.0.0.1:57746 | tcp | |
| N/A | 127.0.0.1:57748 | tcp | |
| N/A | 127.0.0.1:57750 | tcp | |
| N/A | 127.0.0.1:57752 | tcp | |
| N/A | 127.0.0.1:57800 | tcp | |
| N/A | 127.0.0.1:57802 | tcp | |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:57995 | tcp | |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| N/A | 127.0.0.1:58657 | tcp | |
| N/A | 127.0.0.1:58691 | tcp | |
| N/A | 127.0.0.1:58693 | tcp | |
| N/A | 127.0.0.1:58695 | tcp | |
| FR | 128.116.122.4:443 | ncs.roblox.com | udp |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| US | 18.239.208.108:443 | t7.rbxcdn.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| N/A | 127.0.0.1:58751 | tcp | |
| N/A | 127.0.0.1:58754 | tcp | |
| N/A | 127.0.0.1:58767 | tcp | |
| FR | 128.116.122.4:443 | ncs.roblox.com | tcp |
| N/A | 127.0.0.1:58770 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| FR | 128.116.122.4:443 | assetgame.roblox.com | tcp |
| N/A | 127.0.0.1:59375 | tcp | |
| FR | 128.116.122.4:443 | assetgame.roblox.com | tcp |
| N/A | 127.0.0.1:59390 | tcp | |
| N/A | 127.0.0.1:59406 | tcp | |
| FR | 128.116.122.4:443 | assetgame.roblox.com | tcp |
| N/A | 127.0.0.1:59423 | tcp | |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4396_PCSGJNJIZXESEHLU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e828b53f-999c-499e-9fff-ae3db52f8f15.tmp
| MD5 | 71f945916d078bd5c71f99ab877ed3df |
| SHA1 | dc508bbe1c919f4c5789b879847b5a6217f0392d |
| SHA256 | 5b83a4a6cf2cd3aaef578790c1e89bfc07d5699f0ec56f23a6bc7dc9bd68cbce |
| SHA512 | 8b3f13b21979f5a4b7c6c2a1d4d04677ce20a36dea9026ded99ddb6d70f34294790728b0ff20dff1f154b7c85f319a8079cc137515d0436b659961537320cf72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a627bc84fd55122ec8cae1ccee970799 |
| SHA1 | 9155572f2bcd662a8aad47ce38934a5a159fb51f |
| SHA256 | 1184091f23a403e86dd2682cd867ba7e61a0d4f70c8d4711bdcc26e09618016c |
| SHA512 | 68f828fca5b33046e76282076700b378bc4c2218aafbc5c48016ab20a6b01c5ae2382e77897184af3b43fadf63d196732fbd8cb6acb0ddf6e2f3b3362ebc0ccc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7436f641530eacac5bb9893413c9d022 |
| SHA1 | ec41e6354710164c3bcb6a4acb9f9148e5376baf |
| SHA256 | 6e7d132e8ed14753cc9e03747188a6815cec250b4a409bf3384f17261d870e6b |
| SHA512 | 0d3f282a53f825ee165f47ccee7aaa744838efb8ff5cf93270ff4aec9a8f06916bd9f6c862f9d2399b4b450e1034556ac16cf8ac627f064d9128600c5d6c3af7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a15ea8c2159bf37401f56f25ae8dec7f |
| SHA1 | fe4f200d1a13cc463e41c61cb68fa6c366e71f43 |
| SHA256 | efbdbe1a980d1b0c560af44a0a2fb0ad0e54600f4c7d443c78cb7035375a05ee |
| SHA512 | fe4aa70861ed9d12f69b73f4df6eee33d32e4263a8a46db0f14a6817b92ad1b68bd5391f144976d744f78512d09d597689abf9ba8e163971374011bc47a1d5f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27eabca6809d70491593e624f2328682 |
| SHA1 | 6e1869fbe251c2ffaff1fa29ec1a1ad4666227c5 |
| SHA256 | f9c148dc204282985428490b810f7f5c8950756f8a5b07348906085070e1b75f |
| SHA512 | 1dc948689560d6a901c762c6966e653b47ee0408798ccd17e3a607420a8efb6993303ec15c495d71d01172930e33d507efbb15c91d8b4dab52e218f7b32447bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f00735c0c27f50bd05d9a5cfd451eab |
| SHA1 | 067a86c21e09424211536a2eb2c57d41d6da757f |
| SHA256 | 819a3ab0eea5cd2972889d4d8448f40bddf9f89617b74309238d937bd7f4d14b |
| SHA512 | 4fa3415664f04fe26a33d671c87cd0b4b0fc551374f30cefa4c8ba3a150523865420d0343ff2ceed33855a519023a06d7a3aa6c6087eddfcee310969689f684d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e41d7d13c43406f4382c27dd358b26e |
| SHA1 | 2dcad26f8fb5216edf5c30e583d3e45fb795de63 |
| SHA256 | 8dd75d0cbb44b9d259f3b91106dd9ab0daafbbd3b86457e23ffa93f53f4c2f30 |
| SHA512 | 9cadbc490f24cd31b90b95d9c6f974d844e1533ef20abcb9aaf2d197f6f959e002c310ad133433398a313d7a9442bb7057006fc0de49d826703d921eba7e7bd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b654998f00b013fd398c5d26c3cc4e4 |
| SHA1 | 299a0dd0d010ff6cb32706ec78cf131afe761a5e |
| SHA256 | 0913800627000a0df0a7a7a891f5bb073f4f812c870871bcfb9ce4e960cca2b7 |
| SHA512 | 98fa4e9dc31a7fd11465fe459825c426256d4e2f4b2c416ee7a75b6c2ea1489f7d9a03fa7b8009629d49c36eff9723c83684df2a65c384c3fdf1a6c2de721bc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 06bf6287ed8fd6c4e3228a20be3f2541 |
| SHA1 | 0562f7f87f1f26b61a0eaa01d099311ad13695f6 |
| SHA256 | 3367ebd2619abbfbbffca577045f5d6ed7a4838dad48312a7df328b6c10b3ea0 |
| SHA512 | b30be0c00fb52a6207bf8a11a0d998e6757f12dc550b8783f2964c821b61714cd8e15a8e56cc6f31c5e2e347384031c76d32396eb38fb0342fd984525b71810e |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b2b46e0d63670dcbf4b4aa4c7db0ae9 |
| SHA1 | 6d68577bef9067f8cbe66c89ab4e8e4744298065 |
| SHA256 | dede34e89b75728c48b95d064d12ba2b3d0be230ecc12191c098b073b8f750af |
| SHA512 | 1332f14a9d5084e6350054cc889f43c53027f9fe6162cb6fdb3f20b034af1400c767f58f2bda95d0679a3c2bc446c017adc83ea802cfe17b82e1136f99b28d67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 37eae1a887a553cb5a30487cf05d66ad |
| SHA1 | b96929fad252804ca465b0d1c42e1fdcdf5215b7 |
| SHA256 | 3ca60784ae2754ab8ea617d86d114eb687570ff59c239bc72b1a7c94a22a2251 |
| SHA512 | 6dea86cb02747006c772b6d456b372332ff3c5d359107ca7d6a2dd22b47f3fccddf75e844b3b14b4ce92c1004d14bbb30706cbc54a92e4fe8865171eb1a06859 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe651d38.TMP
| MD5 | fc5194ae1eab6f7490cd905016f72c8f |
| SHA1 | 63c9caf93da91144fa64145adf0ad1baa3b5e8c7 |
| SHA256 | eb4615ed6dd76d5830168cde839d36b430007c4e686e9bce111f66c46c3f6420 |
| SHA512 | f8613a3780309596f42751e3a27607a0cae61d1a4ccb9f5860e240923988f4150cdbddb1d95faf8958361291dc8f649fa622cf8c3cec5e53f675d8df23f75384 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 238d3a63ab1e54d2c34d819d4f367f2f |
| SHA1 | 85866da3421a66c3dca35de9ee68631555006df4 |
| SHA256 | b4c03ba3368aff08b52f6b113ad2e34e48f5ecff50e763c025c71c79a51a770c |
| SHA512 | 16cde001feb20e96c2abd949b612b9353426d8c9dc2446828ad968d4d231f1fd9bcd572e76dc9deddac54617dad992d617365347fac312dc652036310e6444f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff402b39ac46998968a6e1b2fce9b2eb |
| SHA1 | b0a45769bd25cc7c4ae0a3371a9de770a27a8627 |
| SHA256 | 8affa4f43530ed0fb36d70237ee9c146067f5ba9eda21cfe5df418dd64c36c89 |
| SHA512 | 957735c67e02652f5bf6934d762721b2e2d94ce70f3654797726a979221678dcf7a6589ad8cdc29e3339839af95007f89ef3d9359550c7b7dc3b3eb5c91e55df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac90f9546e93f90dced1a0df1dea227c |
| SHA1 | d3374d18354bd683f560e5a952a38086c32fcf39 |
| SHA256 | 1551169e779dbc979d1b90a133f86912a8aff937da125a51da6e9803afab1514 |
| SHA512 | 55f33edc9e5d3048627e052e9d0a5e7736a8357ca39bc38e8755b996e7ec0ae880461383b0b035796b3dadc8e571eb1b92f5d3b0e6bc6644269d0b7f153fb8db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb1b58779081494f063cbd94beda25fd |
| SHA1 | 2fc18d90285421ba718533a4c2161616860c0db6 |
| SHA256 | f799b2a1de665d736bb5a3858dec73e43d11e8e13dfcdada60030a9b634bc8a1 |
| SHA512 | 029f99bf44dc908bca8cfaf8070539180b676a1813295f80806ac61fff152318b8ad720aa8a21a131f636cd5c7ffcd7d4f4981737b217ac30fbc70d62061f38d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c8129fdab8ca5e7e10d9daffec348c01 |
| SHA1 | a976951abf81933403fa51ed655bde903128e533 |
| SHA256 | 579058a2513445b759fd752e0283ff8e41b61584f80a95e8aaec4e8541f9e362 |
| SHA512 | 29d8899e8a8d2c48c77de5e7c1be07cec8de1623d35607e509e570b3e19c2411edead7fce562c755147d34985a160ba811e314c34f7ec66245a11bc2cddcecd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8462b97fd4ea254146c3621a41b8a549 |
| SHA1 | 1908a61404fe4ec7dfff46ff323d1466b568d066 |
| SHA256 | 37fa3dd666d5fc81954fca16a6ba8fa2bec26c4cf2e7a18b27d9918e63d9af1f |
| SHA512 | a32c7b7c526bb35d3203db06a05ab39e9fc5ce0c8abc71fd01c4d0543561ba5df15d550b9429735ed5e352a4896a81ce84e8e684e58778dca457cb3a129eb240 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | ef632c156054a683fa8e4ba68d46cbca |
| SHA1 | 996f0045ccb2cb2afdd5ec1fadaa940c498dc69e |
| SHA256 | dfbc22478bd963a9664cdc19c40fd8bb2da922fe472ca6d57eb86b15ef38594f |
| SHA512 | 7195a5d91bc3a14a6144cc10425bd6fce05d4e80430ce412a0a4c50a32779290f4bbc3c008bec9c3c9374d23ec2dc3d602f03f426825ed11f208bd16960ff705 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 793b639f0483074bf878fcf19c131678 |
| SHA1 | b1a2ef0fd4d7944a9519e54e3201a05c62c90415 |
| SHA256 | b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869 |
| SHA512 | 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4651ebf645f36e870b787317127a70f4 |
| SHA1 | 5d8b21310ac8d6006fa0537763939ae13549e9be |
| SHA256 | 7308ece0cbb762fb772b3cd60c5b6dd5e5772d2c981cd1b3690fedd4693f9f19 |
| SHA512 | 5469a7f23f0a932903f9d2b7c417328013790d72c7146a9e0917a0a0d70a908c92b67a0d80a692f38f881fea291b93365c672827ce28d365ce2d1ffb6949866e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b386597d7768818787e59c506547bfbe |
| SHA1 | 5ae57b79b0b62429a0d552a3645b16b5eec0a15c |
| SHA256 | 529991bdbef29e313eb9210b816935c6055d4d801c9c6d3e10922963c1654458 |
| SHA512 | a0d51cbc816f7272bef76816662c9be2c2f42ff26fa41e5eb60486de3961b8397592f61952e238624c6f59fd7c00b420226eeeb8ea4c91b91c5a1ed86bd6ae6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89b37ea286843f0cc917ee6312608230 |
| SHA1 | 030dd4c604bf39c490afcac43c941fde166e8db6 |
| SHA256 | bc8ce0115b6da050a8876a026f93f32e04d385167dd6883d96db7ee8c3cc6f46 |
| SHA512 | e628ba17918e74c77919f71d8694a653b7d3fbeda9a668c75ba57595c200495de8b202d5f48bef73bf1b614e60ff40fcfb60957ca89c712cdb605c3a85a7956b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 51b7b8ddc748a235a64293903f5fbd7f |
| SHA1 | ba605d819da95d714344b16089b9140bfb06331c |
| SHA256 | 0480e2a8c8c08b48c9a222b434522a2b399a25f8dc896402cc77ace1d5f150ff |
| SHA512 | fa1a64888d5f442c12ca4709177586433e492482eb00a719ea352f064023487b89d7ac4f8cf16e66316888bb34a04a17894f6cad618958ac606bcf5a1d46d4b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8be619a4ff17791ea2c5bbd24a82ae6b |
| SHA1 | 34019858ba7f23207ea06cf2d517c37fce495d64 |
| SHA256 | 3a8ec31b064233384693e24a47d2fd977007b55fddd9ae3a37c7b4633681c2ff |
| SHA512 | b8f6082edef8e0cb65f5e663c4ecfd2750e579000693aa1eb322f2f0acdd024a9d0a55f016cb45181b136bfcfd84bd01eb15e68ab40cdc02fc92c276293d1dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dd5818826a60e2af1ea4884ef59bb55c |
| SHA1 | 377d9c845041d127f4fb1d1ce07e7c0f8560c242 |
| SHA256 | db7ea69f9add72747753e9f164242dede33139c65c7a84a9a8fc8e38f3c8933a |
| SHA512 | cb71ae41792c4956b60ab7ddf6229186bf081b47aa44eb111452a89c8e6ceeede29ae8803d9add52b95345c423f380656fd846eaa03db4a0f9e63f0967752dd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d4605d2310a2ba5c06b135a30861159e |
| SHA1 | cb2bb34cd496c28ac63fcf40f4f77727c373fd1e |
| SHA256 | e75cd06f0868172276735c16f622003d4b1dbf83a4c89c2fd05f4e6ac6d38227 |
| SHA512 | 1244202470af745c6ecc64ff577c782f6e1ada586c210986143daebe2b461879b71c047be5b5f0aa9af010d09e24cc521255bf0254274bdf681f1d752a2e1986 |
C:\Users\Admin\Downloads\Unconfirmed 191745.crdownload
| MD5 | a2f58a117c60b1622eede88d2163ef19 |
| SHA1 | 91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631 |
| SHA256 | e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04 |
| SHA512 | 19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | cceab286992d9d5ae9267960f2e82a55 |
| SHA1 | 7bd30d2b266c7380c6a601a7c0f47b5ac27fb667 |
| SHA256 | 21b39ce26e0fa0b47b3b5fcfa4468820d3e413164ecb8128225b6dfd3e309a93 |
| SHA512 | 5cbb34fbe68130cf1a8ceffb8beea794b2691fdbe5010f4d142eec4fde090bfe967c8d9a9d51743c93ef51d126ccadc8fcd20cfa21b7e776955aa3f7cd47558b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1179550ccc39f4e534aa4f9cfabd10b3 |
| SHA1 | 465b05e4068ebb57949e8203a06685ae3641195a |
| SHA256 | fdcbf28ca1726ea33656b7a2833595d3625ccc094ce624b5072e880bdb273b1a |
| SHA512 | b695e7dc7a9738bbb82a70d8d6d27a50522939c7ebf9dd638fc0f36c0c0e8a448b0906c4a7311f377d5ee4c75191d78250396d33f7c6ba0c2cfba86d2ece4033 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9b14aa5c40cea780af0840c54cbec6c |
| SHA1 | 0aadafedc6e6ba3afba93e2d575f0b1178fa5a13 |
| SHA256 | 97783ea69bd6fbeb0c8f39571173f5b1f129f2a58dabe9119faf9cda1b316328 |
| SHA512 | 6f8e5c29540099df7deda2ce1517f54fcaf8261311b9be79694445e8db61739d5866886c4850cfd38ed758aa433f183ce8c206ebc30e27a046a44df2ffe0090f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54aee5d7d325b0928d661047488af5e1 |
| SHA1 | 4328a200b4b59935c588a982cb293eae162a4d43 |
| SHA256 | 5539a76e880b8cae5158cb1757bd326919e48d8714fedb211ac19eeecb14c65c |
| SHA512 | 48edac377b1db3ecd00c2eb2bcd365fba21e3614be855e65657f7721f5d4997f159c56adc565411276021500dd4f59186ba9059f553e405fbf396ff9e0967158 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 63eefec27c6cf3589c7aa42c1f8ab0cc |
| SHA1 | 1b408a4d1b41a2bfcc753e1d9ca7a535cbee7080 |
| SHA256 | 47b9ca7a81ae17f8fc3d2a29d9df67b9f2d3283181260f637e5006d10568ce1e |
| SHA512 | c34a612352f80b75c1650c5bdedabdb3a22bb09e499dd70c161b08fe055138a0d53ed55420930ef68d5fd40da1663fbb14fee019460df768ed6daaa2ace89120 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09f3991d76415f218e7b90d2c95deac1 |
| SHA1 | b61db1aea250e4f79686ded7f939e51032dcb377 |
| SHA256 | 798212baa1042373fcd9075ea435755384565f28e141843fd73c3aaefa9b4fcf |
| SHA512 | e352ca743444621ca0e847daba2ace29a9c9801be4c3ef1c929be5614457748f38f3f59afbc1de1c8f6c87756edce1fdf22e1a94a4219fb8bad192ccdd405e81 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | e284a7bdf53b953d5514c6abe985ed60 |
| SHA1 | 91655419b0e29b53bebbd102127056f396af6bb0 |
| SHA256 | de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e |
| SHA512 | 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f76dd699b5cf8b046b741a6a8c4dad8c |
| SHA1 | 42d51fb59d178684c210d50555d442479b8ed477 |
| SHA256 | 9a7da47d6952af4f49eb3ebcbdf58521c82c1ce1d18132976934171e09784a86 |
| SHA512 | d9b37756e2d9f753e7bccb07b056f2aeddc50ae0584d3321d6c34b4c83ecd61d438dd1fb78a23c4ad9ba097a750b7e989614eff7736cd1b8ff2aebf9208ab64e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7b5093531a47d3d4faaf63e5f3f41083 |
| SHA1 | 9e4059b5f6b8c6641196d0e147abb047762de99f |
| SHA256 | 9f8b235e1437f620d97a3be3c65b8565c4da7b528dd6b0f0cbcf95cf1b2ac84f |
| SHA512 | e87a8af5f70d2682d82c5059e69cf94bfeb40e5de4316fba7cd9cdb4b4fc86418cfcceb2abc965d70ea6c31cdbff57b1f06b8de8572add5035c28736268dc2b6 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\523f61d67bf4c528e001c52e84c35ef0
| MD5 | 523f61d67bf4c528e001c52e84c35ef0 |
| SHA1 | f26774809dc1ea0bc7376606964ebcc06bfdc398 |
| SHA256 | 834bd41f708d1393a528da769b015538b45b279b4af4969e1df54c0c426add3a |
| SHA512 | d99d834d3632804160428367360f8a4c0ab6e1c9146ab12b07d6f44c30def1482809d5cac41ae84a64e5d8b99a4fcf2090c74e39b2692094168737501301b15f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89bd74b9fee3ee36378f29b27193a201 |
| SHA1 | 43ab898aa789ad6f6f1acce6294ef8580a8de1da |
| SHA256 | 140709748c34b8e1b687f7a59887e5f4b4a0273f66242243b80418954c96e70e |
| SHA512 | 9c62928f5ca9c7e5c46ccb07cc402d9413aafb8294e9f967448efcb05b6adaa8dc38037a94ce92e6f29d268f09c57892187562c7573db9fad84bdaa100ed5f9d |
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 6baa25e3ca47acb3ee9dc77e23fc0655 |
| SHA1 | 7dec08b6e4fc02bc45ad1f54939c4c051a60dd2d |
| SHA256 | 5be3b61274dba0d9508e399620905595d785f5f2a8761dedc2e459883334a24c |
| SHA512 | 539e115ab33dea20c1b85ac21ec48d7ee8c4a8bfaa63c623f9aa7b97ff42b8706ecb1407d77ddc3fa8b788ff672f94832bbe8c0d289bc4454bd97e5377adabd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 988a056ee3c5b81ab123a0b5adcf772c |
| SHA1 | 7af68139820e2dccfbfa1c9d2d357e07c64c053b |
| SHA256 | 3e48ecafb7feb2588d6a658394f07d2688aedfe6d51f0d134d3d998556ae08f5 |
| SHA512 | 0674268d002b6b13bb752fdb4e7486f16237ecdb7b2c480510940c79d6330e3ed67b75200484a419fa173e1e91b57a85a669c716702abb07b7eeb1552d311e24 |
memory/3084-1504-0x0000000000D70000-0x0000000000DA5000-memory.dmp
memory/3084-1505-0x0000000073BC0000-0x0000000073DD0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 037ecccebd795408e2dba513e87ca3dc |
| SHA1 | aaf3ca89476968b5304901252566dee11fa34131 |
| SHA256 | d64d52796c8add3ed68deda477906e064edbe4f8feb0fd40c3bf5d41102f5bc2 |
| SHA512 | c46eb76061d17845b8b8eb06adae16eab4eee893e72b73106df892e248be921c750a7be7e32905fcc7efd1440e7eedb82edd660dc8cf1f744117eccf3d1c1eb0 |
memory/3084-1528-0x0000000073BC0000-0x0000000073DD0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e142d3f70dd99ab7b7d291f583a3a37e |
| SHA1 | c06eb0af12f1d6a344cb49a435a89bdea1882f1c |
| SHA256 | 133890ebf003c87f98fdb97a061fa6f1af5ea4882865368d4593269fc61f7eec |
| SHA512 | b6be36ad516c0bb6e8b6ad3e2a1549c1539b784606a6556b20f180f1fbe25028b9059bad601099512dfa858369c8be2ebb7dd815906f59e00644bdd38ad26fde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ad5e9b6fa92067f22487cabb7a99465 |
| SHA1 | 66ec557ff3beab6ed1147f2b1ab3fdb88c948986 |
| SHA256 | 0307db20f2e074bd5cbb27f5ecbd37da7a8211e7fed50035d02234337020a814 |
| SHA512 | c4d49b0127217583c604a5acee5eadfefe3cda1407eed21eb07344eeadfeb9520189c9cf5fa72de2ac10a596517a5dbf9b69cb5dd97d4cc1ddb1334fde7d8892 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94ecc72cbd1b80b0e3743122d6a48a24 |
| SHA1 | 20b121cf2df8891dac0fb4db6e00061c2fcc0a92 |
| SHA256 | b0f16200aad45e038c947bc337a3f0e009f61c4902f88501d5a8f81f0452488e |
| SHA512 | a0a6054d09e71ee90776bb4c3031347f4fd68075b91824eb02013e7a9ac64a4d70ac5b020ba3c0d0ddd13e754a43b9be7941bd8073c6116b2fe3e1a590bc914e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3d8f6ed516fa78657cf9828a6a01a3b8 |
| SHA1 | ce50a44b8c503e5116cba3dea515b4bf9b48b057 |
| SHA256 | 2a4289d74d76eeb9b0b29edc01dee9e43cf328f6dedc4d785d73614790a8b2f4 |
| SHA512 | aa923f29243437277804484e078574d98c2436807ce1a7ad11fd37997f7422a62c61328af16740d0f47a88d76fd9304420bdadf54dbeb46b7d2062248fe8e89a |
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | 6e63337a0f8c9ca0d3eff4f8d5925b34 |
| SHA1 | a9be14358daf561866832e4eea3150c2452f9096 |
| SHA256 | d90b58316b81488a184f09d807db22770517d4022ca0f865cce6816e97fdd51a |
| SHA512 | 929e41938205af0957c60a1877d7df3883ae60aed54da1d1de6fd2b96eb2a100a6ffae0e257e523cbe16f56ad2a86ad60ef1fa7ab133160ba5210f54686a0f8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61492e50fb4c4c4a3d6ca84208add140 |
| SHA1 | 677cbe95c8833a93cd7fa3bcc6715ff2143262a3 |
| SHA256 | 898a5d7a8efdf2f3d96a7fec401d61ba5b9d84dc51828e1678b0500b294cc38f |
| SHA512 | 86f5089e93557f868ca62efdd52f6c28eb26d58e149834450633246f68c0834d7e5da0565a1759a0e4cdbc450c0e48e966a2b492437fb8df7f27c54d878214a7 |
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe
| MD5 | c31297188ec9fbaa60449f769339963e |
| SHA1 | 8502d9e0cef18137529f0a46ad6e69a1577e6cae |
| SHA256 | 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9 |
| SHA512 | 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6fe7209b97cd712ad8528730fc64cfd1 |
| SHA1 | ab8b64ab56740736b5bdeb7bd54de8b5298c3470 |
| SHA256 | 2306d492580201c505790b4ea9fe657de57761a3a089cc8c45036b57af55dea4 |
| SHA512 | daa4d7095d3ac3e8293d27c9e8a5bf9eb6f323e5078226532c74a68c60a47c74b729d2dcd1d4520a4dbdbcfd46d389fc82b9b30bf82c36d52733422c7116bdb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04f337aba26b9c7d85bbe23d6aa59796 |
| SHA1 | 9c2e0a05762eaf3ce7d5ab3cd98dc3d06d0056e2 |
| SHA256 | a80cf3897ffaf4d2c45617025dadbffd472100190d3315c811dd107ebcf4f7d0 |
| SHA512 | 4db461339fcaf8bc45920d1cec66684a1627b0f86808edd68001d5405929ef37400355b81db189501a50c32144593d42cd319b40da98d60484383142973477c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 98d15cb41035ea832a75e294a0d1f894 |
| SHA1 | 240261a7694ebc5858fd24e293a404d14f8d86b0 |
| SHA256 | 70866a908a1f65a0792abb0d8cefb6065836794392e0b163c3eff5f5341a4f5c |
| SHA512 | 2584aa048fbe0b24b4ef3301e9e7077ea5f9d00f19b767f37369985acb57aa690734c58bd871049f6401cfb13271cdd1aa8da7edb16018410566f971d4b6a8b2 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2e37e60e10226cf762d39b07e1b6d5e1 |
| SHA1 | 145eabefefe935dd07aebe7ac7e4b949a3299e2e |
| SHA256 | c2053c66da67809f192b82d9a34af471a78852ec5ff798b37eebc16839f6fd8a |
| SHA512 | 91fd05a5a83a7a42a7c8601e4ed972f4329c6a545515a57c0b8e403a1a321002bbcf19a34817ec86f05a41a4d89243c400bef9e87df9afbc947788408a2e05df |
memory/3084-1679-0x0000000000D70000-0x0000000000DA5000-memory.dmp
memory/5036-1690-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp
memory/5036-1693-0x00007FFE3F380000-0x00007FFE3F389000-memory.dmp
memory/5036-1692-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp
memory/5036-1688-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp
memory/5036-1687-0x00007FFE3F2A0000-0x00007FFE3F2B0000-memory.dmp
memory/5036-1686-0x00007FFE3F2A0000-0x00007FFE3F2B0000-memory.dmp
memory/5036-1685-0x00007FFE3F180000-0x00007FFE3F190000-memory.dmp
memory/5036-1684-0x00007FFE3F180000-0x00007FFE3F190000-memory.dmp
memory/5036-1691-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp
memory/5036-1689-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp
memory/5036-1694-0x00007FFE3DB30000-0x00007FFE3DB40000-memory.dmp
memory/5036-1702-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp
memory/5036-1703-0x00007FFE3DCD0000-0x00007FFE3DCDC000-memory.dmp
memory/5036-1701-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp
memory/5036-1700-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp
memory/5036-1699-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp
memory/5036-1713-0x00007FFE3CAD0000-0x00007FFE3CAE0000-memory.dmp
memory/5036-1718-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp
memory/5036-1721-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp
memory/5036-1727-0x00007FFE3DF20000-0x00007FFE3DF29000-memory.dmp
memory/5036-1719-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp
memory/5036-1726-0x00007FFE3DF20000-0x00007FFE3DF29000-memory.dmp
memory/5036-1725-0x00007FFE3DF00000-0x00007FFE3DF10000-memory.dmp
memory/5036-1724-0x00007FFE3DF00000-0x00007FFE3DF10000-memory.dmp
memory/5036-1723-0x00007FFE3DF00000-0x00007FFE3DF10000-memory.dmp
memory/5036-1720-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp
memory/5036-1715-0x00007FFE3EAE0000-0x00007FFE3EAF0000-memory.dmp
memory/5036-1717-0x00007FFE3EB50000-0x00007FFE3EB60000-memory.dmp
memory/5036-1716-0x00007FFE3EB50000-0x00007FFE3EB60000-memory.dmp
memory/5036-1714-0x00007FFE3EAE0000-0x00007FFE3EAF0000-memory.dmp
memory/5036-1712-0x00007FFE3CAD0000-0x00007FFE3CAE0000-memory.dmp
memory/5036-1711-0x00007FFE3CAD0000-0x00007FFE3CAE0000-memory.dmp
memory/5036-1710-0x00007FFE3CAB0000-0x00007FFE3CAC0000-memory.dmp
memory/5036-1709-0x00007FFE3CAB0000-0x00007FFE3CAC0000-memory.dmp
memory/5036-1708-0x00007FFE3CAB0000-0x00007FFE3CAC0000-memory.dmp
memory/5036-1707-0x00007FFE3C900000-0x00007FFE3C910000-memory.dmp
memory/5036-1706-0x00007FFE3C900000-0x00007FFE3C910000-memory.dmp
memory/5036-1705-0x00007FFE3C790000-0x00007FFE3C7A0000-memory.dmp
memory/5036-1704-0x00007FFE3C790000-0x00007FFE3C7A0000-memory.dmp
memory/5036-1698-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp
memory/5036-1697-0x00007FFE3DBC0000-0x00007FFE3DBD0000-memory.dmp
memory/5036-1696-0x00007FFE3DBC0000-0x00007FFE3DBD0000-memory.dmp
memory/5036-1695-0x00007FFE3DB30000-0x00007FFE3DB40000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc6a192e3042a96f115e2d9495f4bd58 |
| SHA1 | 9de32b3f16874968ddc7dd7bc5c86dccc3d8da50 |
| SHA256 | 09416cb5015105f7d4633c9d3231ccefb19e92e6bfc559a1e997c844d5260484 |
| SHA512 | 2c1a0dc72dd916109e30e74c86201b822c3742dacd65a8cec0843301c9e7bfc51960942ddc34cd90a0995a92d3fceed1ffe6d6a2d043e5145f4875e043b5351e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce5d5894fc93fe8ee08788cd85ac5986 |
| SHA1 | 069c3d5a25a5686fb6c1b0af041abbbd9107f63c |
| SHA256 | a85c9d3e23075e05bbe49c25a19711f5aec68f3d23de18887a654154f2eafe53 |
| SHA512 | 5f104ae9ec8d3ac0039dfab5c8a63f5e500d1a04a25bfed623bdfd9a374dd48b44661268dedb26b6e97ca091e109c754e2f8ad8e063987d471bdb40ae115e5bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dbe0882318ad901d4d50e0043c667a80 |
| SHA1 | a8142f10cbc163dffb96c9adfccd1163acdd569c |
| SHA256 | 1fe42910a933c08e5bab791fed2390a6d34d5f26cff8fdb372c8c420ae6c0601 |
| SHA512 | 15807c33c3052293cce0c34529b9d2043d1dc16028741a2d974b0dc6b74d0352ee3f16a71157c78788e0d016ce97440f061fcebb38c79e3e7d6975e5d37477a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | adc71c6a02971e478e3e17cbb337930f |
| SHA1 | fe203662a26c06e67cd9af55b709d0aabaa2dde0 |
| SHA256 | d64eeef7d9031c4d563ec4bd7e7cb4206b3a1b3a32ae4d84e58086c68a8232ac |
| SHA512 | 64df1421ae46fb204f1f3b87b5b5f9e04a54950f8793de92f9aee7f395da0c40784db3c474ed2d9cf5212baa5640e29c0a9b72b9aefe035a875d8ff65db09eba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8e032cf46bc8a86806d32ab4164d5de6 |
| SHA1 | 2613aedb0cbcc9f680fc775afefa9ff2a6a1fcd3 |
| SHA256 | d42140af0d6381152a314f6e3b74f2c6b533f0ad72cafd2a103968f2df8edad2 |
| SHA512 | d0b081759b7a6dfe4fff72b022a5d93922b58db2cd262df00d7fd9997c9bddd5e78ed84e6ace01fd289ec43cfd0583492d912085102b40297fc807bdb8573ccc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b7284b27d4bf06a00afeb116a462f534 |
| SHA1 | b5a72d54dceb053c9430682b49000ed3195e086a |
| SHA256 | 1827f0d888511a02ed8ab1edd384a1da0e477b4acc7b2c20ff48a5bc87e00daf |
| SHA512 | 188cff987520328b01c8f33f9416423b22d3df7a57b4cc9238ac4bdb2f8be6e2a182293ef7f5ce5ef1b2a61a20b9bfff07b649553b9d9f1b61918afe94021ac2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 79509c850106c0d918d16e45bc1f0aff |
| SHA1 | dec2a0014e7813a694f257351fd9a6f3663d4cbd |
| SHA256 | 425149b7c086b6080bfc88f51ac643a1604a291dfef2e97d031ddfd3f29da5fd |
| SHA512 | 7af3ebf2f9d7dfb6714493eb8fe83e4012c6cabdf8f21d225af713aefc954f6755e4e9987959d82534b5fbb445b62c360c49b209a0a5419e203e1f5d870e8cda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 72fba7a2ee9900a3d6b22af14e019938 |
| SHA1 | 04cdf1aa48725f60b4721441f8b2434bec1df107 |
| SHA256 | 5e5b7abe469e698f458fcda1d7abe9f6cd3b9833cae2e0917740a89f6c0e3344 |
| SHA512 | ca384cc51140024889ad7b65cf824351b0078799d8aafafa4fc931939a334a0251faf595f03fedce8587eb45580b332e76822322d07bfb37a5c7aa299c315dc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd97319e2eeb8baaf65d7ecb3c57add6 |
| SHA1 | 732cc6bc5206f2da9a1e8da202e16cb24352d2a1 |
| SHA256 | aae563a4dba95d79f7768057dcbea78d797a58902c69e7c51243f9df8ce035e5 |
| SHA512 | 10564f6e9ce51b091f9d41d64ac46dffbd2c43d6c2a98e76c582abbd76d10497fdc1bfd93ecc792d23c982a0248b4d1ff11cc18ed54dd83fff585e59da5800f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 23ad378e4a6cdf511929da33674485ee |
| SHA1 | 88d9c6eab91ffd842780cbe4860c5c4f26f8b71c |
| SHA256 | 772edd841641de347549d5f33a53072b551c34926b8ce7b11ca3a097752fbf7c |
| SHA512 | c79c5c4f053168ea8ca79b618f2ba4ca074d214f0e85a1a230cfd19a6e955730c6a2a87501776e1ac000f18fea625066d5f7b91af55550c20896b8320d804679 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 432fc402d2f2cb47b9408b5b4a299b03 |
| SHA1 | 755dce0a6a08410ea87528550ec406eda847b45d |
| SHA256 | d8762c40aad2e6204ec7a606f9d82c6710d8af417c7624d4b0c7a2ed138623d7 |
| SHA512 | fc27d1a85b866a22b9bd5a0c2ba0c17ce2ca36e08e2bb7ec41eee0c1ed1748d6a8797660e52dc61233ea67e46d0d8121d561967e74084f15b10b0e59bb9c3524 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 803da545f02096bc70406ccaf4f0eba3 |
| SHA1 | 0a9fe91b62d1a769d018b7c19d1874fa9a138879 |
| SHA256 | e18fe2699cda8c4a00bec5a96754b211084a7d160715783c05b4bd2ebc5b53d9 |
| SHA512 | e3ae43da1b257e6b4d7915ed25869a4ea810320d0a8ddab26f204246295537a7899a2296a3d870c9ece61097bb924fb511edf2c9be54ab4451b1c93657b87c49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 30c5f60b213ecd153e6485720a44f389 |
| SHA1 | d6959fb07167b18a04b19adca82e91e9e4c401cc |
| SHA256 | edd7ed6631c44fe99a2b72cb620bcbd2dfd9be36125b9510a924ed05923f9b90 |
| SHA512 | bf005026122d2b059c820bda18e102345e77d4cb4e282a7a17052ec2ebae25a5edb1064a16e1411ac1424ca1c41eb15eaa768a88e5eb9d7cae3c57d279f4fb2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bf59a8f830181fe8bd6544c40f08891 |
| SHA1 | 505744ea8c8209e985a4a49edbd5a36cfc8a408f |
| SHA256 | c8612aa27852e7d69b69fa8f8f2517d01d21ad58dd349b183d4f7f7c5abf1131 |
| SHA512 | 953741c29f7e636f2ca38b0576008cc9325bc32e084f5f12b98c15c8b118bcf46669adeefc4c941c31f9053aed386be3bc8b7fb2ae7f48040150c87c1b81b711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4eebd2b35490cfb36ccd4bf15e6f47c7 |
| SHA1 | 408ab36d1cba604d0fe58c7c82b6288316ea66ab |
| SHA256 | 2e99ea2c276bc751de76eed14c269e9805c96b54162f59879bdd23616c1a0e95 |
| SHA512 | 197bdb720635b669667e115ade390c037fc7dfe5354c7fe94a6a266aea1ade299bf6ee78ff54afc824402ee86038dd3f112c2eaa9d94c49c27a2d4f6df0930fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 094c42cec6975a32b839d5247030924d |
| SHA1 | 9962363ecf08b50cdbfc022d2d6bcf0fdc2dec68 |
| SHA256 | dff8965c21de8da0beb823cc9ea7e679e7631e9be379971c1eb5106a75c646ba |
| SHA512 | 575a5f07806e820ae0075641f863aadf8e57f02159124d7e0f1de0cb911502210e65a998ec94d121953845c5461220527a7ccb6bca3143ad37bab1ba34cb1445 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 857b901297add73c88b36a5108178d72 |
| SHA1 | 6fecbef737b33c36f4203e6dc884be4f6e3c54d3 |
| SHA256 | 5381afc914e6ec00e857206837407f2c4252569aaca8457ce774f7b5ce40a522 |
| SHA512 | 87d061f93928d6321b2803628463599918027b36cb05bfae0ce6aec49739b21e034bcd142be7867342dacb88862c05f82192f84c4b7bda0d06715bfb509b5029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d5566c11fcc8f54bab110021eddd8024 |
| SHA1 | b6da1a97d9a636e9325cc3a22548f9e1d1d12ec6 |
| SHA256 | 16fc1fabf666098fc2909f1f7962e936978df46dc2cb3e208ef3059971a90234 |
| SHA512 | 559b25745189ddc1a4536a7d71e334873ccc67b6179356bf02eabc1a379bb37f6a1495c32792e83306eb6352dd762d06fedc3811f5d438c50f01de669ebfff7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5213f7d6de3044ec7cc4115831d24b10 |
| SHA1 | 930f4a259fe6c9710e5735699b1fd0d62ea70478 |
| SHA256 | 673b3c143477bddd51b15892c085737517a6e0b2ce000f15a5bb9becff5cebfc |
| SHA512 | 015a9d72579641892a542cdaeecf76421deffca2a441392b2e1830e91596c490c81e3f0cc4c24b92d12f4f5f72baf84cc6ee5eb8cc4b091d74c027bc4a76b599 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e505d55f042692db1682168086f29c2b |
| SHA1 | e8b2dfdab5f6e8788cb086ed6a1491b5f16ae344 |
| SHA256 | 77275ed8db16b262e58fd170e6e4c752eee3c4bbc2985b7c4b5f936b7a215b1e |
| SHA512 | 9d3889cd0cc98969140d17cea1f1ceacdfd113b14c69601d02ec873092dc064f6ca8403d3f82efa1611bf07c7175ca437592524058dfb378c2be1bfda21e93ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e0f1a0700247c2351db13a61d69e4c72 |
| SHA1 | 5711223f5a4f319e226f29bf8b861cbd1c955449 |
| SHA256 | acc0f98072117838698d9a54f707aa3e6978c101560794bdc335942c30ab0788 |
| SHA512 | a2104e9241261ba37da7f2f7ee1a39105b437932613c88e637f5da8f23bb46ce4f360b445dd8f9a060434e8c3e722b4ef7637b88d4431f2a5e7ab799b6cfc600 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 16639b4ee9503f836c37f21d4de1b5b4 |
| SHA1 | 99bfefbe39e6b180eb3e9a8194a883b2dd08c0ab |
| SHA256 | 03abf1a3197d30b89b2649585c2cf40ed81023ac0563c1fb47ba6bdd65838d95 |
| SHA512 | f1f20e305ea3e5cfa8f8045ab3d3fab9c6bdb17c3b85e1ea4d7056c7ec84408d8883d101ca423af669e85480944102e4b6858ade84e1a301a35b5c18118ce7f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df31b987ccfc2ed01baa82806a464227 |
| SHA1 | ca83daee51f7358ac8ae066c5b9a832930cde701 |
| SHA256 | 8825bc18c206935b49ed160ea29d9690344000df6aa761e96a0ca65f5d9b0352 |
| SHA512 | 9a6f91a95c1eb30ebdba0f60617eeb5decb154b7437297c04e91c645c689f625d97e4be249b6440b89249c2d660346fc0654f40cfbdf86926ee8587c03a1284f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9df05bf48f45d22f4414624871c0dfb0 |
| SHA1 | d903629b818c6293429fad9bb06bbf1077cae90a |
| SHA256 | dd27db01578278cd987924f13aed4b950b2a5e51f9b3b2522a54763615256df8 |
| SHA512 | d9e37d9b272f66d93b9f9bf546376ec42bb3b3f361f808e1165dada7c54d760441a34dc9ae1b2b4c1fc8489d66c7e5ad83fe4d29d14f96927debc67e5230fb3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ac618d10136d7396fdc329cfb8ac9657 |
| SHA1 | f8bd6f1a0d18541b243498ea443ed01d1224febf |
| SHA256 | e447ba0a5e2bc9772ffc25daa562c4a779a4e794fd11412bf4170e9e8318f646 |
| SHA512 | da3e7ccba05d387b2582dfd5963d418d171308b07d085c1267c4eec472ed8854acb2fcf720e62722dfbe3002190136836be76aa70b99b2e8fb44580f7e8431c6 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
| MD5 | b18c705b3c68cc49d9bf3649abc75c24 |
| SHA1 | 6dc8963dea0f3185368790dee2a346301b4fa24c |
| SHA256 | c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa |
| SHA512 | 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28ac91bbaec5708b724939cb7851af64 |
| SHA1 | 2c101e720733723cadb324db99f295aa27cf1f6c |
| SHA256 | 807a288c68e7bc97093b0d9fc94ae4b4bc8b1c58d9741ca6b3228aa72f91f97a |
| SHA512 | 1383a87f9d56c7bef22d69adec5da9b12938004203ac083d68449749777fa04be825778452d05f395d4a3c3a87158459b8fc7eafdb9034b856a1f9f3c30c4e79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f1d4c9e6efd5e73922dddd5608c902db |
| SHA1 | 0945698daeeae5bb1d59b37b6528249f7c354c2c |
| SHA256 | 7ebc2657518fe6f6c027dabac2570fb015596a9256672760b9274b50f47c5b5b |
| SHA512 | eb056f35582587da6171055a7dbbc7c8f46b8ce1134b19aaf484674a1051f88ff25e4b69e7f0c40ce746ae740b1a74d6c607b46952f6148d132081647f1afe9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0b1aba9ba21874d216fd0d69f8c1120c |
| SHA1 | e8e9146b08ef086a8dd3eca197e835019d054ed6 |
| SHA256 | b385d6080f88a6639e822b1d64548864521f947184865a3913a5002c957e5b3a |
| SHA512 | 9e0d278fabdd577142905e246e6ce1d2a28afafa73c1a64fad64ade6c907c2ae1920f3623e46e802316ad88d720a5ae7225c81820a9717ab70dded7f04808448 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 28f39c62ad0ab471927e33fdc8589ab4 |
| SHA1 | 67c375c94f2b2a03009b3d726d311ba857291bd7 |
| SHA256 | 36d2b960f799a71bb327fdde96195038192831c34aa2b0b4da41543a7102c914 |
| SHA512 | 4aad9c476ef3a1a4f68555d9ddbdfe9b00c7bab61ecbaf0e5ed4950fe8715b513c76cd86f0aedc6537296e4dc306e09fbf0cb84b0cb93bc832f0ea4cc509b4f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99ba7f465143b762780f991f4df5555b |
| SHA1 | abcdbd436b1325969d5d2718ddc239d1b3f70a34 |
| SHA256 | 6f4b2a59ca70669acbe0a86cf45fa2234ed5fa9c651f3bdbece5b03a962d40e1 |
| SHA512 | 1acc5d041b88b1bdc5b45a92fb569e5bd579efd52f060e1641fc62ee47bf39a20e2031dd96da183f2d05672a472871fdbb9a5170d17406a8f00d1a6f38b6ff50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 939bb3df0de3dcdfe878556dba8d83d0 |
| SHA1 | 565a6af5c1702e703cf957045b229f22976148ed |
| SHA256 | 1713c724b5ccdd7200aca582e5c5405e0be8482d524728b19a2aff250c9cf888 |
| SHA512 | a3417f51ce75a70ae911f61bccd37b178dc3e0e2a6bcc75a56b61470ce43f753372284b5bb6692f60686fbfb74b99af1396a09b1114fb40c51c4c67764ab81e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e4a510fbed713ebf98bf8e8cc703368d |
| SHA1 | 16fcac511d2a379b8ec328c44d6fcd47c5e05b1c |
| SHA256 | 66ecbc737b1dfea1af14f5b028dcc2426f4d5e02128dea4bade98b7bab9d23bd |
| SHA512 | 0bdeac8ba3c83f634e803cab53f39389077ca9d2a50278b224f0722e4bdec617d68e7d4b610df15b10e79474188b1632fc240e4f321e6cb41fca0c7d83ad203d |
C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\AppSettings.xml
| MD5 | 431a6eb20932ec1c56682a1f60d231d3 |
| SHA1 | 40bb32db040cabade103c21ba5b6f811dfb0773e |
| SHA256 | d5de39863fe721668ce1e115e0fc55a7c733747daff6235d27dad3d160c84dbb |
| SHA512 | 0969b9484bb7c661d4e0452ff1c77396796333904b39f24c56d5a92ac4ed4ebde9b8981a985c6950b4af2852e8d9599e071a51ce4f9ef21ead778a2fdc76fcec |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
| MD5 | a3bb286324d5eef600b140388f5ef9b1 |
| SHA1 | d44122577b88039cdb6182c05067fbd0c4e7f175 |
| SHA256 | edcec40b7a831e3a244727e0345f8d770d9733291b64597761f80a6b294127b0 |
| SHA512 | 23112ff9e233e8c4d80ef65fd29fc343cc9c217d14bccc3ec3f39b4a1d16cb01e827d49659a226979a1099e6120ee32b217950182b5b249c36111971b9b7168f |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | 13f5dd5e7bfd567b79ac5a61794c4451 |
| SHA1 | 1c865bc0612843f4876e8f5b218bf260d6a35125 |
| SHA256 | 673a578ab78b6721ddebf4198175b8fc88311cb5f11d0efb5abb7436acf517d9 |
| SHA512 | 263359a891d0864b56aaed3d4d71799e9f2790dc99ca857a618ab19041789c30dc47f47737dd3ed7493296eb918901671fc4fe7a6e72e400582c7d4c8cae8642 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | bb736186cfb5ed2a3605e4bd88831b29 |
| SHA1 | ab05105d2cd9cf737cd25f8af5f75364e1d51ea8 |
| SHA256 | 2dbd3a96b5c1e3735ab0b3389f87f216133152d0ad1f5cd5eefe40a56db318c9 |
| SHA512 | 567be5b1053a7718fb7bcc7a62195b31686c4f622ee3def098a69d8fe7d748f135f4370108ad622efd25903fddc999dfa82d2319e0804aee5d225ec69b20e649 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe6f62cc.TMP
| MD5 | 30274bfca175168287977b8e984938e9 |
| SHA1 | ffb1165e90e53d51b9b3ccae65c1ee85e5717ac8 |
| SHA256 | 000c395dd3602a413e67aa91577caaa235dee3a1e6e70b6bcb34f1815896d8ae |
| SHA512 | 1802e7764cf717ad59492c81b217c4e9754da0b8461822b0ddcd14dd95799bff1b0c3291288f4c74d0511d9e6f6f05225317a4b668f313cdf8971a6172b3b1c7 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | d1e82034253085b31940df772d0ab1f9 |
| SHA1 | 44a42c81c8dc2bc282236c3fd00eb08ca4bd4fb0 |
| SHA256 | 520bb574a01a94cdd0d7d02a3130409041c5976a062e43aad4366b4c7d6c8487 |
| SHA512 | 4c517b2a5cacb8394b4fe074b54f4d6d911d0cd4d96bef475548bcd29ffa55cac7546fa7048ee67c494e9cfbc739622b2f16cdf5cd0a818935f180067f1a86cb |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | 0ab44b55581e9e92a9ceaff886e45b96 |
| SHA1 | 8825f07af08d94aff0ca5a6c94de7bc2fe6390d9 |
| SHA256 | 67d6b84449a0635aad602dfb23a732051dd965b8ee1ea46872aa88a7d58c5d95 |
| SHA512 | ea181bad5b30b8510f248328bf3dbb71196bd6864ce22ab60aa83b95a396d8a5cad3c0b6824c85315991624b1ab8df0ce17d33d64006963da993903b49e78136 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe6fb89d.TMP
| MD5 | 8d980ba4faba8d3131a1343e121a1c19 |
| SHA1 | df8f6ebd6c2a33c20e58d0c9b14498c64553b2a0 |
| SHA256 | 9a95e3fdb9f715421b779b7f5a474d6c03e2a03654c00e19c1d41f56507d0915 |
| SHA512 | b24daff4f2599d467895c41270d41849bce3e7631007bbdaf9bad83bd46303f8f1ebeb4ff9fdf6e44dbaaf9780fac2311c26c96b79abbb58928223d30da27d95 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\bbad343f-6056-4c5d-a4bd-0282f4b32576.tmp
| MD5 | 1d27dd6240a70d6b7ab5b86d0e1f7579 |
| SHA1 | f1a9a594c2ffcbe611b91446ac312e9061fca7fc |
| SHA256 | 065b21e2cb5abddb036ce271931ca3bd02ea09aab099bd19e293f8b2913068ef |
| SHA512 | 2c86b7a5ca803e0371a963a1db35a387871477f52eee6ff7b846de4846c0ee09016073c174d060675dc3622f151d63475559ba142fb4b1ab10ca57732a76dd6c |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5eca534315adca7f5b8e2ace611cbf4b |
| SHA1 | ee8d5e18cf7ff26e9034acc4a515e800171f8c4a |
| SHA256 | 250aafb02fd90eac5da77fc9ae2065ec3c0506c6b0b9f294acadb980248c3bce |
| SHA512 | 347c87f0b16eacc46ee6b87e3cafcf9dbbaa672735c4830cb39d72f0561f893d12752afdc15938dd9861a4be95a41d23bd8f5815f88747fc6867494f12c6f159 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 39b35541a71ef41c256783b1b65ce4fd |
| SHA1 | 5b0af0bbe83201219c34b59873d422deb76b1d4d |
| SHA256 | d1d3170e8996f67b80ccd30aa839709a56f92d4e79e64bb6a9ccbb9c0b143a01 |
| SHA512 | 81965e07ae1b7907eb01de73a48a1b5a1fe37545b87cd812606c9b630d29b2ec88b0eb74229a3a3572f7778391944fcc729f928ef791938ae82e79a2eaa223b7 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\SmartScreen\local\downloadCache_
| MD5 | 47d41a980668e9bfae197488d6d56feb |
| SHA1 | 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d |
| SHA256 | 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43 |
| SHA512 | 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c5122dee5f7874927d9273eebefdd8a4 |
| SHA1 | 799c047bdc7c45a8ebff0ed02c44e22b869e250a |
| SHA256 | 9e6fd696b0401067be5897a7a07cbdfbf9d1d1732bf2c40bb0a4e675dd87d15a |
| SHA512 | d2674d4a91b3767fad273615d94378659269ddc2f66baf868935d3aead76c39725e355a43beb5804bdbe54e7b5d8de8b9eab44621030ae4eeea337d7a31dfae7 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | 967bb5a9db2465212bbf346f08a0d1c8 |
| SHA1 | d11e8d1d25c28262093249bcf424c79709812b49 |
| SHA256 | 212928a954b51804aa188763faaca19e5bfb370ba167abb87235e547eae74005 |
| SHA512 | 92a868558c04beed25148c6cbf13fbd3aa47cbd684f147a277a69e8def9a2dce346c9bfe94396d28b9b3d0bdf089f04c6d9747b517c5bdc2080b3ab32b790bea |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | 6bb4d7bf3f64df7dc13bed2a87bc6163 |
| SHA1 | 85bf5c8b356325e0265aa49c6532474209ac80bb |
| SHA256 | 11d136da218f3024898e20da59ba5c8776956e763a7b1221fc75e748b37530c2 |
| SHA512 | 53b1b63fcdeab693a627e90eaf8b2199489e4243356548b8892f6f4454cb3ccb4eadce919539a5db7b7b3f1b91dc215f84fa8e3c7d2c1987d7e78369f8c1eedf |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\temp-index
| MD5 | 8a137df2a053b1ce5f41b845813a6497 |
| SHA1 | 9f0c936bf1ade71e6963233d1f5564ca5f101827 |
| SHA256 | 81a74888b2b80b6ae5720ab96726978f412378eb2e6aeeee5b38eaa1e14c371f |
| SHA512 | 54308fd1ffb6080892a237112af631cf4ac11f1291663c7cf1f5fb0aa81bf6ff59a7ba50590f7aaa23bf0d2ac68209636d1a553db3a9cd1cd0c518a51d8081f9 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | 18358e6a2f71933f100cfb852e1b909b |
| SHA1 | 063b1251e15b292b77e99f2121bd99e82d08862b |
| SHA256 | 66974d005581e9d02599c119a7e6b28a08c06e7afebabd2116142469532394ed |
| SHA512 | f91cc2ca5f83c53bd69467fe070f148d3d710288b5e418cc51465e6feb5070e35a7faac727d161434e27bcdf689fc8642a2c4e2d0c359c54a74566d0457d5f4e |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | 9b03fae05e5f84358673618d8b17770f |
| SHA1 | 634a9ca98627f9c0a6a5cdb9dfe5d171efb7a6a2 |
| SHA256 | 8e7b4e39c261d7c1cf0397dd97588b080ad0235badfa6eda2408646e61c3d36f |
| SHA512 | 4635ea42d885b7093902e4e15a449ad24d73180fb203b9bfdd2fb9405c305cbdd2ed9a9960462c81c76319efdfd68bdd906bc6558a5a2861dd311472568bd2af |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe7076cc.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | 8a18a30f7dffe74df2a2204a73679849 |
| SHA1 | 2fa800567af60682d9284f9b99ffdc5e75dce880 |
| SHA256 | bcc153abac3c7c234e124b3a9ceb44490d3eaafa01d143e829023738612cd346 |
| SHA512 | c93466796d587f7f81c7855bc7a9089fad76cfd391e775b1cbce03fd063c9b606ab4125e25c93f412d01a32395a5aeea75faf95c9b4f0a71b638821f4bd2e6e6 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\manifest.json
| MD5 | 273755bb7d5cc315c91f47cab6d88db9 |
| SHA1 | c933c95cc07b91294c65016d76b5fa0fa25b323b |
| SHA256 | 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902 |
| SHA512 | 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | 2cd2405561feee59bd02c57ccc2f5506 |
| SHA1 | 2a00c5e7e5a77c26b0f40b8abccf546540b7688c |
| SHA256 | 518186e1e5d79dd3382080f5845fa0854e6465eb5c62bfd41f3651cf9eb0377d |
| SHA512 | 21dac3e1e778c86b7b6dc272d3eddab0cd3809cbe3a3cee14acba66409fe173e9f6a9c4ac0eac4cfaef7ae5cc6149efdcca23c79da27f6cfc975c08cb324a809 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | 1a5b7bb4862a7ecf1d440f34612245b6 |
| SHA1 | 2acef60fcd9539d25950f4a6dcb21747aaaddf18 |
| SHA256 | f93487d0c81a3f7afca1acffdc4a9e2513a947d40d524ffcc53df3a5f5b8224c |
| SHA512 | 6358fae24a31a3ae4caef3bd578ca2d6e33020ae2ffbc434f9b2b1f7d43e43d715d9e0b52ba243f7ca35929b589e588032b6a5b45bb7d0d3fbfa8c5267ac853a |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | b869a3c5330ea2d5548f566b56e2029a |
| SHA1 | 853e7aa940f8a9f47e1c435075a1e2804b367058 |
| SHA256 | 5ea378de96fd69fb6154c093ddce3867f4b8327647da2609c7cdd7c39f93f279 |
| SHA512 | d9a100502d7e71079b3c86c2c6926e9a317fb7bb19f6099e159a7130a52e895ef204953cd9331d191f864cc68209bc2638ef8d252fec78789d2c386532eb5a5b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | cda2255357f0e61db157d2521e61f0b2 |
| SHA1 | 0f235ecd403324a03c14096fb0643de049e5ddb3 |
| SHA256 | 483647716516233b327725ae5be0b4e95dcf9bf4b695092646b5a890d7d61c7b |
| SHA512 | 31c4e242567c6409db59b86eb290ba12524ff74e4faab3dddd59bad403fdd4ba95bbc13dc0d281a60f6d2d5de4d515d42d4ccec8e675bc0545950fb4cb0455ef |
C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json
| MD5 | 30c7b2bdc35c650d2b65150241646816 |
| SHA1 | 94d466a5f5159784155b6adcc9555bfdae4710c6 |
| SHA256 | 0784d39379f0a4f971777844ba07550aff31a3d5e32ce1d1eff6f4c7d49b90b1 |
| SHA512 | 8d51ef924b6c8f46a7ced69f188f2ea583ef3feb7fd84f51a8af8810c51e5099052e2c1513f15ac6fb83fecbef8c984fb4e124ff524c2b20a437943dc127465d |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
| MD5 | 3f208f4e0dacb8661d7659d2a030f36e |
| SHA1 | 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff |
| SHA256 | d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b |
| SHA512 | 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6
| MD5 | 719b1d2d8267467ddcb5422942fccbf2 |
| SHA1 | 96312adacb10f08125687bb0bcad4ae2e5e286d8 |
| SHA256 | aeb56f5295cb1d6a3818f973b775896cf8d2d1fc79c98eba8427ba483c63dd9e |
| SHA512 | 7bfc16e1dec18a37bf199c301fc8f5588292b6578bc30831dfa84626d1eae090594f2d81c6ef5974cc60a7667cc25d0a4e9e86fc45d89fffa77bb8594dea8390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7
| MD5 | 74c83bd5206ebf63a1462ef4f9e736bf |
| SHA1 | 6e83a43500da60eea23ee03455436afa5f7d177b |
| SHA256 | b1d95e0ab534726a5a17106bd4e1a2905dadfe58392d382a597feaab1230dfd0 |
| SHA512 | 5369a620f3b390ff3b815872c66976046e1679936e2aec806cbf2cd17f70a37556a3e152f7f68776cc4eeed49b5bc0656e59aeec9b709badd1ff2cd671ed0353 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ec
| MD5 | eb9b9d13d9938962a6989b856b10de3b |
| SHA1 | 93c061e52f3ecd5a17a267b39ecddcdec65a8aed |
| SHA256 | 62f2b43295309751c8d80b6324b4610d7668be3dbdb0bd181b0a465d96417632 |
| SHA512 | 6199f5d80cf9a51e99d15d8337ce00cbc7ff5fa80a1e4ed77b0cca5ca30f920efbc69446b0dbbd407653f6aeed66827da4ef5ae9b1be8c39e4a68eac2382d93e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8
| MD5 | 7344f0e0545698a4bdc66979d1b6eb46 |
| SHA1 | 6ee182ec6fab829b12371c97e2361d08402f127e |
| SHA256 | 3a960bc1251da2e2bc0f89fad127dd518271e36ca4fdb3392d7f5ef90af51857 |
| SHA512 | a935c906c41900f757eed3e8d99086f0e4a686b85126ea195bc9b9b8efcc0976d5a5ea9a51a8e3f969dc9aaf6803d5007ae6a0cb4e664f7a45b7b1fa2c78139e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ea
| MD5 | b9ab54b66a0e3a4cf03c8507a471b71c |
| SHA1 | 7f167a471937d0f0ac86eb9cc0cef87fb81da63b |
| SHA256 | b8789a8e470151afd941458941aec7312bc04771da0e01840205ae2ccdd89f13 |
| SHA512 | e1b3dbb86789c3bb794456e8a748163622f688cd6f747811ba97df1068d94c703b5f58923ffee4a7073164e0b987a8100b2e5ec90ff436337d4149a1a2c52aa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000eb
| MD5 | fded1bf03bd4c68fa56819da3a58ae72 |
| SHA1 | e65202543881e38eb7dd4de989098c80885884f3 |
| SHA256 | 859ce0c802f3924fa307b3107450a6b5fbc62de10fe788f665496bd7e372f5ca |
| SHA512 | ad8867205b60104f902c747fb87d098849ead449bfab8bb6cad529ae618688871b964d2183d08f2bf552f701c704b929d677ad4a00efe3e3d1bdb48e3d93b593 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e9
| MD5 | 5e02a9267ec2ed055d0e373c3e7673af |
| SHA1 | 31b36d3536eed29e0be7833672aa77d74e7828f1 |
| SHA256 | 63158626ccd5bdbe96b2f27bb9fcecd736cbca03ea63cb7f64ab76adc30dddae |
| SHA512 | 13fa99a4220065cdccdb6638f183540049e9b0c893c6b6fc683d26442b5f16a7282bc837f5863629e6bbfdd6593018d647e1116e8ea6aa9a68a836b0acb70fa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ef
| MD5 | 97e5b866bec9d75a7f2201c3d6e3820f |
| SHA1 | 6e46bb93ef1cedb1053d2a800bdb8526026810cb |
| SHA256 | 63a73730756dbf969d3ccd943c866088de36819ea33fb624a13aa04ecfd59f7e |
| SHA512 | 57a013573cff70b2cf5c38fbdbae57a1f834df0c1eb41a722a30a2222b754590a2c8710d45bb044cf7c671f7ce3bce0c893f67e6c9458d514f0ef922cad9e2e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed
| MD5 | 7495393be6bc910e7199b7187099ea7f |
| SHA1 | 9b316d89d38c6b222ee138f4ceae01a0bec2234a |
| SHA256 | f6efe4a9fcff95301e28d878edc64181fdc765f19ae2c2be5f476ffe177a7cc4 |
| SHA512 | 15e827864f51c48b33ecd1f31401044a22e82a3f1b09e020269faf2995e85a147121d54bd76854eb585de898f049ec68cfca61b7d4306f65709a4308f78ce453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0
| MD5 | 3e63b6591c42393a360f8ff574499488 |
| SHA1 | b90a4f50cfd4c43b51c91b735f1407d24e7ba640 |
| SHA256 | 85a584b56443d379a3b4f0a7f881402e7507d246bc199e23d26e513b2873b0ab |
| SHA512 | 86f4d1d76a6b50653b53dce0e815fc40b89e72c5a39bc19f28a0c5e07455ca3ffc884664c83a9449a0a77c83305f89aadb765317631e6278ff67d4ea74e130cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 444f42dcc5bdea21719e5a0cb9519de7 |
| SHA1 | 53d64f810099ce6be9a9b3ab1a1070c916cde883 |
| SHA256 | 0f811f8e3234f50b95e8f2e6363d525925b636e9124b256bbe99718615b9b752 |
| SHA512 | 75d9ca8bd0191ea220ca9de643f63daf1d59af2bc19fe05bde35b83c203f6f01bc90edcc6fa82ecfa270089c31d28b0919648c12e90e1cc4e4c70f125a60429c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40d1f72db5572eeb3d0e7c64b4acdd37 |
| SHA1 | 8680c439f47737745351df65fc32b56d4a7a246c |
| SHA256 | 76d3fae714e12d3b88e3ad033d07c1cdc9d94fb7b5dd3c5dac57123150faefb3 |
| SHA512 | 79c20149c25f3797394507829c227456fd1d4b64c2387a556de2661c4198913d248918f6bc783ad661b712655e4f32d1a976c8c2a623ff77d70078c9602a2cd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fae675306574398f53ae9f5618f9b8c2 |
| SHA1 | ff69b43c16e557fa3729357becaeabf1fb776be2 |
| SHA256 | f01c48eda8ba246c7dee7d0e1abb8101435cefab084759fc9cdc233b62806966 |
| SHA512 | 514948a436fae4fcd58c90c31ef8874baff52553951d0095af338b83b87cf8ae600b7a4fef13b1abd84e855345b235a1946943562f7af3649878444daeb1f45f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ee92fe055f6c928e03ced28e064e3e6d |
| SHA1 | ca03be8a60aebc5ce2fbdab6d7bcdbd628cc64c5 |
| SHA256 | 6809f7859fff46843255bfaacedf1390a01140cf3b1e5e026e71a6f69fdfc5a2 |
| SHA512 | 549ffb87a7dde98343a086fe8a9ae752c40bf411def3453da56dd9c5c06beba4b2f0280c316508e781199f9431ad4369212cd8be3000c793c694464d40eef5d6 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5d34a1f5416fdc978c6e0c7edc7d67a2
| MD5 | c76ac26f80988d0fcf03874d625b86af |
| SHA1 | b04a5e95018f8eca571daa4077e66626b9ba0de6 |
| SHA256 | 3dca66141315cdee30f7604013deab2fcc1dd74af93f9630fb700b7606f531ab |
| SHA512 | 23ba1357212eb135ad87fcbb81bf73fcf2e189da34f08ca1cccd40d763a856e9ca8ce5514af395caeefca2b0dd3a6fe3b8d43e060c5baf5139fb357fedb90a59 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0cbacc9a3c6aa07deb13db83f658936d
| MD5 | e3690a37568ee9fe7f191a17a47e2146 |
| SHA1 | 476c939e0ca065001820946509e36ac2842fb1fa |
| SHA256 | b8da756d34febd98745815e7ee643c49dfdf1adeece7fbdeda22487c06472f28 |
| SHA512 | c7b777cb3616fbe210b58c1e2395ffb378ffb36c2fed3af8c634e7d39667b9b433386d1a284f936a1d4e10e76c7a678e97216fe801cf95a0fc3fb313fc4514a3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ceea000e430b7c9714bd62a61ef5eb0d
| MD5 | e6bf3b994b7bd85aa47c17406d367d2b |
| SHA1 | b18be2803acd9576aaa72bb19116b09680f0cbd0 |
| SHA256 | 92638ea5cef2b20242923fd21757df86c8c434ff12243d480250364b8480f2fa |
| SHA512 | 3e207bfe1b30c981fb533971769a4051c0c87ffbfcabc012606ec939c5b66f2bf59cefeb85c2b903856d6396584b2c96472965c11d90d6a1ac9f59b29cf3d664 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1aac6bdbb2642f3f23fbed64d042c3f
| MD5 | 2c65a49f36fbe81aed88d7626a0112e3 |
| SHA1 | 832fc429cd021f288f5ef9531e7dad6c9c6507fc |
| SHA256 | eb8f138e67962a5c7db64722b78454da2e3c3d656ec8d72c9bec566f10a942de |
| SHA512 | 4fe7c7a7e439f6b43bc13af9291994ff913fa65ab1d77f162c97b18ae505b1c46ffb2c9236b7c9010580b095526a58204bf182aa5d476e3d0a006b2ca450d181 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0f10b6865c21c904e29f52a54a31f37a
| MD5 | 38b25c1089062288a7a9a8876138e465 |
| SHA1 | d7dc1955cdabe9a50ef4f6b345c9012e3efeb56c |
| SHA256 | e39aceee4952e730f1a101894520b046ff21156ebc79c0f8e070e87af20fdd29 |
| SHA512 | 198469bc9aa03de2c29b322cee7714a67b1b421a8fb0b6ade7148f54fb5ea0a37f6afe5e80f052f41815174363ca2b2dc8395534c624f0f87d2f7a0e9d773dd5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3e2504bf31b5aa0ab48a8ae5f1dc5f1e
| MD5 | 6abaefefcacaf36071c43e9dc51f1bda |
| SHA1 | a562a7fc46cec9c90e86fa570267864ef2249a20 |
| SHA256 | 55941590b6aff4d570b3531c493c14c46eb687ed9e4de19200de1681987f75ae |
| SHA512 | 5fc4b6db68c03630673789ec5f5d017709e5a9011f25575c0e428f4a21c30e1f6664faa9e4ed456ae79c7ea0fc45db30b8d45ad9b4e2e94f49b27c50237872c3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8fbe2ad68bce1f4933b291c365e04e75
| MD5 | d6a9f27b18ba6c1cd064cfee32420a8a |
| SHA1 | 3eb4fe70132f76c96bf7f951070f437ba176fc40 |
| SHA256 | 612baaa3a5eeebe00562f3ecd4490073f3313811613ead2948c1626128191506 |
| SHA512 | 1126e9b53315742eedcb4e28bec6330c03cbeff2d311c9bca1e8280720ded31b6ad7f4f4b6899aaf23656ec46b19fc2ea6566226c1fbb1ded1c3790832d9fc1a |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ac0ab8f16fbb1afe5c7b089b5d5698e6
| MD5 | 5bff0b6da657e8e4ed652a4a5faf57f6 |
| SHA1 | ad49b5a7c4734d26061b0eea4496fc41949bc5b2 |
| SHA256 | c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f |
| SHA512 | 146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\cb8a45c1430998ec1304e4c79176816a
| MD5 | 933b1f5dc544d9868d257d80e517c112 |
| SHA1 | a8d55f9cd5f79ef7f6fa1ffb229d8bcfb30ce348 |
| SHA256 | 51a66f59fb6018efd308234879746581b50566d967cf1fbf63fd3fb6917f1295 |
| SHA512 | 6e03ebecd629ec937171a7a2d11a88c83c0267c0f153b86194683fc967f0e1c827e6393a39af735813a1cb3fe2297cd6582d2f7578355e797a5152dd92d6e600 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1a1d7a8fb35b007494a82bd5304ba1e9
| MD5 | 2414d644ab2dc0d3c58d8546b4cd7ea0 |
| SHA1 | 77a854549c69f719657f5d404ae9391c705d88f6 |
| SHA256 | 28be75fd24c5225fe212cbece08722d92c4d2816e5c3a0051294826a5fe79458 |
| SHA512 | 02bc18971dd372438e6f93b0db0e29a2b647b7e1acc5e8d8321f73857b746c5523e7c720ddadb96363664fd5652c30d5e396f7128813dfc0c30fe7ea4086a229 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e0fce80600a43748c6cbc0ac23f6cfa2
| MD5 | 3bf49259291542dfee0f89d587c177f1 |
| SHA1 | 22328c74fce75f7918f6c4b3ca5ad9e1921db437 |
| SHA256 | 971101824fc41a26f9b1386d72750a69298f4725f266edb3c93b21f9600d2916 |
| SHA512 | 20366e5775f42da8e313d67ace54bed3b2a010a84d9b3422276a8b544186345683c00663ce4f541c9890f906344ca3400015bef988d4ffa7dd4bf1c38161e271 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b80d47fd48f8d137ca2aca87e1d00059
| MD5 | 7dae317d3e65c483f462a48cee3002cd |
| SHA1 | 330c91065d277740b721b723ffae4e5511e8da2c |
| SHA256 | ad244e68f3ae289677897bd171703b8ab65bb03b17621b3c8f61594b906f8b78 |
| SHA512 | 966a981204a7979932981d8870704fbe3d4afc2a0306cf149117eeb30a54debf852c8ef04fda90fb2d1d1261daec60db390a4c9b9fa77740d14171335384ecc9 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\31e8a63e8fa08c8135be1c5384c3e0a2
| MD5 | 1221a85cb03fd45c001ef47af9935e7e |
| SHA1 | f209b998e8972ecf158f58270244b831d107ace1 |
| SHA256 | e7c79bc6240600fc94d67a9c0e9c1f563a3f30698d7cae3d19b1735865835d4e |
| SHA512 | 2e6846a2ea3bcf0892703f3f2024a0acdf277251c55ad9c65e61fb5a8780c67ec707d42818b3d98103504dda9984c109ec0f8e393fc063f734bbc7bce168ad90 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\175af5595dfe9780b5b7b10ecb943336
| MD5 | 0c9078c249c45630688d2af7e0574c25 |
| SHA1 | 8fae18c0c69cf3a58abddcc9a55fba6d81aca2b2 |
| SHA256 | b0e7f0945d5de86014379ede1d9a9528a8c944534ab33e58c7b3be1b5706500e |
| SHA512 | 24e0cfdac58bc3714541bd39f6992bf0a4bd4c47e492edc40b72d045b4f06573d582d9f4e50e0c23f964ec678d857752caeec6a65ef89b70e2ecbefe749b21f0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0d8b0fd3715ff57ba968ae5740d39a12
| MD5 | a3366bed53be5f4fed574fc819a07072 |
| SHA1 | a79b59561cf06c8a209fb701567a67376d83924d |
| SHA256 | ec5c1697be4eba9851b9a413c13e1a94f9846f6dba1d8d0fa33e1ca7292e8030 |
| SHA512 | f8424133bac79bbf7547bf7076cbaf0bd0767f220778275c36878bb982bb69bfe64aede42d67c9db009047e66bcf5eb9604205f6b0aa9a801f6827e2034399fa |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcbcf8ab7914469e06c8fa6ee80f2201
| MD5 | 958ad6c1423022b1905d452d8772d16b |
| SHA1 | a1c5aef3f0d7550f8a9ac31ac1e295696477c02f |
| SHA256 | 8965deb3f4a35faba9f087defdbc2fb071e006f283ee7e6b1ce250c6ec12a49f |
| SHA512 | 5185a342c83ca7770ecb1103d95d061cc17c80526f755ebfac53305947b09765515221ba65b43a98eff3860e47bfc7a15f51e67d0636de7596a6859ff20804e5 |
C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json
| MD5 | eaef4b677b2babd4fb7b29da0f065bf5 |
| SHA1 | 655dc02137cacabfeebb0705832c3378062b1598 |
| SHA256 | c5a33fdff10981930005746e120f5cab8bd1321ea949ea5cd1b2e34a88f7aaf7 |
| SHA512 | 7ddab6aac206bbd23350667487335e674466d66b3f0c425ec3789a62749bd6073eea1e1f5785ca539a0b7e0bbd8a83605191508d97c8280644088cc7d8161aa3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\32c38bb4f4a560d621ab93aeb6ca5d7a
| MD5 | f7b60787135cc235066319d2412e77e0 |
| SHA1 | ff9e626cfeeb124bc95d830d20e13b15c6427c77 |
| SHA256 | e815d7145b898343e81a796bee29e8a71a678c9c3475a7b1107cdbefeefb6152 |
| SHA512 | bb21ace97ed300299a276844630c2b30aa0aab87a3a8684391bbe37a0ce7761c82011035f741cc1f596136043f1871d16b0238249d3b943b2c08fdaab8c0d762 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5b794cd8b1447c984ba301aa73a6625d
| MD5 | 2740a9a1a4020c08f3ae9fce5509416d |
| SHA1 | 371eb56fa91013a45a38486d5d77ccc12ad03990 |
| SHA256 | 239bce8cdaa04b7e91497dc8fad14e5af36ebf244712d7a04e37c2be5a0e0a38 |
| SHA512 | fbbad878010bb317d5ddc6de48c87d838db393fc52c564555883d07e62b77cd37a3584414566977fbaef792ce0d2a00cf851ce871e880d1cda34357d2fd4682a |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d8b4554062d011287069393d07af8706
| MD5 | a0c28b8252eda35f15ff0931e1817ac9 |
| SHA1 | 3fa429b9d0b8926907abc63b81a301bad2442eef |
| SHA256 | ee880812bbf7cc1f00cb363632e9746e7342cb5048765c483d56f4284e555a0d |
| SHA512 | e49af44a8fa6e0c0fe4a5f55df2910ff43a6a9360d6e0ba507375487526fa4fae8c974763e4bb757e0907036141123920024adfb312f9d53703bf6d45a83956f |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1daaef2a5ce0ea927443fd099437bb55
| MD5 | e4a239995837749223ed2039a40a3a21 |
| SHA1 | b1cc97f9ffc3a367dd3a55a1a3342d59cb610403 |
| SHA256 | 36ef28d0243f78f746ddc7abb74563980829c81dcfb91abcdaf6459bc7d374af |
| SHA512 | ad81fe4cbaed589da0a3b97c20e7e5fc0deabf5910b1c41dc7d6e6e8b8f22486f71c9577886689739bdb87e34b330ce43cb60fb2e3c1305d77984ec78cc0879b |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4dd9b09ac0d9a7bb380a273db7cac4ac
| MD5 | d97f6e22eba42d95c89cfd439f36c1d4 |
| SHA1 | 3a439aff0b80708f6510643f70997b897500d2bd |
| SHA256 | 25f91091126b2855bcb9c2daa26fec21fe7cc6d25319925a95a55a37cc840b6e |
| SHA512 | 52ca405f845e8313b0a04657eaa9a22d1c4fbcf758d5796d2deaf41c7ed6abc28e3597dc1f5d803c009360a63db4e686e6622fac669c252b09d2a3d8dc451e72 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\9fd0b17a3402934b24f3b349c8d753a2
| MD5 | 59e7e73fef4a9df2680ff8fe1722014f |
| SHA1 | 2b9d42140ad6207b1e3f5cf8d66b345109cb1098 |
| SHA256 | 05f280e512673a8f1358b88e8706bf5a763727dc16e8c43abe1be6129a820b57 |
| SHA512 | 49edc88448345ee5bbb1093bbb62bb49b0ac3c1c0a29d4a862be76845fbbacff0347ea457d66e40f721dccb8071c18e4ca7f41cbce88d57a64a02ed400f4f783 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7948b73360f27446739cb67376a2d7bf
| MD5 | 6c261f23c63795849eba5b1ef6f17cf3 |
| SHA1 | 464f91ce49db8b5546722bd62c4f59aae33dfc20 |
| SHA256 | e4274c467ca592398736e990eaa97a937f209768239400cd90ea59f9e58a27fa |
| SHA512 | ab6f671b1939df79ee60a873148a1763c06fa880e2f17a23c9e09c5401120873167905e49be3abaf546b9fee33096b76a5573a473b72de3806c38a128ab91ab9 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f469136d50a09240f313e4f48b35b40a
| MD5 | 81927a5a1612202db2ce511c62ced773 |
| SHA1 | 4414e92b078a515ca699a82cc3bc64a1e264e4bb |
| SHA256 | a8a2313bedad3d93a06ce01ca1abb579013d083e2fec866cc22342713b7b6b2e |
| SHA512 | 33918119fc071674aac79062c0e4bab978d04cc957189cffdb8c1bb1c7add1bf7d9a0ab03b08d9e997bd8734266bcbc7a312b316f8303347e2aba876022e7cad |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\78e2b6ce1224c7617a6a8c90174aa783
| MD5 | 22b25a819c414b6c626e5306888142d6 |
| SHA1 | e7d68968d0848af0e5203409227a1980dfeb4a0f |
| SHA256 | 275eacbd4554f5b0e4a4266514243c661edb1e4eea694a2fa01ac20a531dfcea |
| SHA512 | bd04fe05aedb2cf10fef09648566834b019d40a6ec8532b19edcbb2348059984dbd5c04d6fd9579dac55f99a6b4de820cda159256d236450b0d0a51594e3b15d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5477b96b8c7694aaab08397c539323cd
| MD5 | 74efd118f986358ad4cde9a57e61dc32 |
| SHA1 | 0cfe0335bb35298456edc9ed791e019b70266c31 |
| SHA256 | b973558fa71e5b3a07fe6ca6180c5bd0cffdb343af3a0d2e4e4e89b40b194ee5 |
| SHA512 | 357ad98fcdea45563ac733ff39aae16b103a1327a063445b6febb89616a61fbcd140c2148eeef122965cae78c2158bb39bd3eacac6d6c70a58546489687dd733 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc27c501541df155b6fb12496e5bac70
| MD5 | f635924f866829484247044f991b14ec |
| SHA1 | 39c6f43e94e4b0d0ce9c30da5b78aab7fa5086f5 |
| SHA256 | 30b18b2546442b630f0fb8c6a7c26419a9a73988e8e1a118dae5b7241e98074b |
| SHA512 | ca145397fe454c2623651c9ccaf86fd15212fe83d758fab2f8de35e4ea00f8eb8f58aeecb2fc95a4ceda07c9bfa960ccc29b1a56c2bb317c94297c24a366be68 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\706b550a2be783fb6e220ca8181485e5
| MD5 | be4a508de308b15bf9c711a769ed61a9 |
| SHA1 | 2b980f20a1466d2f1508bfaf8dc2a2558450c1d9 |
| SHA256 | 0ac514138710cda19cc114cafa8a3fce046654dda1cce0915f525c6f5ed0b812 |
| SHA512 | dc71cf06e2466f17b843b96fdbec856b3b67df95105895597e73fad455340d4237f1b7cf91ac2906efb9efeac89515deb79a045859a0651420edecabfef8cf8c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcece68795e396ad03d6e2608d740126
| MD5 | 0ba72ed050100e6779ea0f1c713ac441 |
| SHA1 | ff585cbb4b671bd3a04f3bdb2512a896ff07883b |
| SHA256 | 0949d1f525ea9da560f02a0447eb12a33ac6db673e89754b8f3d230e24ccfd06 |
| SHA512 | 22c09e80f4af164d94ef40999572d2ce35bfb1dfacbd1762b380c9685889d515ed9aa064db4f8ab6746c8a26ea4ecffef9337014293905abb2f0cece7344b851 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\77b3cd784a40d8349719b23b5c0e414b
| MD5 | 05c43f778ddcf81fb06a2fdfb4f7624b |
| SHA1 | 616dade772feb66bb1b8dee218c7a5a39d43de06 |
| SHA256 | f4a00d60cb52477dfdb2eb264470e5daffd44139c118b73c80e8fdef16f9dd45 |
| SHA512 | a2443c678bc019dcc50fd7a49d5c19dfa0c45a7c43fffa24ca225f0f24b6839865288b2fe843bb233752fe59c712c54bff8d9b5c4e8ef5ff4ad8ef20b053feed |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c36700f9b5f405f69b210d702f6087c
| MD5 | 94b44243d9e420ff19ff04f4e434b83f |
| SHA1 | 04687ed0f779c6873da97da0f16f042b2b459b69 |
| SHA256 | f76c45b8c4831588b971b25431b7b85f529a7214f99103ed82b4c2e97d9919e8 |
| SHA512 | b7778206ef730254f469214ace61b13f7031d0c4c751b2988decee93dd5a6c8336c40974af74b0aca6d42874d54e23dfcdfc743f5d633610aab2f05e948bea6e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\571e70bdfa73e0cdaa28fdbd2ca19ddd
| MD5 | bd289aae66f24d373fe9d4388f8ba9b2 |
| SHA1 | 4d248d4f9aeffef2fdd953bffbacf81ff3ac8554 |
| SHA256 | 78561a946c48755de0fce9695d30ab82d9e5dfce2eeb0ef6a0824282bc88a0d0 |
| SHA512 | 50666175b0955dbdf933302016675f035df38deeef6b4a0e8d0cf40b6e3d2c3e4a089a5b78d75015e0048b2e7f91d81b69857004d55436437d3fa0754d1ef8a0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e526d6628fea4b1243fbb953bdf85ac9
| MD5 | 3964c0c8b23c560175f4b299e1a9605e |
| SHA1 | 6c155c8a5ece5d5d7340ee4ff0fcb730e4d2b0fe |
| SHA256 | 20dc4a3272ebc6ff5edf0494d9e6e2d06c690bb079a36bd04e074818f16a2dbf |
| SHA512 | c6f53903aa3a14f3187bcec1afba4b5b07c10ebef6dd10a710f400996f2214703d29d58abff6e7e0025ea91a78ed2f799f69c542bea006dace570464acf90d64 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0af1ae578b1c58a0e785712d31028c1e
| MD5 | 4ffc139d6996c3eba2d40053423d07fa |
| SHA1 | 6da7d02805c626596d055c20cf084aafed9b9768 |
| SHA256 | 0445b87f48bfd12bf0dae91d8dd7c20ee924212b4cc8be782c0a54193546f43c |
| SHA512 | 5af3417cdb0d099add05b22090b5aea9ba39069c4704d000aa323b859e47ea67328f616ab03b7b878ef8cce0d528ac0ff5c0f8fe305175b952e840368e0d4a81 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\848d350916ab0af9758cff8167a2aea2
| MD5 | 0042d3425d57e55a4e8c899aa911012b |
| SHA1 | f260334951b11b4ace9af45974e365ecbc6cb9cf |
| SHA256 | f312918dae9b5ebf3028f14575ac8bdb78e7f152061fc59d0885ab7acb3e9581 |
| SHA512 | cbab405431b5a95ae3c9d3816b4a1c4d4a07cdc4dfcf64d0977ec80533a6029329db101ac36361114288fa18c769c85a3f238b13f63d2e1e83ef4ef64ae45521 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d132016b6bd0b89da2690c24749f6ff7
| MD5 | 2e2350147bec3587e3bc14b7a1e32c2a |
| SHA1 | c275f45e728f71d24ac6d8b496865c218f972b41 |
| SHA256 | 7ddec5794d779b1ad88ffec41f00c793f21046d18c930328d662a3c2d1c27d84 |
| SHA512 | 670d3893ab1503dea9437b61b2b1488238d84d3703f94b74b5c20bb7bd26eaa0479e6d3d91319219bae1c1c357c6807101c5960ee2f29ff48475c0e6d9ac3adc |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b39eb4053e10b7ff21430e80432eed8
| MD5 | be1dacdbf4fea39b16e7c11e286b7205 |
| SHA1 | 28ae9237170d6fa225c54e7a36e35549d191d450 |
| SHA256 | 3a6d14f833f7da8ddf3139d42e41b2b83d1ea0d4570db39d9c10dd98e33da800 |
| SHA512 | 72cef9e399c0652a340cb12dd239cc0dfa14a2c832fa63f76dc442308ee9f91b41ddff62fb70331895716b61fdccd332f75c0ba2003f818900e3e6f260303176 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\09f04b99b82b262e105a232e97395311
| MD5 | e3a0c050904f457b02b36bfebb1c0b6e |
| SHA1 | a611605082957d8eb5dcb83939e1b6bd3d870bf7 |
| SHA256 | 02c51e5a41d473f8e0befe8e5fb49073f0dec0ca88ee83e0e6a3c0ba3e18d399 |
| SHA512 | f2b6b3a7c193a951feaa1d5abeaf52316773d7895284e806f7267708672f6a7baf37191a244d2c044c785fe967d416353ab83517b28932b9e521172b89e22275 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\be241f3cbd5449b0c30c651c4834e3da
| MD5 | 2866f1aa81a7f9c354d34be6a58aa88e |
| SHA1 | c470d8ad431f9876d7966796a503c15440a35345 |
| SHA256 | 38baca61b0de1abef8c3a97557b6e246fbf9091d1193e3732f6011508e5f0a27 |
| SHA512 | 1af43841070856ee4c509080c286285ef4850d9dd8507381a5045ed748ffdd09fc32843c0d18aaac70621a8ec88064f0a3b74036cbdfe91be207594f55b24ef3 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e665da7061b12f952145852fc21ef7ec
| MD5 | 4cfd979bf14b07dfed01ef9a3b1279a7 |
| SHA1 | 2e7aad8b8909d3117bb151bf4d34b608e3ab9c56 |
| SHA256 | 589b00b0a2fbada62af8b7daa8755ce68420a009bf6ce7a53e0865fcf262f94f |
| SHA512 | 79a25e0af653d6ecb5fd1908c3652c6fc8ad3d0cf1e00510801bb369728dcbe3c5e1e66f73d058c511320badca3c8ea82f2baaa5e0682f304235b68f622685cf |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d5ee01099db60480061c57d9831c261
| MD5 | 839f812fb19680ae8e62c2ebe0355e4d |
| SHA1 | a256751297a9f82a082bc4d5ef08d5d9d89a2c17 |
| SHA256 | b414e1186136cb1f46c6cdc69dc5b637ac5de6a390d67cf25907907c61b364a4 |
| SHA512 | f2209d8bbb8f7ce1e6b675cdd2da3a10bb450d50b4f73a596fc0639f201999f32d3c1a2418e0b92c918c0a667a5750ef122e4331361e0022b66a2fc5e489e5ed |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f9cfb35c8f272d46d504f99d9c00054a
| MD5 | 5a67e8e85c0ad7280e9f1ca86f138b77 |
| SHA1 | b9fc6b3311df7710e1251114946b93a72dd5d5d0 |
| SHA256 | 09e7111ea12f1236be9b1da699f8c93eb68127d0a98f2ceebfc5c2d7b25f0ed2 |
| SHA512 | ac5e400ce21e5e2503a11642cf401ab5ad4e625a01ac87f1711a02a415fc924556d0d3e50386d17e29ec20bb99b5d3a2d0496dc2ac1fc1381b29774b826cd9ad |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d27efcc314894472628caf798daafe01
| MD5 | bdec8723e953241ac3edc46458a6ed7e |
| SHA1 | 783605b1587b096807a81e32c488be272e0ad581 |
| SHA256 | c31b000a001faa6e08026a24043899ee4941371ce464146a9c78befc2a796e4d |
| SHA512 | 221cf258c9c88c857e34fda1da4290c67c3a34459f86b828ab968f5e57b2be53eb4f7aaced83151576fb843a7f1166c267de0efb116740ab2ac2b37ca0cd4d93 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcf8e7398be5b1007fef514afffffa6c
| MD5 | 864c04942289c1dee2c1aa18ea77f1c0 |
| SHA1 | 1be7f1b6c2f1472adb9b34fb6f7a51d3d1ba161d |
| SHA256 | 9855931b8e0500c6753d77200447963d1981fa7f7b4fb34067bfedbdec0db442 |
| SHA512 | 6f3934ea3ca2317756e45bcf065abae6cf34ab7c24e1847023ecee8e404294420f5cc978af2afcea986bf160eda88c020fa1b799f5ad75a5e3991e7268192dbe |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\697aeac1e8e025f05cf4b76086fb70df
| MD5 | 749deb1ff197b5082e2b07aa55a33d31 |
| SHA1 | 08b4d7441ffa13b8dc3610d74a56d8eb11d8acb0 |
| SHA256 | e593f31edc529b51f9b253994d8aa93d8ab0bc8faf433e737b0a09e80cf2784a |
| SHA512 | eff256220d72675ba4b23344191b963f7acdce9743af8be81020e2a74662d2f3f1b2735e686806b73198463c550b2d18921840271d515dca0b2d4ce226954d0d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\90d821a0b7efe2541659a0ff6b31b88b
| MD5 | 6f0ea4b31f2f55764db79b43833bf83d |
| SHA1 | 2522c29622377d611419babb3eba2e8cb13fe0e6 |
| SHA256 | 08f380d19a3cf8307b098cdb5e9992ed1d29e5d15226340758a1af3cb4300c64 |
| SHA512 | 6a5437574ce2db6feac98928a22c7002ce526501335ac00444190febe302dcab5f18ba33a5ae00bcd83f469b5f1cd356474c8cfd31d9992d186fdd0846db5641 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e385854d0ae9ba50e28a7a5629fa28be
| MD5 | 0c889bbbf77ec231120674d4843ee0b4 |
| SHA1 | fd29658b2fa416059cb30a6729030b6a6b125e92 |
| SHA256 | 5006fa1587ba1da5b7696daea22929c490049bc0f10661d9c79322b0a647efc6 |
| SHA512 | 504d43f9104b8c56ba12ae9533ad3554858ebfb4f5b4b8b1692ba339deed831a66f5441a1e4706015cc59f4de4729c0128fe7da2c8c3d095b2993e92eec378f6 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\be58ec8ab04ff195247b1536cdfb3d44
| MD5 | d1d2f476fd075d55fa0e77b3c507cb0d |
| SHA1 | 5976cdae821737161f6debcba500a2842f988f8c |
| SHA256 | 650bcfb9e1c7855d2b72865695c2f4d4212ccedb53584f089c26e2087cc65d41 |
| SHA512 | 958c07812ae7e89143874ce4effb112eed3bec3436fc0b71ee70de38298130d08d89f6bce42d2b0696839f67be260791d121e81f46a4935f3985e241aec7b0df |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d4f8d4ffe8696350702fd146346140ac
| MD5 | 084a09f4a178b2533a56610f28f252d4 |
| SHA1 | 70c343a804ea4674a214d5ca8e24bce33cf662f5 |
| SHA256 | 91b1a39172d8f6f0c98a2a3aaf8c137b29dcc4ed4c1bb4a3bd449dc16fb45e97 |
| SHA512 | fd8205ea2edc70743247666bf8ff414ef6038f6ec03bfc7590dc037024ca66eface1f3cc559511919058754a5dfc2224ca04368ed31df8aa942a7d9022b93e5f |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c9d72083ee0b41e11170f5a9845c3060
| MD5 | 92e9669fc7c748554c057eccb11a97e0 |
| SHA1 | d3fd8c1e136a2ebed238d95bfbfbf3ce61a385b7 |
| SHA256 | b29195912662d71be85e0db741dec5ef005d744d3aa0913dad8ad1e51c3aeff2 |
| SHA512 | cdc3a1b4c596fd3c9621e53887a9d503205a0d5f8663e1ee3366129ddbfa83f2b15bedef155eda2949f24d1df615ead664114310e3d3dd03f9fb2d95df2e29b2 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8aad44a486e1e94cb992a6a0e230f735
| MD5 | 451b527070f0cfb1431ff5052642059b |
| SHA1 | 6021d49e6b87b9ae8fa64c3cfd0180d625c7d761 |
| SHA256 | b9391062d160f5bd861cf7e5ecda919954e84a87eeb3b000bf9b93c068057c9c |
| SHA512 | 3ec22e77061670685a576d96cc3897473d11c45c24e581688da54d8700b186d3583ffc23cc2c3395fd93af36afc45083058a2bad9cffb1362be8bf4edb20cef5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\aa3db4232d83f97f5e078c526e25a6e2
| MD5 | 3e1ba08877dd32fe4178a730b0ea5e19 |
| SHA1 | c020afb22c7cde0c77a9d1d6be18ac8f1e62973a |
| SHA256 | 1a6447007e90d27fc71fa7bedef2219bda30eebc33447c2929e4488315e19641 |
| SHA512 | bad57ec1a48f686fbc5842a291c95f01db413600828b198b55615857bb1e50e4b3b6031d5896c8d7b9d6753c290c0253ddb83482f89c7fc348b8b80194a07286 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5105c207d9317b50c40470887ccfd3aa
| MD5 | 481555658adb9b672941de82171b343c |
| SHA1 | 7937e7bac46ac99e1897c00285fd23059828dc12 |
| SHA256 | 5069797f8a4b926fcc5bcdb668c1f67ece5d5e8f05d6f19a260c55c9a67f289b |
| SHA512 | aa9aae6ac82a3e320ce9c1b83883263d547a82369d8f31d3db0ce6d6bc5cd07ef96157ebf234d6e31b40b32e276c233f7c2c0856394a70d183bd64e03720737d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6443205f8638cd85aaa1caed016b8ac4
| MD5 | 20db412bf509b564fa765bbc0b917fbd |
| SHA1 | 938513617f173454649543b7c014ecc762ba5b5a |
| SHA256 | 8b7281d0d0576ed2b73ab842080238d7e006e1524ed48f423f61a86cecf3ad40 |
| SHA512 | f6c54fb0478c2df40776125a920621a1789d02239a78cdd3de8eb83a27a00464b2aaf8714776897a4b3ae5488da664befa604ec836fe12010a046d48eaa519a1 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\73b0a5d180fa4202c3e9365c3d577fd4
| MD5 | 2c2e29b04e1f7144017730d5b5ed8b87 |
| SHA1 | 8a36310825cfb7d8ea6fd487afa46dde29147199 |
| SHA256 | 6026fca2672513a7a42dc67687850d630434b2260621f77ef5b2634486048d5a |
| SHA512 | bbd5097d544d3bea8b5e97f3262a4f7765b13d5c742c9df8fd07e6a56e7c021a41de575dc1c24749631eb1003db0b9548c634eba7d6d2701fe4035f0a5880615 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\77fad0fb4662c6b81630ee443153aceb
| MD5 | 183fe999017d5e5654364c0d8fd895b8 |
| SHA1 | 64cbdd4bfac3c60803acfb2871a9fc8da27d318c |
| SHA256 | 3622ef17da158e25761124720a642153fb6eee615b54da286e731ca2920216ed |
| SHA512 | d5026e42d343185e14360a292c6d13131dbdf081ba44960598e12652d99d999b4f5c70c5c02335596d18302b1cf64128a8bd06273237a48e2cc4eb0267d12307 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2da892c80dea8811c616fe5e0e6c010e
| MD5 | 0dbe0b49a06c4093d004ec7d44303fd5 |
| SHA1 | 2bac861a6075854f8dc8db470558936c36201aee |
| SHA256 | b136004ec10d66b813386e21fc6c5f86d37071e01e8a82437676902eb3e63e8a |
| SHA512 | 1d306115aa97102b5d68552b591f5faeade373ff3a718d9f39dbeade32892e47fd921cd78e5dd71e91072476e5ad933ff9659ee5ea1d07133b55745f00c22828 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\251c7269a8dc64cf406e8c2d5f5cc688
| MD5 | 7e7342c1c2e3602906a1fd64acde7735 |
| SHA1 | 357de58a6c39a0fe4d7e4c13c16d8c1d25f9e649 |
| SHA256 | 24a5a23ded1de17bc3170afbe5eb7debbb47f0ed7b2a4b5303bc899e927a99e9 |
| SHA512 | c6313b65687a5ce03772ff6f1edf761aa91f07a29f8b61db7edebf1beb5c548fbc53aba721ede32d4c4bbdd31361dc724c676d41c06278904291579d25d93202 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\afa231f024ffddec5f9d2963d20c450b
| MD5 | 64c05df26d12845b64880218a48e1b3f |
| SHA1 | 6ae26e09d6c23ea9ba5ad92d3d40790948b36141 |
| SHA256 | e41beb094c8bcc0d8825e031ec9ca5b13e45b94f3c93601c31c10955cfdd8da8 |
| SHA512 | d6925cf4d6eeb5275a7c008723410edfe1dd24b9097656e8573f749864f8fc7c61dac61b05230de13a7b9b7b866528c04adca85ad83e8e2831c43b46a70d4c27 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\74f7241d43fd3efbef367cddf2de0712
| MD5 | 1e996f012273818bd88129d26108d8f9 |
| SHA1 | c193db2eca6d190e929375e617f45790cae442bb |
| SHA256 | c7c8ee23804c70ae96b1399c2f6730543f10f7678f5e3ee36fcbce97245aa8c8 |
| SHA512 | 40ea7f36824cb96dace8ff41b1e92a03e0f7e61cac33a3a81c81cba12714812504554eaa0f4344d30061ce1d89f231ab21cab164a008e1f68d18ccfcf5525173 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\993f844b48dbb84a0eece0b1d1aad326
| MD5 | c05764b76e6db0114c1d6200b56a3588 |
| SHA1 | 5f96252b5a83e5c0810e4ba604dfc433ee449639 |
| SHA256 | 427939d6cefb89facb6e71e082e42ed184f0883db715e0bd8ca832a316150430 |
| SHA512 | 4c6c06afb99e99d6a7466ba40146b7fd02f83de16e5c89acbe64179860547f42dad0562b2a281706cfc6acdc5558e8fba5647874ff15d2778f3f6d8c1cd983a7 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\83eeeca932186715a9107df83747a179
| MD5 | e7ee77fadd485e9a35a1bfb4be99691c |
| SHA1 | bf1aacc9fe769fd1dd111a1009473db1dcac7399 |
| SHA256 | d98e995f0160e551443de0eba015bf29192aea408469c2fc2d9c93a5c1c82cd9 |
| SHA512 | 3ae849a12cabc409e435da98308db2ec0b86f8fa8624a23632ab0ea836a0aed001853eef600bb99f67f8f907dbb641c9c6bc37bbf959dd12c1bf2ad9c8147460 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\28c39719e7218d9c2d686d4daccb1b72
| MD5 | 25a0b3d9ce5e6e1cc4cc7f4cdb328273 |
| SHA1 | 4d2dddbe9502a5373e6ea99771bb1de6e828b95e |
| SHA256 | 013275e837c61c631932167d47d5d9b838ba8b9863915d39f06d8ba4914df147 |
| SHA512 | 20df5153edab7085594382f80b5d7c6afa5f2a84741efb46961e36331c94369a7c7302c9799676e18aab171cf398dae8f314395c22238de6f8450726c4c992c7 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c677a51b0924e108a9b1485dbdf883da
| MD5 | e1e4307ebd3e7f8280c75be0ccd3b5bd |
| SHA1 | 3f2a56ac3ee57082ebcf4a1ca21001821286e77e |
| SHA256 | 10dcbda8315ffe2e7215b8d61dbd26b0553b438fe94b1bdf005758b1b96d9f94 |
| SHA512 | 7f3ef600e2ecca826fc163d9092bfc10fcca9a9e6206ef29fe5d61902e3e9625bb2bcc07a58ab480ad19354bd0a1c56dd9f13c4e62aed22d87da146252144ef4 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\584bbf8c27b2f156742be22b280cc8d6
| MD5 | 7c0764a501b7f8f1eab14fa7f9337a4f |
| SHA1 | 2e17a9b6d5bd740c4dc91af9311e4a6e77bd55ce |
| SHA256 | dc0524c0d7f9f637466570c86adad7021f9316e42e69745bf8d27081a98f09d2 |
| SHA512 | dba17c07bc4310c556ef62f157dfd3a0ea1a617ffbbc4324f9a046bf47be9a2bd500921bf02bb79d9ac2df1aeca3745ee1cbd7f33bbdb80fe67e1adaa0bd82bc |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4130cf898fa8b448f1568bfb61305e94
| MD5 | 86df60a0980b57864a2e2d68f857e0d8 |
| SHA1 | 60c24af81c8406f05ee1721b374ab8a466d878a2 |
| SHA256 | ccdedffa29231d609157ccf22019e03a721e9ca248eabf12be511b76f795c247 |
| SHA512 | c025bcd3d21ec036712ad8e40afa7da973db770bf5b9b019c73ca8b99202c8e37999e6daaeab3f1c2190f84434a5e4657a8593e8a59066e0feaf38fcd8bc41e1 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b39250833fce2d9f0655b124db089d4e
| MD5 | 639a9c5f588be3e48a6bf5601215f027 |
| SHA1 | 1ab7c1d3d5df21a05324853fb235b848945c351f |
| SHA256 | 4fd48841bac69eaaeaa9c936347395f5eab6fd4f5549d65cf6fc541884a4b2d7 |
| SHA512 | c3aced88385dbd9b10841f72c422b17cabeca80ad11af01222f8901b950be3b42467851d5ef61fa3a1d92f7977724926f765b8bc594655e93e116d04223497dc |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5ba3b6fc7c95f933bacb9db38c93e80
| MD5 | 0de2eda8831ddddda130102597e758bc |
| SHA1 | 0fa49f0691a4ae61e422a22b07fd4e5def0ae5b2 |
| SHA256 | 2d60885d3492996ffe223ec6dfddb240eba00a9e03ac0506d3489edc4822e1ee |
| SHA512 | f466e1ea3867fae7618b76a2895cccabb0f646f54bf8c4cb6cf6a5c2eaf4b8e31eb4f8b42971ee53c929241d9f40af6a684647cc09395cfd709774503f274b75 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\388a60aa5e51ff44455d359825078031
| MD5 | eb62ee1626b44f54b2c444a487ef84fa |
| SHA1 | d3d918dae048e4ee9c9626608693d69c4c4ae55c |
| SHA256 | bf2f079ca21684f382d094af52836d83862c93800e8e054c2f6bc0838c442d86 |
| SHA512 | 68022f2ac538c51acc24065480cd23670efff68d56a4b5dec2c28316726ab82c81b48fbfe76c44f32dc32b0af75fe3e203aeb40610f34e2e5d75bc684f712381 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\477a618fe08d138e560e0c8eab9f3583
| MD5 | 4f9c826223fb8d7fb603bac0b294a706 |
| SHA1 | 44a185bf8edbfee521dc92ae012e6ed18cfae3a0 |
| SHA256 | e12f126277c8b35c48dc15cb2f37850ff5ab0816e5982eaeceb571c99bd17502 |
| SHA512 | ecf987dc0d416a7fb1779289a0bd9ba55625abff41491ec3731fd77950e91d5b454b17573be388766b20fc630ee3f125d37feda44e068d2ed0cd2a87be021fda |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f1c2eede7a115f0fd9ddcfae03372516
| MD5 | 08ba91e62331009631f755289dcf7324 |
| SHA1 | 03786d766cac0b39437b98cb61e65c25d16325bd |
| SHA256 | c50ad1d35d0b3e81ef6780da13361923d7525a39db5c9cbc6c5344a0bf5e1380 |
| SHA512 | 3fe207322d4249f92893d0eb7a93f455374849ca583dd0fd00c79790ab7bc7f0699fe16de332b767689e0a104fb272992ddc37e002b6962cdb6c66a63618e3d5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc70073e6562a1a0cb99b092be4629f8
| MD5 | acc9db15cdf0932e73bfd20b9857b80e |
| SHA1 | cb6455b641cdaa693de88e9b0d1f422744faa35e |
| SHA256 | f0e15f7608b3829d33eb8e057f31f21e931d9d2ab4814891b11ecf47494c141c |
| SHA512 | 7ca5152691d595acc0f0398e26f82c4cf491bea98f2c81e7a972af8fe763ef5926a716ea44112c2fa257ba0109b8848f8611f071b88902901bdee1d32a315913 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ecc495a0b2b0470e25d688a9077fd977
| MD5 | 741a45f09ceaf9cba7f0ee5b8aac236a |
| SHA1 | aa6b59bba687981191db42af8a8b17dc0fc9150a |
| SHA256 | 92ee9b175404bf4aa4e346ebe4948ae5c0ee7edf5693778a5e6a4a1bed508eac |
| SHA512 | 97cb36fc2281753eb7a42f762c8ad5cdef7c14665214a71f33518f88cff24ec5e91267f834a6ea5ab0206457c7e9c730dcfb4f7a2ec527e3ce48877e2f34be6d |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8ead55fcc97d21deacf012df5c33fdff
| MD5 | 16e22cfdc829405af27279c364ba2f8e |
| SHA1 | 0c75b97959d7df1586db85cd1166f99c65603c68 |
| SHA256 | aa2f6c8bba8aec6b84f7ef8a7d8c30022097b784236806e63da1f0417124a3d7 |
| SHA512 | d1f6695e255f5b7ad498ce177a16591757d5570a4ea45d396f3fa159f5658bddcb7d524c102efdd982fd9ccfa557d984280c27e57484b8f61be512ce994d7964 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c288ffb1fe759d2618c218fa0d2bee8
| MD5 | c914fc7a80c8ebee4ddd7216cb8e63e3 |
| SHA1 | 2e4bbbe23167be5f26e5f3e9f1e1b2409b38e7ef |
| SHA256 | c718cff1df66ac36549451bc6de0535c3f2f9e74b4fcdcea38af9eeecc42a674 |
| SHA512 | 7564812cd051e0970b3d06aa1bb839c8fae5d1e95e23615eea42d2f12b6284d06f2936cedd947e9d4d33c4656fec00494121d58cd38ddaf1ce2ad8be8685d0fd |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\23f316746f014ce443f0b0adb0d9d90d
| MD5 | 4843f2fc4404a016a8a7b7f5c352f877 |
| SHA1 | 1446153b0498dd65dbb53b417d5ce5db49f0dec5 |
| SHA256 | 46ec4647b950351b091ab0bb34d1964bf24b0eb58760175def7a4a1d7a4e09b2 |
| SHA512 | 8d5198bd48be46a6aec5cb5d9eb6e75828f88742f12102a1f5091f9c8b51167fd6db13981fb875b032795b9407fa64cf3aa54224a64008262084dbfd3d98dc27 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\252921e7f19d826cf6778747e86132fd
| MD5 | e06fafb3ee051c215c7118dcb4a75354 |
| SHA1 | c72b3e0f2bb1139344053256bcc3ac48f590174c |
| SHA256 | ea771a4652058a4110a95a6fa24c847e7a50cdfdd711f57e02f9c7caedda7908 |
| SHA512 | 83008fcb8a91bb42f76568773c98e5dcf6658b0d7972d595eb7059b5a598faf80fcc8492351e9e98a6d3a9ddfc17fca742f07ffe4af644d99c087062ed7b14b0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc86756c9d8f409a887054cf26a854b3
| MD5 | 70461ebd3bf0f7a0beafcba1d52417ab |
| SHA1 | 53dd7894e76f0fe7c02f378d7c67107ed4a03d45 |
| SHA256 | e3ef21dd9efd05fd1260691d6dd47f76155bd0b5ef1ccb62ef1e588dca161fd7 |
| SHA512 | ccc18b368873c76fb25c97009bfd17e4456d488b16da511e61fe1dee031cce48bb25d507d7fb1237345bdc2191085bd384ce45ca98a5864d10b65b28650e553e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bbd52b35df5f543d23b7f35ae9e845be
| MD5 | 2de5aeee01688c41f23b2ddc07c0b442 |
| SHA1 | 68bd21cd4284ff390c1f4f5f4b61c9ff3b8f2268 |
| SHA256 | 3ceb6af768ce708d114195ea3521c71370ee69172d4d0cdaeb1efff406571d73 |
| SHA512 | ce845ebebe20efbfb1a0565e69cea69e3a4f3e71289ec68379565052a2e8a3e5ac873b52e74ea26f2afae7ff64c789c348b4b9d4426ac0c0d6547d9f12290090 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\98c582bbf5493f077bd8f59567067f24
| MD5 | ed3f4356a5aa9295ec58f77ab387582f |
| SHA1 | 99f94109e03097ddf835c06292ecb6142c93fdea |
| SHA256 | 60e6db5121cddd5bc13b1019c85b5d962599e2548c347ee3c7d944cb20ff01b7 |
| SHA512 | cc7869759564fe9d5e1580be978727c4b0da340c052db74f677bf7cc24d93da0b837d01ae0199c6404e02b49d08fe47a2fec7165cfad841f1b6fbb1d7e8d7fc4 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6d1b0fd2905f7655bf0108dd4e655991
| MD5 | efe7165d72ce56eef26da49dbefa586c |
| SHA1 | b2441c50e501f7121277d205876ec6a5811c4e67 |
| SHA256 | 4e12e3ed0da10924a1dbc49e464b0b07c017970c839f1c1cb4ecf5a8019d3ae5 |
| SHA512 | 195b3d7954627b571226a4d5293b19dd0b7b565d4b295b494361ed81f3d9e1c193533dd0e53b2ededa326278294694286669095147d769c5de343aa611ab0238 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f40c00885cbd0588eebf8bd59a345579
| MD5 | 9c0241f7306bbf3cd085509dd7840c99 |
| SHA1 | 21c2a9c916d0e537c5662db2acb565615ef79962 |
| SHA256 | e2afaf1d969e104e2ffc22494e2f7e2ec4a0bda49b9de0dcb3bbaa3da9bc8655 |
| SHA512 | afdf2c9a29559645e08604b15f023475e8610f41f650f3527a4c2199fc4bda9c291bb24e2f337e00cfac6a5347fae125d8055f0af6eaca38b92ec408343cb9b0 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\16f7441682caf62a1789b9d3e75ec170
| MD5 | cb94125a0b01b9335f3c3c9a9c6cd60f |
| SHA1 | 85ae6cca4c661270b389c00299bf7f5d81fc3943 |
| SHA256 | afd92a2c0ea64515200f7dd1c6237f18b6d1bd2065296939697d34a3d4e1b0d4 |
| SHA512 | 649155baa2d26fc6afd0496d11f37d9dcb588726806eec89be58faa54fcf3b90d1becf114c4e2f3964c98e93399b87bf5bb87709a7bd9a3540c7ddb56e2da555 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3ca8206460663e9e944ccfb414623b40
| MD5 | 816be237e27ddb79f9fe0c46efa0119c |
| SHA1 | fe0af06e1155ba784ed6ce8b97849eb3fffb5f9c |
| SHA256 | ec6063b82a1adc4187ee0e01f413d4b5ed10277605f741295658acd3f0ceabcc |
| SHA512 | 5ca3c5bca3f5559a500de1262c133a972e776dba7192e6cade152245c0e1118fac41c48a79dd0f15c78ef177294867f041bccd3eece6a388eadcc32da8efaf00 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0407c8d6df198f6864381d3e595ae971
| MD5 | 703dee4351832fd18ef5b85c6e1bf992 |
| SHA1 | bdea9dbbdae401cd68814d9815a17bab6f3870c2 |
| SHA256 | 8fb57fee0d1c996a828a3147fdd9a38e8d1624163dad101e4bc1d44894bc3d68 |
| SHA512 | d43b5dc41be38f5fbe30a51c1abcbbc5c606c9d911dd164b5106fe2bcf0310ae8b641299c5491bbd5ba66433d87ebd17dc8a487d88d56d0ee8e81309533ef0b7 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\852240b4203e72d7bfa66fcea2e589eb
| MD5 | 547ffe689cd0af21ec616bd935f78b14 |
| SHA1 | 36e70f429bea53fc2c8dd76eaad82f7bf9f3742c |
| SHA256 | abf9ebe04321f9b8926304bc16041965dd79405783b7d3ea56d5fc802863bd9c |
| SHA512 | 3683baf37d3da8ac536ae4d2d852acfb49039b3c9d4ab42d972c23e2df6dbfd178a552ef023f48c43c6887161313d516914d26b7cca0c022e2741875d62e38d2 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\06bf3774b39be975c53ba2193da7f90d
| MD5 | 29abb94b78b9a73db28b7ba825833346 |
| SHA1 | fd6da6bc273d4a44067d8c2b625980ab8cc52aca |
| SHA256 | d929c9d2ba98883044b81894da3e921de179d5915e1f92ca9d4df9cc89f1424f |
| SHA512 | d5069ac2996929a5d1622f65ab450bd152130978b049f672b1a9f28cadcf724e317024bd95a11109e0ae488834ab184f5e4b10f6a21ba3329cf056a0b7139613 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b597c88ce139f36dee5c4afd7d80a2c1
| MD5 | f195c3e8ddb6711a2feaad4aec69b8b0 |
| SHA1 | 20b1011f280842fe6aaa58117a05f57cc17b6c69 |
| SHA256 | 9c263d2a5db10ebc2d543bbd0c125bcc5da6c2245ed133fe0abb1b308f343a71 |
| SHA512 | 52ed2e19a2b991880336b6b1694016f4c8e5a5e92a9dc989ab317f7f743f38dddaeba8fb5764826bfd9aa145028a1b3f9fa34a02f39c1e5162aef7ad282b0632 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1489d1b06ae2d917aae075e6fa9b8f7
| MD5 | 5420558b929446bbd89f3d35e72b5836 |
| SHA1 | da46e5c797831b47c4d62fb9321c420c6b0ba50c |
| SHA256 | 12d1d581ac394291754c5b042baec0904c2f3b3be6a17e0a8761b32b6e53d507 |
| SHA512 | e125c8d668b2c73d583c528f6d35bf8a1c9558c594cb3aee98e25eda051f621a6924626d845f200442da65034dd77aa4a51dd1668c07b26611909f76cf9174b4 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6c536340229d1bb052a390124806163e
| MD5 | 8dda220de3bfd073f993acca9cce3f19 |
| SHA1 | c78e343e500f592bfc59de89dcf8548cd6fa1f71 |
| SHA256 | 21710259e1dbf800de1bd2dd8e19f33cf70dcf6ad306f7738a23300e40d385e3 |
| SHA512 | d21115712737f5d51c7fc887a14bb7b9dda4b9db295ecf429623a20eee02b2868956e6d66907997f100395625c42464218c36e750224e02fe0245c0292fc9e1c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8550d05ebb82e2c3691bc35b7c166899
| MD5 | f3e7b2683bee3c3628f500d157a7184c |
| SHA1 | 17aa34cf9e45a2a10cc370ef0047d6ec844053dd |
| SHA256 | 66d177f97d367d8181feedc6db9f92f71dbabf58cef1355439559005be6a24ac |
| SHA512 | 48994f038f0cca5a1ad783d05490ccc209ac4ff2a9fc3b508d5225348d2202f9760ac6c0334d12f74ab8227eab5a412370459ab328f44177729f8fb6b8911088 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1cb6044427da36923148711b8796b750
| MD5 | ccdd89dadb2a17edd97a48f05de218ab |
| SHA1 | c8829afdfda3e414304f09f588a9e00cd43de4d0 |
| SHA256 | 8ebad66a66dec464ea8f6a70c240e6fac36d2155ef5460b2f1cc80451e9949ec |
| SHA512 | 79976e6623479c42c3b9babb2bbec208a8f13b580dc19419df33639e3922ab973e740fcf33c94841e833ef3ca8209b5b149d2ba5c064f08e3b6a526a651432f9 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e4317e6c6a87bdf6f00c6c80866345fc
| MD5 | fa00f598036aff7c2e4728ff840efdd6 |
| SHA1 | 7873ee7205e2817fc8fdcb3afdc275aab494ea91 |
| SHA256 | 18fecafdfbf34c5b261f4acbd607c439e35177802c8002a0d88221258108abb8 |
| SHA512 | f72faa02c263ed200f7a296ed86ef5da614911c1cd212aedd12923ba551aabc44b33cbced8dac80aae67dc09988d53ee191755afe3d51383ce885750bb00a944 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6e62dea9b6f892b37a40251f84c9e0e3
| MD5 | f48177bf38c02c3a2cb322b77d627f23 |
| SHA1 | e207f206d2f707e7feddc32c02883bb71015d23d |
| SHA256 | 4a8a4eb5baa01e72889b67caa16b69a4c2e8a07aa12f84ade87376f344b2fbd9 |
| SHA512 | bb3c4ba048199ddd3cf5d554a90c279d7b868871f1a0eea4ce27c641556fb3e483cf839e3f9a27a092021783a25d604c952fb1ea34528d722db9930fe48e38a8 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\38b0d496d6e95d4a4e1f049ecb71b4d1
| MD5 | 60dc54bc02627b188fbc37f3c81899b3 |
| SHA1 | 7065242d6e88ff9ed0e0cb891a9a6f6db2be5334 |
| SHA256 | 35fd7f2804d4edd74c14cb7bb1534edc993ab7ce9e2d64be997b12ffa8ee5b16 |
| SHA512 | 2b43c5d1f2ee4621055d94f3e04cbfed24371eea9a7c719f8392a993464e7d05635f59bf230e294c60de5656f421f4661bd5b1b8f286c4c15e79bf9c57d686c5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7df53404f56c9f1787b277ba9d17049b
| MD5 | ecaba5cf9469daab7c05847af2da45d7 |
| SHA1 | 78d9c8d289db9815482249769dea663f4999cac2 |
| SHA256 | 23946e247fe3bb06503a06be2b8e154d724a8c2e86fa4f441fc09ba1e5781121 |
| SHA512 | 4204260b2efe3b4c95584394b30ad7957b154229828f0ac90a04e5167c7eb78f254777fad0d4fce9c5675fccc390dfccae2ecbd8d17e0e73bb0a6933605df7d1 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\05e6fbe7faeaf27e476e2247265bd7e2
| MD5 | 774331951556eabf4930f06518bfe5f8 |
| SHA1 | 79a7b332357aa2b18cf400033bfeeb5db7614627 |
| SHA256 | c4239a4d05bd3e427245f920cd4eba313e0af75c819f89553c7b6758da9b4d57 |
| SHA512 | bf67dd1c1d57779578524ee404de1648d9a4d8ed7f524fd49643ec49c3165b9321d64bda2216cfb8617c32cb500eacc2966263dc03841af51ee37facb2b1724e |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ec9a7853aa53bb67f2099830ce97922a
| MD5 | 0ab1d8c6659dc5952cb81416c8d9a85a |
| SHA1 | 16d889c645dd70901f87cc86f6db8a632b8518a0 |
| SHA256 | 1ebc2f03253024917e0b562d101603c2f9e04aa70a05accc5e63eed9976ea0b4 |
| SHA512 | 657a549264297c42e4783cdfc76baff2dab9b5b9c1f991b3aa8b16f2b8f87ccdb0c1a56edc23713ea7f34ffcc4cfc95b7fbba8d5fa06ea443610f06a00433f36 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\92ca8d0a36e9ce06a1c3537675677ffb
| MD5 | ae7d26697baf4e3c0a4f7e4fd800f89b |
| SHA1 | 4f2472e39c964861701d80139cdc33bb967b2c34 |
| SHA256 | 58c1370bf264ecee15638ab670a0af85f8bc3b974670875c757751fd116f4833 |
| SHA512 | e93451a30c74751ebd6996efb038016e28370de37bfbfe2fafd1f3c3817f2e720bc3b7d96e1c0e346f08e3c581d13f77a535c30c07a487f2c4a13b4da9970a0f |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1f571bce12b3689efa5586c78436d68a
| MD5 | aa1cb968768ba580f7e7d559906a49de |
| SHA1 | 1a6a0906ac3c68f859790103094a617e0439d77b |
| SHA256 | b9e49fcb7d0be8aac8bf1d990f2277363077dbd34af7f5109a14bea85b9fd35b |
| SHA512 | a72d7246405dea401b6e97963ea624772f65a7b20eacf2c358fdb73d7e5c2afac79b5cd39cd548ea8c43f14b5f03cc38deee8a495e9c7a1f264c1ca7de4f2411 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\234369d070cc483f7122fd415837b73a
| MD5 | 51d45f80859fca2ea5720897d7f1612a |
| SHA1 | 2a7d736969502784b96328f4fd1fc7697a099273 |
| SHA256 | 5bf07b195c3902c69653ca0294f2bdbf9124df501af426b14d6bcdbb87d70745 |
| SHA512 | 059455bc829431130377e4c8cee87ed3652b712eb46afa6f666d9e4aff7401b59068da840b91f4914d0752880cb2ed8c64a90e79e37f45b4b90996e44f2932b5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7deb7c677f433c0b6c649020e88fe58a
| MD5 | d76037dbae4ae81158187aeced5816b1 |
| SHA1 | 7858adc6bdb9f9b03fcb28746d7a0d08c297d058 |
| SHA256 | 8113ac3b2c1f9a16f7c5a9be473b64abfa8c9689afcbcc30750aeb3077e3e27b |
| SHA512 | e9e1b515c621e760968098b8e0a16e00cf1fc17b74065efd2f8793add04d5e506205df5d65be1db885fb958b9c5879ca728528963b4048bfe073d4249c0dc6eb |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5a479665357e877c36a8bc4ebab8ac84
| MD5 | f5366499a754da1e3317be61d63cc243 |
| SHA1 | 8689a3cc6a2e1af5dbd2b6c23b488283362bab0a |
| SHA256 | 14873e016597bf69824fb29a219f6d81befb11b19fe2e505544115b33f030e6e |
| SHA512 | 6920f31ed14ef4621559e67c75a69ecdb7832aac639c40febd98dcf9b7c02402510e983b84cd309bdcd7b0438b394cd6b1d11bd4c32c58488d24a5d38db930c5 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a116d80baa851750ec02ad98f6a28052
| MD5 | db41d22b9f9f4a43ff8916ff8d513da0 |
| SHA1 | 00dee570785465bff97ec8a96ebfad3d21f1d248 |
| SHA256 | 31e6f7d03515207ae87b2f9e9594fc94db77038fcc28ee3990689c6590b7547c |
| SHA512 | df4e09d0f24ec1cf13ffa1a062f9d28a5d36d99b606f27f7ab757f82e4202e51ff4e033b6554b763e6f97c73bbe77b9d133b4b842469b96056654cc2f202124c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7209cd4fd5e4a48a4cabe7e3498368ec
| MD5 | 643d56f3cc2d206fc1eeafd601a0e287 |
| SHA1 | 0e55be4bc02d884a40a586b44d5728f9e8fefa6e |
| SHA256 | 637c7f57eea4b46821e968a691bc2181ac0ed00252691845fefd947a4c594f66 |
| SHA512 | 10cb34ff5d98467c3de396ef4993a11c7db2545329ea473eb3ffe387f2663cfda6d21d31299f87aa3f298d2bfdb88d705b9236e9f71c48c22970713c2c3f75e6 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b00de5dcbb5ba1d0d58ba82e9c2f97bc
| MD5 | 9a3aa49a6c57739a171e507a3b0a90ff |
| SHA1 | f3c154299bec91f215954c1df2b03f68fa08efa3 |
| SHA256 | 6d61517c2a006e117a5d5032dc1be0f993f275b6d0c8a0fbef25bda8cfc12691 |
| SHA512 | 0a02917b5eefba73d3420852a5c66719bae97bc3c8f9adfb2dcad89dee9caf5852f660a3e787d84e9b86e3793ae0605b2db10c0a1463e0f09a733b614d2f4c1c |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6105c4318cc0c25a63a6c9b8db84bc28
| MD5 | 6badf7314b5d440a6ec8dea899d7872e |
| SHA1 | 003170f75f86922af2aa5bc4b2c3c41f5f14106d |
| SHA256 | c13071122b4ff111c8ee877e0d8bde8f34ab3569df48fa81f6f4f1b0b0ba855a |
| SHA512 | 5fd8098470eb97e06e62f6d8753d3dbef34d8db6b3ff463cdc964e61e765ab844168170a64c837fa5d60c029a79ac0fe7cc661b9bae07acbaa2400120037aa13 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\68119f28ce3eca78171a6a8c8822e1bd
| MD5 | 35e84ac53c5b6ac5714c5589d7d79153 |
| SHA1 | cedd01f0263fc9e5718b8e77b3467c14a35a1b53 |
| SHA256 | 47da60997e22feaa88bff58bd2db6320534331990a14e2b64b6d665df77b931c |
| SHA512 | 7cbdf8f0eaee0c4e00e3813d1e558cc5aa305d6e9861255d721bfb655cddbf08c70fe61f686e79154f1c36e7a4b5c29f2ecf2776fee9eb0b7ac1da8c87e75dff |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3acc8af1251b7ed321f9b36da661d9ed
| MD5 | 808cb55c51b6fc55fa6cdb17892dc876 |
| SHA1 | 4487b86a3a42ff05e109800b1827c100390245c0 |
| SHA256 | eed0725bdeac66a2e53e7daaa033f06c360314d751df70176a0af3f23eb08c7d |
| SHA512 | 0d2e6534792e7d417a6fa8403f22397f406352a38bfe1019d87e0308d041b3e69d7defae77e2bf6b87adb3b7d59718efea7d5fad340847c681eeb293beb0f24e |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\SETUP.EX_
| MD5 | 5070a34dbada1aaa375cc572b5fc7d0c |
| SHA1 | e74b7ef714755870976abe3d2b4a7db0b9cc21e5 |
| SHA256 | 03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20 |
| SHA512 | fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 766067082e719fb6af7f4c00c448792c |
| SHA1 | 70ae28e3e4c4c6caf46b8c23c789aff22a8f5c2a |
| SHA256 | dc4e9f755531a088d3a5411467f8a46407a9d00d356e40d669d9f136dcf03baf |
| SHA512 | 73da411f9f084ff8c4436933dfc0aa45e0ef4cc0f734aeacc61328c6b0774f89b7d3cb5e6da801eef7ae11c94ffed3f54b633a20363fc88d308076b01990d9da |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | 28f5cf3c1d590016d7e5ecb1843571f5 |
| SHA1 | 406f6637234211764c4e13753272caf704ffec2a |
| SHA256 | a975a3a4ee010fbcc6a60c8c1798a19a1dd795655b4b629d20053bac9c5a3da2 |
| SHA512 | 0e1fe3d1cbc9eb36c41a534b26ae95603bfad4e2f593fe1a8df9570209924772a0668d3c4a20006fdb700fed1decaffaebb189f34b8474eae0346ae924c6e938 |
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c81813ea34dbe699086525727806025a
| MD5 | a3f4cbd0c5257cd3cdc56958f24088ca |
| SHA1 | a8d4f19639a66b850942bdc5c32ea658ec4e3535 |
| SHA256 | 5bb9cef0aa68d278aceedddca92ade459231208fc91103e31ea0bc9fcff4867f |
| SHA512 | 138a73967c536c7c7170e1927b73c469ac848e69ec72c485b1432635f37caf69a31019b800f2a311e03230d6a799d6c0809a346fdacfc72a28a1abb14190e2a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1fa2d5ae0cb4ee2a3e182fe9857a65b8 |
| SHA1 | 6e93f01bfff2cf4d051a1c71f322e0e6e8c3c6d5 |
| SHA256 | 1940561c9c547845d5e44fb6dd6c2cc801b87a9357e147a4bb7932bba8e27ee2 |
| SHA512 | 27a7cf77e610feb3e8b53379b17c4957c159ae6aa136d467494f959b57b88a98631d0770364a2f6f9a156e8403ba57186f994de44d650f456f27d4b02718720c |
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1477s
Max time network
1508s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\new_shaders\Red Glass.dds"
Network
| Country | Destination | Domain | Proto |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 112.61.62.23.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:13
Platform
win11-20240426-en
Max time kernel
1483s
Max time network
1511s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass_diffuse.dds
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.83.221.88.in-addr.arpa | udp |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:12
Platform
win11-20240419-en
Max time kernel
1487s
Max time network
1496s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\default_normal.dds
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 13.107.21.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-01 11:04
Reported
2024-05-01 20:19
Platform
win11-20240419-en
Max time kernel
1791s
Max time network
1498s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3884 wrote to memory of 4156 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 3884 wrote to memory of 4156 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_idle.ogg
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_idle.ogg"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.197.17.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4156-5-0x00007FF667180000-0x00007FF667278000-memory.dmp
memory/4156-6-0x00007FFBB7D60000-0x00007FFBB7D94000-memory.dmp
memory/4156-11-0x00007FFBB7670000-0x00007FFBB7687000-memory.dmp
memory/4156-15-0x00007FFBA6140000-0x00007FFBA634B000-memory.dmp
memory/4156-23-0x00007FFBACC60000-0x00007FFBACC7B000-memory.dmp
memory/4156-27-0x00007FFBACB20000-0x00007FFBACB87000-memory.dmp
memory/4156-16-0x00007FFBA5090000-0x00007FFBA6140000-memory.dmp
memory/4156-30-0x00007FFBA4FB0000-0x00007FFBA500C000-memory.dmp
memory/4156-29-0x00007FFBABCA0000-0x00007FFBABCB1000-memory.dmp
memory/4156-28-0x00007FFBA5010000-0x00007FFBA508C000-memory.dmp
memory/4156-26-0x00007FFBACB90000-0x00007FFBACBC0000-memory.dmp
memory/4156-25-0x00007FFBACBC0000-0x00007FFBACBD8000-memory.dmp
memory/4156-24-0x00007FFBACC40000-0x00007FFBACC51000-memory.dmp
memory/4156-17-0x00007FFBB37B0000-0x00007FFBB37F1000-memory.dmp
memory/4156-22-0x00007FFBADD60000-0x00007FFBADD71000-memory.dmp
memory/4156-21-0x00007FFBADD80000-0x00007FFBADD91000-memory.dmp
memory/4156-20-0x00007FFBADDA0000-0x00007FFBADDB1000-memory.dmp
memory/4156-19-0x00007FFBB7100000-0x00007FFBB7118000-memory.dmp
memory/4156-18-0x00007FFBB7560000-0x00007FFBB7581000-memory.dmp
memory/4156-14-0x00007FFBB7590000-0x00007FFBB75A1000-memory.dmp
memory/4156-13-0x00007FFBB75B0000-0x00007FFBB75CD000-memory.dmp
memory/4156-12-0x00007FFBB75D0000-0x00007FFBB75E1000-memory.dmp
memory/4156-7-0x00007FFBA6580000-0x00007FFBA6836000-memory.dmp
memory/4156-10-0x00007FFBB78C0000-0x00007FFBB78D1000-memory.dmp
memory/4156-9-0x00007FFBB86C0000-0x00007FFBB86D7000-memory.dmp
memory/4156-8-0x00007FFBBB390000-0x00007FFBBB3A8000-memory.dmp