Malware Analysis Report

2025-01-18 22:23

Sample ID 240501-m6ldmsdd5w
Target PTR_Fleetwood.zip
SHA256 1321556ca5ab30b214580e8dce307b4d7aba27e42907f4a3c7af1147a51d7b25
Tags
discovery evasion persistence trojan adware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1321556ca5ab30b214580e8dce307b4d7aba27e42907f4a3c7af1147a51d7b25

Threat Level: Likely malicious

The file PTR_Fleetwood.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence trojan adware stealer

Sets file execution options in registry

Modifies Installed Components in the registry

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Checks installed software on the system

Drops desktop.ini file(s)

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Checks processor information in registry

Enumerates system info in registry

System policy modification

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-01 11:05

Signatures

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1484s

Max time network

1513s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\modDesc.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104074" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2808269378" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\modDesc.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\modDesc.xml

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
NL 23.62.61.98:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/1832-0-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-2-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-4-0x00007FF8E37A3000-0x00007FF8E37A4000-memory.dmp

memory/1832-3-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-1-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-6-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-5-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-7-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-8-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-9-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-10-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-11-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-13-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-14-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-15-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-16-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-12-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-17-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-18-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-23-0x00007FF8E3700000-0x00007FF8E3909000-memory.dmp

memory/1832-20-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-19-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-22-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

memory/1832-21-0x00007FF8A3790000-0x00007FF8A37A0000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1467s

Max time network

1496s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window1.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window1.dds

Network

Country Destination Domain Proto
US 52.111.227.11:443 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:34

Platform

win11-20240426-en

Max time kernel

1792s

Max time network

1510s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\horn.ogg

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4632 wrote to memory of 476 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 4632 wrote to memory of 476 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\horn.ogg

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\horn.ogg"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 23.62.61.123:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/476-5-0x00007FF6F1770000-0x00007FF6F1868000-memory.dmp

memory/476-6-0x00007FFD7DD20000-0x00007FFD7DD54000-memory.dmp

memory/476-11-0x00007FFD7CFE0000-0x00007FFD7CFF7000-memory.dmp

memory/476-14-0x00007FFD7CF80000-0x00007FFD7CF91000-memory.dmp

memory/476-13-0x00007FFD7CFA0000-0x00007FFD7CFBD000-memory.dmp

memory/476-12-0x00007FFD7CFC0000-0x00007FFD7CFD1000-memory.dmp

memory/476-7-0x00007FFD7D2D0000-0x00007FFD7D586000-memory.dmp

memory/476-9-0x00007FFD7DE10000-0x00007FFD7DE27000-memory.dmp

memory/476-8-0x00007FFD7E0A0000-0x00007FFD7E0B8000-memory.dmp

memory/476-10-0x00007FFD7D000000-0x00007FFD7D011000-memory.dmp

memory/476-16-0x00007FFD6B1C0000-0x00007FFD6B3CB000-memory.dmp

memory/476-27-0x00007FFD73070000-0x00007FFD730D7000-memory.dmp

memory/476-30-0x00007FFD6C690000-0x00007FFD6C6EC000-memory.dmp

memory/476-29-0x00007FFD71F00000-0x00007FFD71F11000-memory.dmp

memory/476-28-0x00007FFD71D60000-0x00007FFD71DDC000-memory.dmp

memory/476-26-0x00007FFD7CDF0000-0x00007FFD7CE20000-memory.dmp

memory/476-25-0x00007FFD7CE20000-0x00007FFD7CE38000-memory.dmp

memory/476-24-0x00007FFD7CE40000-0x00007FFD7CE51000-memory.dmp

memory/476-23-0x00007FFD7CE60000-0x00007FFD7CE7B000-memory.dmp

memory/476-22-0x00007FFD7CE80000-0x00007FFD7CE91000-memory.dmp

memory/476-21-0x00007FFD7CEA0000-0x00007FFD7CEB1000-memory.dmp

memory/476-20-0x00007FFD7CEC0000-0x00007FFD7CED1000-memory.dmp

memory/476-19-0x00007FFD7CEE0000-0x00007FFD7CEF8000-memory.dmp

memory/476-18-0x00007FFD7CF00000-0x00007FFD7CF21000-memory.dmp

memory/476-17-0x00007FFD7CF30000-0x00007FFD7CF71000-memory.dmp

memory/476-15-0x00007FFD6B3D0000-0x00007FFD6C480000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:12

Platform

win11-20240419-en

Max time kernel

1488s

Max time network

1511s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\gen_dirt_1.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\gen_dirt_1.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1475s

Max time network

1504s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\new_shaders\orange glass.dds"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\new_shaders\orange glass.dds"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
NL 23.62.61.88:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:24

Platform

win11-20240419-en

Max time kernel

1790s

Max time network

1495s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_run.ogg

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4016 wrote to memory of 1112 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 4016 wrote to memory of 1112 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_run.ogg

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_run.ogg"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004FC 0x00000000000004F0

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/1112-6-0x00007FFF091F0000-0x00007FFF09224000-memory.dmp

memory/1112-5-0x00007FF7CEB40000-0x00007FF7CEC38000-memory.dmp

memory/1112-13-0x00007FFF053D0000-0x00007FFF053ED000-memory.dmp

memory/1112-14-0x00007FFF053B0000-0x00007FFF053C1000-memory.dmp

memory/1112-12-0x00007FFF053F0000-0x00007FFF05401000-memory.dmp

memory/1112-11-0x00007FFF05480000-0x00007FFF05497000-memory.dmp

memory/1112-10-0x00007FFF06310000-0x00007FFF06321000-memory.dmp

memory/1112-9-0x00007FFF06440000-0x00007FFF06457000-memory.dmp

memory/1112-7-0x00007FFEF4170000-0x00007FFEF4426000-memory.dmp

memory/1112-8-0x00007FFF065E0000-0x00007FFF065F8000-memory.dmp

memory/1112-15-0x00007FFEF3D30000-0x00007FFEF3F3B000-memory.dmp

memory/1112-30-0x00007FFEF2B30000-0x00007FFEF2B8C000-memory.dmp

memory/1112-29-0x00007FFEF4DD0000-0x00007FFEF4DE1000-memory.dmp

memory/1112-28-0x00007FFEF2B90000-0x00007FFEF2C0C000-memory.dmp

memory/1112-27-0x00007FFEF2C10000-0x00007FFEF2C77000-memory.dmp

memory/1112-26-0x00007FFEF4DF0000-0x00007FFEF4E20000-memory.dmp

memory/1112-25-0x00007FFEF9790000-0x00007FFEF97A8000-memory.dmp

memory/1112-24-0x00007FFEF97B0000-0x00007FFEF97C1000-memory.dmp

memory/1112-23-0x00007FFEFBAE0000-0x00007FFEFBAFB000-memory.dmp

memory/1112-22-0x00007FFEFBB00000-0x00007FFEFBB11000-memory.dmp

memory/1112-21-0x00007FFEFBB20000-0x00007FFEFBB31000-memory.dmp

memory/1112-20-0x00007FFF052F0000-0x00007FFF05301000-memory.dmp

memory/1112-19-0x00007FFF05310000-0x00007FFF05328000-memory.dmp

memory/1112-18-0x00007FFF05330000-0x00007FFF05351000-memory.dmp

memory/1112-17-0x00007FFF05360000-0x00007FFF053A1000-memory.dmp

memory/1112-16-0x00007FFEF2C80000-0x00007FFEF3D30000-memory.dmp

memory/1112-42-0x00007FFEF2C80000-0x00007FFEF3D30000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:12

Platform

win11-20240426-en

Max time kernel

1478s

Max time network

1505s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\RV.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104056" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3942743846" C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\RV.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RV.xml

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
NL 23.62.61.152:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/776-0-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-2-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-1-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-3-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-5-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-4-0x00007FF9D1C43000-0x00007FF9D1C44000-memory.dmp

memory/776-6-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-8-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-7-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-9-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-10-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-12-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-11-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-13-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-17-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-19-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-18-0x00007FF9D1BA0000-0x00007FF9D1DA9000-memory.dmp

memory/776-16-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-15-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

memory/776-14-0x00007FF991C30000-0x00007FF991C40000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1484s

Max time network

1511s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\default_specular.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\default_specular.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 23.62.61.112:443 www.bing.com tcp
US 8.8.8.8:53 112.61.62.23.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1482s

Max time network

1512s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\gen_wear_dirt_2.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\gen_wear_dirt_2.dds

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 89.2.16.2.in-addr.arpa udp
NL 23.62.61.112:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 112.61.62.23.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:22

Platform

win11-20240419-en

Max time kernel

1792s

Max time network

1500s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_load.ogg

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 844 wrote to memory of 964 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 844 wrote to memory of 964 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_load.ogg

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_load.ogg"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0

Network

Country Destination Domain Proto
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

memory/964-5-0x00007FF77F920000-0x00007FF77FA18000-memory.dmp

memory/964-6-0x00007FFFF0900000-0x00007FFFF0934000-memory.dmp

memory/964-10-0x00007FFFF08E0000-0x00007FFFF08F1000-memory.dmp

memory/964-14-0x00007FFFEC9A0000-0x00007FFFEC9B1000-memory.dmp

memory/964-13-0x00007FFFEF2E0000-0x00007FFFEF2FD000-memory.dmp

memory/964-16-0x00007FFFEBAE0000-0x00007FFFEBB21000-memory.dmp

memory/964-15-0x00007FFFDE7E0000-0x00007FFFDE9EB000-memory.dmp

memory/964-12-0x00007FFFEFE10000-0x00007FFFEFE21000-memory.dmp

memory/964-11-0x00007FFFEFE30000-0x00007FFFEFE47000-memory.dmp

memory/964-7-0x00007FFFDEC20000-0x00007FFFDEED6000-memory.dmp

memory/964-9-0x00007FFFF0BC0000-0x00007FFFF0BD7000-memory.dmp

memory/964-8-0x00007FFFF3790000-0x00007FFFF37A8000-memory.dmp

memory/964-30-0x00007FFFE5090000-0x00007FFFE50EC000-memory.dmp

memory/964-29-0x00007FFFEB9A0000-0x00007FFFEB9B1000-memory.dmp

memory/964-28-0x00007FFFDF5E0000-0x00007FFFDF65C000-memory.dmp

memory/964-27-0x00007FFFE6310000-0x00007FFFE6377000-memory.dmp

memory/964-26-0x00007FFFEB9C0000-0x00007FFFEB9F0000-memory.dmp

memory/964-25-0x00007FFFEB9F0000-0x00007FFFEBA08000-memory.dmp

memory/964-24-0x00007FFFEBA10000-0x00007FFFEBA21000-memory.dmp

memory/964-23-0x00007FFFEBA30000-0x00007FFFEBA4B000-memory.dmp

memory/964-22-0x00007FFFEBA50000-0x00007FFFEBA61000-memory.dmp

memory/964-21-0x00007FFFEBA70000-0x00007FFFEBA81000-memory.dmp

memory/964-20-0x00007FFFEBA90000-0x00007FFFEBAA1000-memory.dmp

memory/964-19-0x00007FFFEC980000-0x00007FFFEC998000-memory.dmp

memory/964-18-0x00007FFFEBAB0000-0x00007FFFEBAD1000-memory.dmp

memory/964-17-0x00007FFFDD730000-0x00007FFFDE7E0000-memory.dmp

memory/964-43-0x00007FFFDD730000-0x00007FFFDE7E0000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:25

Platform

win11-20240426-en

Max time kernel

1790s

Max time network

1510s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_start.ogg

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3020 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 3020 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_start.ogg

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_start.ogg"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/4848-5-0x00007FF760230000-0x00007FF760328000-memory.dmp

memory/4848-6-0x00007FFDAC970000-0x00007FFDAC9A4000-memory.dmp

memory/4848-13-0x00007FFDA9730000-0x00007FFDA974D000-memory.dmp

memory/4848-14-0x00007FFDA9710000-0x00007FFDA9721000-memory.dmp

memory/4848-12-0x00007FFDA9750000-0x00007FFDA9761000-memory.dmp

memory/4848-11-0x00007FFDA9DA0000-0x00007FFDA9DB7000-memory.dmp

memory/4848-16-0x00007FFDA8F20000-0x00007FFDA8F61000-memory.dmp

memory/4848-15-0x00007FFD98140000-0x00007FFD9834B000-memory.dmp

memory/4848-19-0x00007FFDA8F00000-0x00007FFDA8F18000-memory.dmp

memory/4848-27-0x00007FFD97020000-0x00007FFD97087000-memory.dmp

memory/4848-30-0x00007FFD96F40000-0x00007FFD96F9C000-memory.dmp

memory/4848-29-0x00007FFD9F1D0000-0x00007FFD9F1E1000-memory.dmp

memory/4848-28-0x00007FFD96FA0000-0x00007FFD9701C000-memory.dmp

memory/4848-26-0x00007FFD9F1F0000-0x00007FFD9F220000-memory.dmp

memory/4848-25-0x00007FFD9F220000-0x00007FFD9F238000-memory.dmp

memory/4848-24-0x00007FFDA8390000-0x00007FFDA83A1000-memory.dmp

memory/4848-23-0x00007FFDA8B50000-0x00007FFDA8B6B000-memory.dmp

memory/4848-22-0x00007FFDA8B70000-0x00007FFDA8B81000-memory.dmp

memory/4848-21-0x00007FFDA8B90000-0x00007FFDA8BA1000-memory.dmp

memory/4848-20-0x00007FFDA8EE0000-0x00007FFDA8EF1000-memory.dmp

memory/4848-18-0x00007FFDA96E0000-0x00007FFDA9701000-memory.dmp

memory/4848-7-0x00007FFDA91A0000-0x00007FFDA9456000-memory.dmp

memory/4848-10-0x00007FFDAC7D0000-0x00007FFDAC7E1000-memory.dmp

memory/4848-9-0x00007FFDADA90000-0x00007FFDADAA7000-memory.dmp

memory/4848-17-0x00007FFD97090000-0x00007FFD98140000-memory.dmp

memory/4848-8-0x00007FFDAE220000-0x00007FFDAE238000-memory.dmp

memory/4848-43-0x00007FFD97090000-0x00007FFD98140000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:25

Platform

win11-20240419-en

Max time kernel

1792s

Max time network

1495s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_stop.ogg

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 2860 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_stop.ogg

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_stop.ogg"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004E0

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/1620-6-0x00007FFFA3250000-0x00007FFFA3284000-memory.dmp

memory/1620-5-0x00007FF7EF650000-0x00007FF7EF748000-memory.dmp

memory/1620-13-0x00007FFFA24E0000-0x00007FFFA24FD000-memory.dmp

memory/1620-14-0x00007FFFA24C0000-0x00007FFFA24D1000-memory.dmp

memory/1620-7-0x00007FFF91300000-0x00007FFF915B6000-memory.dmp

memory/1620-12-0x00007FFFA2500000-0x00007FFFA2511000-memory.dmp

memory/1620-11-0x00007FFFA2520000-0x00007FFFA2537000-memory.dmp

memory/1620-9-0x00007FFFA3470000-0x00007FFFA3487000-memory.dmp

memory/1620-8-0x00007FFFA36D0000-0x00007FFFA36E8000-memory.dmp

memory/1620-10-0x00007FFFA2540000-0x00007FFFA2551000-memory.dmp

memory/1620-15-0x00007FFF90EC0000-0x00007FFF910CB000-memory.dmp

memory/1620-19-0x00007FFFA1410000-0x00007FFFA1428000-memory.dmp

memory/1620-30-0x00007FFF8FCA0000-0x00007FFF8FCFC000-memory.dmp

memory/1620-29-0x00007FFF8FD00000-0x00007FFF8FD11000-memory.dmp

memory/1620-28-0x00007FFF8FD20000-0x00007FFF8FD9C000-memory.dmp

memory/1620-27-0x00007FFF8FDA0000-0x00007FFF8FE07000-memory.dmp

memory/1620-26-0x00007FFF91CC0000-0x00007FFF91CF0000-memory.dmp

memory/1620-25-0x00007FFF977E0000-0x00007FFF977F8000-memory.dmp

memory/1620-24-0x00007FFF97800000-0x00007FFF97811000-memory.dmp

memory/1620-23-0x00007FFF97820000-0x00007FFF9783B000-memory.dmp

memory/1620-22-0x00007FFF98AA0000-0x00007FFF98AB1000-memory.dmp

memory/1620-21-0x00007FFF98AC0000-0x00007FFF98AD1000-memory.dmp

memory/1620-20-0x00007FFF98AE0000-0x00007FFF98AF1000-memory.dmp

memory/1620-18-0x00007FFFA1430000-0x00007FFFA1451000-memory.dmp

memory/1620-17-0x00007FFFA23F0000-0x00007FFFA2431000-memory.dmp

memory/1620-16-0x00007FFF8FE10000-0x00007FFF90EC0000-memory.dmp

memory/1620-42-0x00007FFF8FE10000-0x00007FFF90EC0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1485s

Max time network

1498s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\RV.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104080" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2683198765" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\RV.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RV.xml

Network

Country Destination Domain Proto
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/4612-0-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-1-0x00007FFAB95A3000-0x00007FFAB95A4000-memory.dmp

memory/4612-3-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-2-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-4-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-6-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-5-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-7-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-8-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-10-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-9-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-11-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-13-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-12-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-14-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-15-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-17-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-16-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-18-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-19-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-22-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-23-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-24-0x00007FFAB9500000-0x00007FFAB9709000-memory.dmp

memory/4612-20-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

memory/4612-21-0x00007FFA79590000-0x00007FFA795A0000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1486s

Max time network

1511s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\Wood.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\Wood.dds

Network

Country Destination Domain Proto
NL 23.62.61.88:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1485s

Max time network

1494s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\chrome.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\chrome.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:12

Platform

win11-20240419-en

Max time kernel

1488s

Max time network

1498s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearPlastic_diffuse.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearPlastic_diffuse.dds

Network

Country Destination Domain Proto
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1488s

Max time network

1498s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_light_tint.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_light_tint.dds

Network

Country Destination Domain Proto
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1485s

Max time network

1513s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\RV.i3d.shapes

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\RV.i3d.shapes

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 23.62.61.112:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 19:54

Platform

win11-20240426-en

Max time kernel

692s

Max time network

698s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass03_diffuse.dds

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls\Private\ScrollBar.qml C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\fonts\JosefinSans-Regular.ttf C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\FileSync\Dark\Large\Refresh.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\CursorKind.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\qu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\PointLight.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Analytics\Navigation\BtnValues.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ExpChat\RoactRodux.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_lv.dll C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\Notifications\Light\Large\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\TopBar\Flags\GetFFlagChangeTopbarHeightCalculation.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\LuauRegExp.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-2.4.1\JestUtil\formatTime.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AccountSwitching\RobloxAppEnums.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserSafetyTestSuite\InGameAssetReporting.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls\Styles\Base\images\slider-handle.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\Performance.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Test\MockAnalytics.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NotificationModalsManager\Dev\Rhodium.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiShell\TenFootUiControllerBar.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\BuiltInPlugins\DepFiles\ViewSelector.d C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Flags\GetFFlagIBGateUGC4ACollectibleAssetsBundles.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\Dash\Dash\collectArray.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NavigationRodux\SharedFlags.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Actions\SetTryingOnInfo.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SystemInfoProtocol\SystemInfoProtocol\default.rbxp C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\hi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\PlayerScripts\StarterPlayerScripts\PlayerModule.module\CameraModule\ClassicCamera.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\TestEZJestAdapter\TestEZJestAdapter\Reporters\JestDefaultReporter.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameLaunch\PlayabilityRodux.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Window.2\qmldir C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Settings\LeaveGame\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\Notifications\Dark\Large\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\ChatSelector.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestCircus\JestCircus\circus\globalErrorHandlers.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ExperienceLoadingScript\Dev\JestGlobals.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialOnboardingButtons\Dev\SocialTestHelpers.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\t.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestDiff-edcba0e9-2.4.1\LuauPolyfill.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\ReactFocusNavigation\ReactFocusNavigation\FocusNavigationContext.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\TaskScheduler.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Thunks\DeleteFavoriteForAsset.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoduxContacts-8363ecbf-ce1067fc\RoduxContacts\Selectors\sortContacts.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Shapes\qmlshapesplugin.dll C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\CoreScriptsRhodiumTest\Tests\Settings\SettingsFullScreenTitleBar.spec.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\TopBar\Reducer\DisplayOptions.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends\RoduxFriends\Actions\RecommendationSourceCreated.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Loggers\Lumberyak.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\designer\images\combobox-icon16.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\AnimationEditor\FaceCaptureUI\Background.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Vehicle\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\AvatarCompatibilityPreviewer\Dark\Large\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\FileSync\Dark\Standard\Refresh.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\CylinderHandleAdornment.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Chrome\Unibar\WindowManager.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\LICENSE C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_2030064083\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\keys.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_2030064083\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "8" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "4" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "6" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "9" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590662051260763" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "3" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Roblox.Place\shell\Open\command C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rbxl\Roblox.Place\ShellNew C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1572 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 2460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 2916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass03_diffuse.dds

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd7d63ab58,0x7ffd7d63ab68,0x7ffd7d63ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4844 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4712 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2440 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3148 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3948 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4428 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3280 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3124 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5036 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2784 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3344 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3148 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3252 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4552 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxStudioInstaller.exe

"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM5RENDMTYtODE2Ni00OTFCLUE1RjItODcyQ0UxQzMwMjQ1fSIgdXNlcmlkPSJ7OEY4MjI3M0ItMUQ1Qi00NkM1LThEQjUtMTVBRTdBQjA2NEFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDQkU3REY5Qy03QjI5LTQ1NzktOEUxMS02NDA0NDI4QUEwMTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMTk3MTA5MjQiIGluc3RhbGxfdGltZV9tcz0iMzUyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{439DCC16-8166-491B-A5F2-872CE1C30245}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM5RENDMTYtODE2Ni00OTFCLUE1RjItODcyQ0UxQzMwMjQ1fSIgdXNlcmlkPSJ7OEY4MjI3M0ItMUQ1Qi00NkM1LThEQjUtMTVBRTdBQjA2NEFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1QkE4OTA1Ny1FMENGLTQ1ODktQjI5Ri1CQjI2RDlFQUE4NDB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMyMjk3MDg2NiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75FB7BC8-940F-48F6-9800-35008AC87775}\EDGEMITMP_9ACE8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7caa088c0,0x7ff7caa088cc,0x7ff7caa088d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM5RENDMTYtODE2Ni00OTFCLUE1RjItODcyQ0UxQzMwMjQ1fSIgdXNlcmlkPSJ7OEY4MjI3M0ItMUQ1Qi00NkM1LThEQjUtMTVBRTdBQjA2NEFGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5QUEzREE3RS01MkFGLTRFQjUtQTBEMy05NDhEOTM1Q0Y4MTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzMwNzQwOTAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMzMDc3MTAyMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1NjU4NDUzNDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTk3NzQ3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWl4bTZyeDJKcyUyZnJwbnBGcXU2SnJSWjAlMmZJSUxTdVdhRyUyYjNSa3Rja0Z2RmpLVkpQJTJmVG1VQ3VCVkNwRmlobmFiT0NiT1l1cGNJenF5R0FxeHZyMnJKV1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjE3MzczIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODU2NjAwMTY0NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1Nzk3NTE3MjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjkwMDk3NTIxODciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNDAiIGRvd25sb2FkX3RpbWVfbXM9IjIzNTIwIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2368.404.5553719525741325327

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x184,0x188,0x18c,0x160,0x114,0x7ffd6602ceb8,0x7ffd6602cec4,0x7ffd6602ced0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1644 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1972,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2040,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3396,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3700,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3468,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4944,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5080,i,9081509679543978001,1592168638311354759,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5592 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1796,i,10489865662321819456,5796850150975888457,131072 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1714593137479+avatar+browsertrackerid:1714592662901005+robloxLocale:en-US+gameLocale:en-US+channel:+browser:chrome+userId:2490176024+distributorType:Global+launchmode:edit+task:EditPlace+placeId:14499138401+universeId:5006053822

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

Network

Country Destination Domain Proto
GB 184.28.176.114:443 tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
GB 142.250.180.3:443 ssl.gstatic.com udp
GB 142.250.180.3:443 ssl.gstatic.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
FR 128.116.122.4:443 twostepverification.roblox.com tcp
FR 128.116.122.4:443 twostepverification.roblox.com tcp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.26:443 static.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
FR 128.116.122.4:443 twostepverification.roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
FR 128.116.122.4:443 twostepverification.roblox.com tcp
US 8.8.8.8:53 95.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 2.18.190.83:443 apis.rbxcdn.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 18.239.208.98:443 css.rbxcdn.com tcp
US 18.239.208.24:443 images.rbxcdn.com tcp
US 18.239.208.24:443 images.rbxcdn.com tcp
US 18.239.208.24:443 images.rbxcdn.com tcp
US 18.239.208.24:443 images.rbxcdn.com tcp
US 18.239.208.24:443 images.rbxcdn.com tcp
US 18.239.208.24:443 images.rbxcdn.com tcp
FR 128.116.122.4:443 assetgame.roblox.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com tcp
US 18.239.208.48:443 create.roblox.com tcp
US 18.239.208.48:443 create.roblox.com tcp
US 34.120.195.249:443 o293668.ingest.sentry.io tcp
CZ 104.64.120.140:443 clientsettingscdn.roblox.com tcp
US 18.239.208.15:443 webblox.roblox.com tcp
US 18.239.208.15:443 webblox.roblox.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
FR 128.116.122.4:443 assetgame.roblox.com udp
FR 128.116.122.4:443 assetgame.roblox.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 104.77.160.138:443 tr.rbxcdn.com tcp
GB 104.77.160.138:443 tr.rbxcdn.com tcp
GB 104.77.160.138:443 tr.rbxcdn.com tcp
GB 104.77.160.138:443 tr.rbxcdn.com tcp
GB 104.77.160.138:443 tr.rbxcdn.com tcp
GB 104.77.160.138:443 tr.rbxcdn.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
FR 128.116.122.3:443 realtime-signalr.roblox.com udp
FR 128.116.122.4:443 assetgame.roblox.com udp
FR 128.116.122.4:443 assetgame.roblox.com udp
US 34.120.195.249:443 o293668.ingest.sentry.io udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 18.239.190.57:443 doy2mn9upadnk.cloudfront.net tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 18.239.190.57:443 doy2mn9upadnk.cloudfront.net tcp
US 18.239.208.13:443 t1.rbxcdn.com tcp
US 8.8.8.8:53 13.208.239.18.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clientsettings.roblox.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 34.120.195.249:443 o293668.ingest.sentry.io udp
US 18.239.208.119:443 setup.rbxcdn.com tcp
US 18.239.208.119:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 119.208.239.18.in-addr.arpa udp
FR 128.116.122.3:443 realtime-signalr.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
US 8.8.8.8:53 webblox.roblox.com udp
US 18.239.208.20:443 webblox.roblox.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
US 8.8.8.8:53 o293668.ingest.sentry.io udp
US 34.120.195.249:443 o293668.ingest.sentry.io udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
US 8.8.8.8:53 20.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 itemconfiguration.roblox.com udp
US 8.8.8.8:53 premiumfeatures.roblox.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 t7.rbxcdn.com udp
US 18.239.208.84:443 t7.rbxcdn.com tcp
US 8.8.8.8:53 84.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 t4.rbxcdn.com udp
US 18.239.208.9:443 t4.rbxcdn.com tcp
US 8.8.8.8:53 9.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 gamejoin.roblox.com udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
N/A 127.0.0.1:51420 tcp
N/A 127.0.0.1:51424 tcp
N/A 127.0.0.1:51427 tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 18.239.208.47:443 setup.rbxcdn.com tcp
US 18.239.208.47:443 setup.rbxcdn.com tcp
US 18.239.208.47:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 134.237.211.23.in-addr.arpa udp
US 8.8.8.8:53 47.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:51430 tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.142:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
DE 23.32.242.125:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
FR 128.116.122.4:443 ephemeralcounters.api.roblox.com tcp
N/A 127.0.0.1:51779 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 125.242.32.23.in-addr.arpa udp
N/A 127.0.0.1:51788 tcp
N/A 127.0.0.1:51791 tcp
N/A 127.0.0.1:51795 tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
US 18.239.208.25:443 images.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 2.18.190.79:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 32.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
FR 128.116.122.4:443 metrics.roblox.com udp
FR 128.116.122.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 128.116.119.4:443 roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 2.18.190.82:443 apis.rbxcdn.com tcp
FR 128.116.122.4:443 metrics.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:443 dns.google udp
FR 128.116.122.4:443 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com udp
N/A 127.0.0.1:52323 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 tcp
GB 104.91.71.146:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
FR 128.116.122.4:443 users.roblox.com udp
US 8.8.8.8:443 dns.google udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
FR 128.116.122.4:443 users.roblox.com udp
FR 128.116.122.4:443 users.roblox.com udp
N/A 127.0.0.1:52431 tcp
FR 128.116.122.4:443 users.roblox.com tcp
N/A 127.0.0.1:52623 tcp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
N/A 127.0.0.1:52625 tcp
N/A 127.0.0.1:52627 tcp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
N/A 127.0.0.1:52629 tcp
N/A 127.0.0.1:52631 tcp
N/A 127.0.0.1:53904 tcp
N/A 127.0.0.1:53906 tcp
N/A 127.0.0.1:53908 tcp
FR 128.116.122.4:443 develop.roblox.com tcp
US 8.8.8.8:53 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 t7.rbxcdn.com udp
US 18.239.208.83:443 t7.rbxcdn.com tcp
US 8.8.8.8:53 83.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:53919 tcp
N/A 127.0.0.1:53922 tcp
N/A 127.0.0.1:54033 tcp
N/A 127.0.0.1:54043 tcp
N/A 127.0.0.1:54045 tcp
N/A 127.0.0.1:54064 tcp
N/A 127.0.0.1:54084 tcp
N/A 127.0.0.1:54086 tcp
N/A 127.0.0.1:54133 tcp
N/A 127.0.0.1:54135 tcp
N/A 127.0.0.1:54148 tcp
N/A 127.0.0.1:54318 tcp
N/A 127.0.0.1:54320 tcp
N/A 127.0.0.1:54322 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
US 8.8.8.8:53 gamejoin.roblox.com udp
US 8.8.8.8:53 clientsettings.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 172.217.18.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:54348 tcp
N/A 127.0.0.1:54355 tcp
N/A 127.0.0.1:54358 tcp
N/A 127.0.0.1:54361 tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:54368 tcp
N/A 127.0.0.1:54371 tcp
N/A 127.0.0.1:55643 tcp
N/A 127.0.0.1:55645 tcp
N/A 127.0.0.1:55647 tcp
N/A 127.0.0.1:55667 tcp
N/A 127.0.0.1:55672 tcp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 gamejoin.roblox.com udp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
US 8.8.8.8:53 avatar.roblox.com udp
FR 128.116.4.33:61660 udp
FR 128.116.122.4:443 avatar.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
US 18.239.208.83:443 t7.rbxcdn.com tcp
US 8.8.8.8:53 33.4.116.128.in-addr.arpa udp
US 8.8.8.8:53 132.71.91.104.in-addr.arpa udp
N/A 127.0.0.1:55678 tcp
N/A 127.0.0.1:55680 tcp
FR 128.116.122.4:443 chat.roblox.com tcp
FR 128.116.122.4:443 chat.roblox.com tcp
FR 128.116.122.4:443 chat.roblox.com tcp
US 8.8.8.8:53 assetdelivery.roblox.com udp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 18.239.208.99:443 c0.rbxcdn.com tcp
US 8.8.8.8:53 t6.rbxcdn.com udp
US 8.8.8.8:53 c3.rbxcdn.com udp
US 8.8.8.8:53 c2.rbxcdn.com udp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.126:443 c2.rbxcdn.com tcp
US 18.239.208.123:443 c3.rbxcdn.com tcp
US 8.8.8.8:53 99.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:55808 tcp
N/A 127.0.0.1:55880 tcp
N/A 127.0.0.1:55886 tcp
N/A 127.0.0.1:55888 tcp
N/A 127.0.0.1:55890 tcp
N/A 127.0.0.1:55892 tcp
N/A 127.0.0.1:55901 tcp
N/A 127.0.0.1:56067 tcp
N/A 127.0.0.1:56070 tcp
N/A 127.0.0.1:56073 tcp
N/A 127.0.0.1:56076 tcp
N/A 127.0.0.1:56092 tcp
N/A 127.0.0.1:56101 tcp
N/A 127.0.0.1:56107 tcp
N/A 127.0.0.1:56113 tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
US 8.8.8.8:53 126.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 123.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 t4.rbxcdn.com udp
US 8.8.8.8:53 t0.rbxcdn.com udp
US 8.8.8.8:53 t1.rbxcdn.com udp
US 8.8.8.8:53 t5.rbxcdn.com udp
US 18.239.208.15:443 t2.rbxcdn.com tcp
US 18.239.208.15:443 t2.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 18.239.208.13:443 t1.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
US 18.239.208.13:443 t1.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 18.239.208.15:443 t2.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
US 18.239.208.13:443 t1.rbxcdn.com tcp
US 18.239.208.99:443 t2.rbxcdn.com tcp
US 18.239.208.99:443 t2.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
N/A 127.0.0.1:56163 tcp
N/A 127.0.0.1:56165 tcp
US 8.8.8.8:53 72.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 104.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:56177 tcp
N/A 127.0.0.1:56179 tcp
N/A 127.0.0.1:56181 tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 18.239.208.99:443 t2.rbxcdn.com tcp
US 8.8.8.8:53 t3.rbxcdn.com udp
US 18.239.208.116:443 t3.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
US 18.239.208.116:443 t3.rbxcdn.com tcp
US 18.239.208.116:443 t3.rbxcdn.com tcp
US 18.239.208.99:443 t2.rbxcdn.com tcp
US 8.8.8.8:53 116.208.239.18.in-addr.arpa udp
US 18.239.208.13:443 t1.rbxcdn.com tcp
US 18.239.208.99:443 t2.rbxcdn.com tcp
US 18.239.208.99:443 t2.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.83:443 t5.rbxcdn.com tcp
US 18.239.208.83:443 t5.rbxcdn.com tcp
N/A 127.0.0.1:56218 tcp
N/A 127.0.0.1:56220 tcp
US 8.8.8.8:53 itemconfiguration.roblox.com udp
FR 128.116.122.4:443 itemconfiguration.roblox.com tcp
FR 128.116.122.4:443 itemconfiguration.roblox.com tcp
FR 128.116.122.4:443 itemconfiguration.roblox.com tcp
US 8.8.8.8:53 inventory.roblox.com udp
FR 128.116.122.4:443 inventory.roblox.com tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
N/A 127.0.0.1:56423 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:57059 tcp
N/A 127.0.0.1:57092 tcp
N/A 127.0.0.1:57094 tcp
N/A 127.0.0.1:57096 tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:57126 tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
N/A 127.0.0.1:57129 tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:57141 tcp
N/A 127.0.0.1:57144 tcp

Files

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e91ba7113b9ee73bf73cfbf795374b4f
SHA1 beef122500329c4babf0903b183e7ecc933a234a
SHA256 71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98
SHA512 7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2b4dd1474237a4dc70e20f421915ac73
SHA1 d584be2833b590e89e2de69626463c89f6637baf
SHA256 f3d1b90af58e98b943ee01c3ced5d13c6bdbc5f0c2eaeca9a204aff10c2d3b9d
SHA512 f7b5470b68bc07270f01cd0032b61e60803406bb5f1fc06093dde8fc00ea7c309a9d1c467853c7af5521adf8bacc2257649a4c65d97023357950353707f31c1e

\??\pipe\crashpad_1572_QIHIONINNXMVWMQA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bc53802fc6a2a2f00cdf7cea15fed7c5
SHA1 3eb20ff11c7f4c535a47018df3857601c84059f3
SHA256 2683c88ad3c74a749f2d6a3f9e8d79f7193ab8c0188ed0451ab4f7ccf4eb614d
SHA512 36486549367081d561598644fb11c5a203cb91d5c380c20ee64e30d669c84ef99d9f652fdb1357a35200ba616406f60bb245aed40a0fd880bd874b511a4a250c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c2f64b7bd40089a71a08253f2773a55
SHA1 ab950e118e064f73e82ac02ec5236dc0cdb78f4f
SHA256 e941871349910686abb2333a07fa8783998b59bb6c9909f6cb8fa63d074c57be
SHA512 8c97f40233400536f2a7463e1cc7c643f8ab761894eec75b59caa379f6920152ee869ee087f634c5c2825d6fe996c78fbc27857a0a07a05b7740ee2a8a78327e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1816ae8ad0310aaba831fc4904ce986
SHA1 92547c54815151c59818ae5e5b9dc837858ccbb3
SHA256 bc194caf1090f02b521f9bd21ce357ed58f2700a469eeee610613369ba9e1c33
SHA512 d30a7016c764d7b0cd3d43d9643478f1935ec8c4aa77bdbf18ddbf535a22466ff09d17aa49bf6923a0810b9e78b3192756eaa4015b9a90ea41e58754b82b56b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 fabd5cdcfa7b1107d5abbb2e52aaab6a
SHA1 6254a5ad8c4405ff320447a57d80d00c3af45e8d
SHA256 aff8dd4ddbe6e66291199565741abfed6384bdced337f113cd4e1aa6df2c5c2c
SHA512 6550ba5e9d12b91eec540d8aea4fe498b6dce5db2a926c87125f91eb731d9dee25a9f4799d0364e7edf7f9a912337dea44a9e8d7e47f6d2bcc1ced04d37663fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac14bbf068b5ebf97321102ff0787d91
SHA1 ca79d74d16724914c08f80a523603e5a9113b3d1
SHA256 deb3755fd787bfe03c437f76688173a13708a8dafa5328463ba6a2e42c599f90
SHA512 897e445dfcfea631c1e553675413976ad01476df903eef221c3c71ba6ac11a8c11e3d372456dbe3836c9d2f2654d7be0ba454500ef4b817eea5006abaa261e3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cf8d0f06f1e7f5bcd23781e2062a983
SHA1 2874eccad5a700eb207632e34543bb4384a9fb2c
SHA256 f19bfeeaa0d720f500053ed1757f953c198eeb1e13ba71429d756b5b6ba6266b
SHA512 1e3a792f08f90d167991c9be2cc133af217aefef3f40dc49d789a66db78d8207981f9866ff7b86bc3f0716419955de973bee5be145622c77ae0e7ae9fbfa9791

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93d77cab90c2154ca30d7bf21218d135
SHA1 e0e3e3c60a8364ef36d54945143a526f98758f57
SHA256 05f12c947bed6f64442d2606a1624fb2706be377eac83601f8546a187cc11b33
SHA512 b79e8ce98edbb7cd96e066c6cd05497ff224ce36a71901f60f1b924d6ed14e1e1c947d26d07a9b8e8c5ca95ac8198be4bf624fb59d8fe4d3c64f5d9cba820071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6e9e8f21876f6136ed029f968e153a6
SHA1 0c455f473c527bc7089aa8bf368c89812a350216
SHA256 8a6522d910b961797fc4861b7a80f0857fb3d50a6656bd0f7012c0fe785da694
SHA512 e83e0368083cb07e833c594dd1b7492887900701bb862a5bd1602bf28d7bb77c5086d2376a5d92f223926467f90c2639f2cb89a4b150e8bdc8940f587909a968

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8546edc4afc5eec93c0dbf6afa84d3f0
SHA1 b6cb2e5631edd1a87f194518dfa6ea0498739e14
SHA256 ff2ea8ae703b1b427815fb12e2f0ddeab8efa6075b76f27c22b65c3c2b889bfc
SHA512 5541e7cde62808d4a8a9a5efdb1e5c4834ae9d9e8a3348db63c06be0e4f0e8968359e087fd94e2c43f79fb1de346a4f704a4a19ee98139885ab353df9e263a50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9611d77959ca4a3cec65b892df246bf1
SHA1 019b286212a373cb2162e3478f4a075de5d550b9
SHA256 725782b5805786e56fc59b1feaea2073552ae45e2509c8ffbfe75808c5d3b72a
SHA512 9789ff16b60bb37a364df043af5f76d2a723b4d1c3671d1019ba8387ebd3f6e56b1b80f8444a2584a58be2cb08b99484905e42d3eaacfa544166f9a83224345a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c457db8d5998515d74962f76e6f7dac4
SHA1 261974b64b7b9977a1e995db89bbb1c9304d8102
SHA256 a91d1eeb8a8b68fdc52230b4a65d3a95599da9963df80e45fc88723b65ccc40a
SHA512 e8721562d5d485873b40c466613a3818181bc5fed2bb3af348057f9c8a32907ef42bce7519eb820007135337f59191419cc77b6d783056efad9c22552aefed0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bca03b49f63c0f8761720f68db574a11
SHA1 9ee84a8f8fc686f55a5531f142814cebd35a8c9b
SHA256 711589528820f891e4c4c88a1b2d694d49ed159906e682df494ddb30ab0ae07a
SHA512 1e7a42332a5d8995a1e316cfa7a0a185e2e4e44569dbce6cc582c1b607fa75d75ba519b02a330eb7032312de011278f9a9b28156afd26764c160f73d9d3abf50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c21c9136-b85d-4f7d-9352-4606c33571d2.tmp

MD5 f73cb0d8a3bc42b7a03be0ac12756f76
SHA1 bd2f19a2c62867409370700d9d8bb679eabc238c
SHA256 7a1ccda4a2f0cc0706ebbd1b5a5181db5502132e83f921fa79e54b4666a7150f
SHA512 8d67a42d5ae25ccf343cb5498b60223692a74f002d8f3a9afbf216cb5272dc7d5a5e5d21383759599ac3aeb52c31794d34987ecf77bac7f9a8b6d2d2c7801be5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 15048ee57e7afd49a0133eb275b0aebd
SHA1 61bc0ce35a0e141f48fa8af85744b209d5789c6c
SHA256 5355e81f13d667764d1cde1ec9bc5ef3d00aa4f84eee80c3acfbeba0eaa7ceef
SHA512 32d29dae89844e70001e6568dd8ca3de9740c6164e53ec942144df7650d59863d466bd7e6dabbd21622c22b1f71e9c1b1840b3a186dabeb15fe0650844064096

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df7718c455d64e965550f98c84981f77
SHA1 449c05aa1b93cb5d4a863d8fcef3dd9d163084a5
SHA256 e84334bad07f0913c07f64dff013814bdcf1619297a9448382e070e4cb679561
SHA512 25394b7d21d3a8a953b96e94401eb0217831c3b49aee58c856c0738da0447a498969d4f2f60dd62a33aca403c5969b0aca49eccdf75a74bf4ef9bbcba60852f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1854e42dd14009ac703dd655c11e95c6
SHA1 bce5b2b94edc6675779cbaacd9462bf003669ebc
SHA256 eda8edcfd85e217ffefb34c89b08e89c4b78a9baa16f8a3d77fd6dd56e094aa4
SHA512 dbab1a8735dabe3393fb326a5ecaf64a429c69f8ba2e120ec3dd9d199b0f993c1c53e6e7495f88da07e42e54e351b1bde10b6277309549db49b8f42416374563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5907d6.TMP

MD5 fc5194ae1eab6f7490cd905016f72c8f
SHA1 63c9caf93da91144fa64145adf0ad1baa3b5e8c7
SHA256 eb4615ed6dd76d5830168cde839d36b430007c4e686e9bce111f66c46c3f6420
SHA512 f8613a3780309596f42751e3a27607a0cae61d1a4ccb9f5860e240923988f4150cdbddb1d95faf8958361291dc8f649fa622cf8c3cec5e53f675d8df23f75384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9406961ba9311ebd1c316ed77adc16a
SHA1 0d41a59a857ebfaca26082e472a324ae15f94aee
SHA256 cd6ac919d339864b26a67626bf388b03aa60368d1ed684477130c6f8f4661436
SHA512 9306c52afb1510e941c49590be6967a2c7ccf15425e38ffb6b9b64932580e36ef06687af6072686f2611beb2982044deed0d1fb134c67e9926e0abd7d1370436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 508491e1276d7484c4f9e44e4502bbe3
SHA1 e823f470e53201bae52be2a863a0d2f66742d85e
SHA256 92c49633391804f09679320d0999381201fa1c334fd0585a90b1424dd6720208
SHA512 0f9b71bf1312c4a8000900a8a39a7fabe242268e2b6962e52c48b63141162266100e35258a8f10772b7a54a51b4c0fa5cc0cf803f50b32f7b10f27a3beec2ed2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 793b639f0483074bf878fcf19c131678
SHA1 b1a2ef0fd4d7944a9519e54e3201a05c62c90415
SHA256 b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869
SHA512 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6585bde066dc1bbcceeda9ff7ccae8a5
SHA1 da3dbce2388513627b15e2408ac0e1c26e44702c
SHA256 c5e0ba8c80245cad53daf52551a03ade581d5abf0851d9e4ee674bd887d7bd15
SHA512 40539a3445a2f6194f2851d22a2133ec8686d46da511b4d2ec4307bf098735d1e78585d944b46f9ebb4b3072f6be9307c75bb2993c82e1c3e3071d3a52d15d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09603ff26d03527cef18ba7ddf5a347c
SHA1 ffcb724b2750600e08db382dba200dd35014eefc
SHA256 8fc0123f61d76ab117a89a53b74c9425a71272927c4e937bb730560311059089
SHA512 6fdd628e47584166c48c47ebe6c586016f193a12be295a634b8b3476b9c5e5097691f01f690ba6cbdfa13dd7fb8d37ffc8a0c8e9c6ea5fa8aa6c219312b804e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 76683753cbaa49abb0a0aba804f024cf
SHA1 4514ac5766f01b21022bde839e2995dc0dd8b3d5
SHA256 1a5c38f5a3ddead04a2819c12db5920e6f4111a8cba7eface7e5a979e94fbed5
SHA512 ee4a6dbf41090799da181aa32cf3c427ea9218eecded7ed82bd39776f36bb46133a623dbac4ab88f099a70165af3cdf7550963aa3dff6eb54d79f07394e9e0cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 471b1b5cd75e055f00b29d4f2213e089
SHA1 c29902c53124ff01159752a05482cc6c9a082fb9
SHA256 6c600eb07cde9af41c06efa9d13a03e59ad5bc4f1dc770f862dcc997c79eb29b
SHA512 3dbf59331120087bc5995c65d030c54012d62072250bead24d19e15289fc5254857b26922c46d442849e28483f06112b1094dca684d0e7803808d7510392201f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e2e38325e039c999915e7adf9ffa642e
SHA1 ed32471ed35148ce8cc9b1f37b0725faef6870e0
SHA256 720b7a24b1c0a305385cb76418aeb3eaafffa08def4e5a90b1d694bf7e3cce4f
SHA512 1ff44054f8d2165197c9c22694a2b9e9dca7634ab3f4d252f0e69dd21590dc7159516afe221a492cfc01aa63752c0d9be5349cbab1f3365fcb28ec37660c6f02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc192cada7ffa1513bcb54d9bfb0c6b4
SHA1 326eb879f39eab96bac7e65baebff1da00471148
SHA256 43e1bfb2af62912f8c8065881b94276ee11a89c3a9cdf95f4308b368ed1979b1
SHA512 3e4fb17e1f1fe6d820af6ec56c9b0163132dc22a8467ccd413398fd31b299566c42c0e05f9149ab2a6b7ab2975d9d970aac36e09a138b31dfdb350ac039d6ef9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe59d3b1.TMP

MD5 b512fef3ae2a49e3666c9de647b4b032
SHA1 88aed2549c6c5f26e8db889c95ff41502c53b25b
SHA256 2a332e2b8a9ef43b52416bb95946594f1ff8a8b94e5a3ae1594eab84fcb9043f
SHA512 a3042002e77ae720d0ff7b8e16704b9cc84296f8e04787505e5ed340f24d1846385e9f559c064d931793bc9c3710430cab67378bfd308a42a53f55de48ea65ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 7de76b3005daefc567aaefab57450838
SHA1 22743349b63c0e9ddcacd0334d56119c0984c5be
SHA256 82542d403a55474f0716b9a6e0f439450c029d9e589aeb47ebefc681b7d839d4
SHA512 1de84aa7c30337cce3d3ff0aa97e32274c240e69e21fc3d456f1c6e222a1a38c907d0aab1b97c5208f130e9c360d8416f4355f977bc9b672714ddfa0e6dc05ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 652fa3fc1cdfcfecfd66df3dc9c7d638
SHA1 228eaaf4e02b9c4bcc3fefaa3135a9660fe32000
SHA256 d161b2814c7a9016bcc34c5b890dd21ac948a4d5902be092e3490a1594be2965
SHA512 eb5ebd07520ebee068bbd42f3ab99ce31d745c35aff9a2e096369bea34a5b91e63955b9a22391a26fed5b964270af8b9ee507442122f4a0a8edf96ce18f5da44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ae96652f52385b109932a361b87c0b9
SHA1 30b114c9f0bba961db9883d6641c1cfa93d89b2c
SHA256 2192ed99cba3e6aaa6aef98d54f2f2cdcdfabcb4a9498e121bc88ecdd673c06d
SHA512 c07ba0e55ebcdadbcf9c748bc277e5cc71fc600c9f65a0c2bbca482a70596538a28ae951d108a37100e513981bfd2e48894471162bc2c53af0705d653e8ef5ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db1362746191c90f0ef01e3aadd33ede
SHA1 d07d6578b22228dbc44b61c8a2fe763a92bd23cb
SHA256 2af12d33c5a25da3ae789d2adf4bdedea8841094e247837b74a75f54cad5d1d0
SHA512 b9a50a7808fbec1e48b8abd841f896abe30cc995cc787d33715572aed7f6bb6d09163ea0b0341c580a8730c36bf91bb8c44ff220581c92be851f718c19723c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 14f42866d539fd4f1f0f38691a536722
SHA1 99807b35920894fdfd20a4aaa05f7ed33c777047
SHA256 f845677d14a22aeb2cb88342aaccaa29174ad1766136991b8ce08421c2ad1294
SHA512 cb8dde1656c2efd8e619713f4b00da5955f3b10166678efb2e9c4bdf8c9f59ed9e17efe54b166159f1322f16ad4caf292994714a08eb33177028b96e7655d8e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d2bc0527560218ab1318fe38eae3d3ed
SHA1 f96603588e99f30611a6a31c47778988dcfa313a
SHA256 769338fbf84da6d1b5b839c7ca6d57fd82175161f99ba164c024eb006bce75cb
SHA512 3af410e44b858997561af32473ad87ef17c6aad967eda59a39c13367f4c7998fef480f50e62eb6c68d6f3565768858ca302e9d8b8a10b69e3dfb50d38e046b97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 035433b71fd54a077c64896b079c7158
SHA1 f482a995f8a4f7ea5750adc4dcc3d7728ea59973
SHA256 14501af0164cd704b87fccb028acc1334f6247cb46652de0e25571fa5a51e596
SHA512 d720b485c2debbd75b162006056bff8ec3184fa8a7a1ee93ba2d0c0d504671e7ad9e0e18992fbbe806c50a2e4eb8a21c84e2f3de3222c346c35c6b8cea91fd1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d3e4db3c7ebde64b0ea7a623d3c09a8c
SHA1 24b3cd1c0b3f4f02975fac92e5f6050f5d4c0937
SHA256 569e048e6b2c17b1f3676acdaa3fbe9522a88a30249c940b4e7156701e4fa5e4
SHA512 cac4848cbf3b7a08e3742c72f320cf1005032aaefc1c9f93062adbf34252cf2bd5b0081ae80dca924dfcd027954651983a7da2efb098d532d74526f21fec3bd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b8d026a3acab3c4b6b24f45f59823058
SHA1 62f04944e4ad87a4c2d976d1def523e549dd50aa
SHA256 670ca8e332fae14bb00fa90b279f4a966616c24e3bd232453d3498d7271192f3
SHA512 72990b10958aa9a34f39958af589a8b5865d615c34bd82d7f55914464117f1398e61329e67ae70b96c70aeb73778f59889deb976826d4078f7d5e9e1545b9f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce3d332570ecd170f0858158f00aaa7c
SHA1 b6bd27239404abc0e3e525a823e5d35ca4924ee2
SHA256 cb7d5bb9df03323878034fdcedb13e7409432024c2c7975dc725851da4aebf3a
SHA512 96b00b240267b8fe2d4706cd670af3a60207e80f6131ccfb76ab222dac0162b58c55a89d2fa8b66cb87afa06f2a68e678661488e15f361e9de95d5da363e5c30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1811957434639b4d53d9821a7556dc21
SHA1 b7e7645996d69f1f1a476efdca26d50c70672e2e
SHA256 91e25082019eac4ce883feaab69c1931e2a9e35e573cc76b40ea34bd7945d3c4
SHA512 1ee3ccb1b0ae838fe5ab7042d7131a141322855789e050d79310a5810fa69e40f194355a4372dc53afa7128e97fcfb7462595d807e846cabed103145243c60ab

C:\Users\Admin\Downloads\Unconfirmed 675361.crdownload

MD5 e284a7bdf53b953d5514c6abe985ed60
SHA1 91655419b0e29b53bebbd102127056f396af6bb0
SHA256 de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e
SHA512 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7dc245a1d73925553d81e9ac31d008bc
SHA1 89e51bffbb86d2b09a3d73bbfcfce885ad3706d8
SHA256 c0b4346f5326c9bc601f29945f723e3b43511f198e865a6723c22e0c317a4a35
SHA512 7789dabcd5766ed4edb2f44d1048a255ec479932182461c07b11316b0db53a2d095a144cdc979c8c015ba0d14cc1238347d18bd9dd6fc99dc581e3bc8d82236e

C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 223d0ab8a2df8cfc07c68649a5103f4e
SHA1 fe48cb11aba6c1bc964038e8992b4768d9a78d00
SHA256 ee88384c2ff1be69b64f0e73a4535c72915d394e5e9fc875fe272984a75f08c8
SHA512 03484ac1f2b3b380724091c0bc1ec5d5952bd98f0cae402dceba7794e4834093c406af068e585acc9125b7f857975c4bd6a1a11208661dbf5accc56afb965f1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2c9a240c16699f6f11b65006aba5cc65
SHA1 81639efbecc4da9045c806414d8c5194e4a19c0c
SHA256 6c8e5deb3e5b0187c72532bae8c80625827e447e1d072dd9c89c7687094de90c
SHA512 e171c300ea08a68088f3329b5fd8ea7c2d56545547b55020bbc9e427c8cc92a8ccdc7b784db08e11f9e61af6ac48be869ef0fffb67c1af97a0e9d8224eb98fb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5b6356be36d85237e772d65b2c1bdcee
SHA1 4f6fba9ea254b0a2ff0e52b2152eec5eca171dff
SHA256 275f7b726982efa0ac2ca536937774284659c0041d69989045d72b66f41443cb
SHA512 4afbcd5367f8e7af261a030627426beb09d7a90c100562042eb21c922d1a94dff5848a0e70748f7210788c4b23b3b67dccd5b9bf9efcd784807b2faf6e707f8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2ec18f244701f9ecb984334ed65f7ba5
SHA1 d8777cbd0903f532bd580c3b9e87aebb54f3e540
SHA256 170cf53549c346c1709057188f2068addec64c51984920eb5a19a7b52fb70f9a
SHA512 313a196049b1f905ed4ddd832c8fb04725d59fdde9176c82891534a0e5fa005c6263baedbb8acfeb69a2271ba60b33ed667d22800bbfda53ed292cf2ebc17935

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 273bdd58e20b3653bf86d24d45dfcf18
SHA1 4febb5f491ad6199d6c250fbc4a88c9188961fc7
SHA256 38fd0c7811a16bff13b6f30ad4782c94ce4dad3db83697766b1e7d4698c42533
SHA512 c255a83be18baf2aca7456b48ca3bcea2b79be2c2c764a259d43a234ce4c67acb0b37af2e5884b95affd2fc70e632e5ee34926d0f47b5449ceff0a34a62c4c50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 f118ccf634b98f8441e9c134a9617ec0
SHA1 e80e1e7907e14c86c2441355f1982538cab98b0f
SHA256 e21c862a76ebe37ddc88542d4b9109a249bd79477f4647da29569a2028675e79
SHA512 cda9a79811d059a405b52f9aa60ac21949ef8a510824fbab8008c738ce770d225abfe0c2b4391bc8bcb9d125396972bfac6dd9c9284383440d37e3485bdb318f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 d8b1ac4748ee8e1e706aa1d1cef322ec
SHA1 8991e7db3c373bc2a9543abde941846e3f4151a4
SHA256 3dcfa509cb799df45fde01850c662abad137fdfc3e323cca551479b810887d6b
SHA512 95b1eb087a4af6a3544d646a4dc322989ed17409ae07068966169d2bc065407b68891b090175b59d6c90330a3615a466d2b6be55edaef6a916490f721fa23387

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

MD5 9c7ef531a7b8d7d644d2c81b53f3617f
SHA1 ab47bc7eedaf050352050053a6fe6c0b21dc3aef
SHA256 f7e9958aecacb7d273f6175a903887f209770c18c53f04c00f4a58a3696b2822
SHA512 232f0398f805b20121fa07e2e1af27c2139891d7846785d5dfdc2025b985b44b7d652c80bd25ce60c53ac0d1a9c55f0079efa6f811a82fbeb990a60dc71590ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 7235e4613a85a7ab660d2cdc4259e20f
SHA1 36dba6f57ce9f820fa17335f03ae36c35e23e7c7
SHA256 ebeff062fc4fc06902c0febe6f87acc205f4078d9b810ff93fd92b85c407fb22
SHA512 1b6fb540a494bfac5856da0f306c60f87e28e64ca8dd178c7b799d2142fff71ec076398b9e91cac26cc9d84dfe6f2664468fbbf4dc29a6f51558d2cbb32d279e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

MD5 3618d846f630a40b26ccb3b1c0be46aa
SHA1 a60526e2a44638f9f20454bfcbc151709299ea63
SHA256 c29db5d5e18917d72f8bb8d19391ac76f053f5a722ce755b0a5e6cc8ab4c3026
SHA512 4cab2f037ecdf010c0cfa81f817a73620a8054dcfc3e1e92eab46502d89ec8ac973af74322e50cd74efab5062afaf64d696b01004d7e4f8ae5453301d9cc52c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

MD5 8790d421354bb7771a8929b6db718a3c
SHA1 14091d88f1d36dcb3ccfc9ef3684126921565768
SHA256 a8e41ea4214c5f8b8d572c468b00cf2368c29429f8aa81757787a7801c5551e1
SHA512 77a9e43626a2a5bf267f08dad5acbb5f3e2a0dc1aeec22d2d365bf850a66e5b491f63010257d5ace615288421c898159d01ff0e0ece1f984b8c47910191805e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

MD5 0d21e203bbef801fec11d9816c9e2884
SHA1 6e9c3a72a6cfbd4a3320304b5afa7a65e4f704c2
SHA256 1550c6a1e26787750a7e7049e1f7d42662e080119a704b1d0d0ed22df55f535c
SHA512 09b22c645f2a0cb64a139429f718547c4f741af6b30adef41b872ad8710bf9d4d67a7fa6583c834f16d20781320940c5b1bca0c25da71c5e89cad6dabe9ec5bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

MD5 cd9c3bdf6d468a4c3661380daf942e02
SHA1 97e8b56135e79f00d6e8493efa4574420673f99b
SHA256 809ff7cb6466ca6a86cd4cd2641cd69c9b30ff5039aa3847c321fda05c3ed879
SHA512 880ba6531c2d7a866e8a0fd84566268f69cd03e24f00fdd9130f80266061fdd0de934c53ebe191ea581483b2797719f0a9f6ab62dc9f824b450c34ea8afee133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

MD5 1516686d2988c0dc2ab8198a39b74780
SHA1 9706f958733e370b6019dd02a3d34b102906b205
SHA256 486433d9925cade9dca858a4ab3ee4d0970f34ec7a68ca68ddff1ac59569a442
SHA512 a3a69e0c79d6a878bfcb095e5f9db6006bc5a57e619ea230f2ee1f4e4fb0417e3ef3d130b8f1a45b0f3ae7afa35f43a135e2e52671f4b02cded9b24edddc6fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

MD5 474f2e4e1b8886b827d498c2e34879ac
SHA1 caee67e3c63f928b85e99c31bb9428580e20dac0
SHA256 8a3a1abe743a7f2058f718b02bf7e242d2d447269ad66c27a79af235b2bf6798
SHA512 f4cc0ad4bd286c5153d68853fe381111172b1c1aad04b91eb63b2b5b284514a2150879600b8781a16b346f71e96b1f040d47565a5feaf94fab11ce9a07befcf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 dfa90e7dd6d9a1941cea629d2f821dec
SHA1 fa7c71c8e2884cdbc177e650d8c4db93ba663b8c
SHA256 300231d0eff5c31fbc13ebe40c60775c617abde6366ac52f8af7329184eeba54
SHA512 29f7f9921d06af70c7d7c990ed4877726c45f3a78756badadb4c9610e5aaf5271e9aca11017139d5a7c6c3aee0eb01a6980c210fd37c864a121a2864ba954c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 12dd54c925bba66fdc3dba47e65d8181
SHA1 711dd3c37f55fbb7d9353a135e15d1e413c1d844
SHA256 debca6d9d73ff5841ec14038c43d26ef045af354f278949e9a95a8cd86ac98f3
SHA512 b636b983b7e043f52ed2e4c7c14433782e3b2a18bfc89283a721320c05e7ce29dffb4e2c65877ca31157090d7762a02aaa20244b21b5b7c43b5b30260f26f979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 547904377f2ac9e6842898ed45eb075b
SHA1 3e7d1b5ec6c4c251ba5dcd1fc3bef1c1cfe01744
SHA256 362b2f41d8ddfb546263392e5b30def94a003103a714a8637d48d2c1a046f563
SHA512 b8ca1d68d5bfdc9715ea7beba6e7a47a295f72f6410905c63c5b6a14a52e3cade0745c7ab067cf245b27803f4bcb418a75253c86427fc67af9da6491091de218

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bef4cd5f2149462a6ecdb54f0c32e4d7
SHA1 0834fcbbcccd3730a61e0b09041b2382a0ca5c88
SHA256 bea5a0fe371a720fc67c6f0f4ecea286d3861465b4e0895b51ac2c8d4235ade0
SHA512 d6b7280e7612f1808b08950a11e4f6220238ea5608fb240af26d231f90c539cfc8b5ed5720c12f14124592844b5f6d012bdf7256fe3fe4cb37ecac98292560b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9c787feb55b1807166648be8c35e2861
SHA1 05ff55ed287b6fc22adb60049ae688c92e6fd865
SHA256 af6e581c549d12e09618b39118a5339c75823997e47e7abb26631f509e58bbd6
SHA512 857b7dce0ac592373c106b1b39853b13332c93e15464b87b306d13bd076884e95822cd2772652e9e09d5d8acb609155b6af86cf994856c6ce013a8d908d1153d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56ee210944e4b1ae649a4a15539dbfa0
SHA1 a93987b8dfa86bfecffd6465fd60d06a432d695b
SHA256 18376f8d477da0b6ce8e4f3662d01cb026fd9e003f37d451087ed015b8d6d78e
SHA512 383bf50a6613fa6da2770b842d315f2f4c41993232a7233bde561b06c20d614be0f6ee3783c6ef979dfb84133dd7ee4f5527bbe3a1c7ed73a790813a029944b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bec6a91e03e2bcf0639a06b04089b71b
SHA1 95221784d80363ed0d3e3f7a32b76d9c6c1c955d
SHA256 62c6434eb19843facfe46fb4ef8803439547c1a0ff3ffc34ea2044be171cbee1
SHA512 caa583fc9ff736d5896e7691ebbcdddd6b1ebd2b8149602790d9181c32395834d006ee8ccf5ead9e82adc623db48127295c99ff85d429b666dfbf1cedb900cf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 02dc1859d2c7698b228df5102f90a301
SHA1 9f41aeeb3e07c061196ced5cf2abb5db71c9b0c1
SHA256 db954efd5b2699816991c0f5f6d14ca5ce8d2e297322c248a10669f8553c6dcf
SHA512 0664a9761cd50d04b0c6168512a6200eb3667716b3d24dd983edde6d38229b20003d0639687726e0e9d64b1702f74e36f25f3c9c88a21ca39de73adc3866b868

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 23041910d63a0fe31ee31f41767d2b82
SHA1 dc9a2e9f4d279001b6b17d503c77006c415d5c84
SHA256 dec2c2133a0128241c943a2ddbf9de246538c6123266fdd41673ca25a84068d7
SHA512 04da761ba67806c749f0f39f5efeb88e2b2f88ff50243e77c722bd8e4b6deca641b5981b4f9695bbf97eef9833696c386b9b09ab0caf28a8105e3aa04225b00a

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU533.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

memory/2204-1851-0x0000000000500000-0x0000000000535000-memory.dmp

memory/2204-1852-0x00000000738A0000-0x0000000073AB0000-memory.dmp

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 ca8e6840d99b0b5eec8943d3bf39f37e
SHA1 9a801ae1ddb28f07384a47c9c32497f41f262868
SHA256 f88f756ceafc6dfa1b5dfa532e82f53c4ff0a37e41ba6b46798832561f70d5c2
SHA512 40675ae8bd26971c77a8637760c1337d46f811a6342005f55ae7c4a1b230d9f2e0280e30ff13de80582b1ea7642495ffdfe83e80b1d27afb3328ad70fa6a2ddb

memory/2204-1880-0x00000000738A0000-0x0000000073AB0000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

memory/2204-1913-0x0000000000500000-0x0000000000535000-memory.dmp

memory/2368-1918-0x00007FFD690A0000-0x00007FFD694A2000-memory.dmp

memory/2368-1919-0x00007FFD68390000-0x00007FFD688DC000-memory.dmp

memory/2368-1921-0x00007FFD690A0000-0x00007FFD694A2000-memory.dmp

memory/2368-1920-0x00007FF628AF0000-0x00007FF629AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 426222ba37a49ad0c694f65d50c07f46
SHA1 5a3edab589e1af5da827aea0cbf2ae56cea0add4
SHA256 bdb18ce3049f3e2092ad8fcc836debd7294eb723de056f0023c8d496aae8c5bd
SHA512 a78fcb3376683016f4f95573fb354457461cb1b2b486d4eb186354049172d0922e4ab1b14d11b44d4eca25982904a2fbb3c3c796acfa3227be937e64aa039788

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 d224ce8ac535163af1971f784f0b5b01
SHA1 3d7fdb0c4d187450c1397751c825c476c0e73cd6
SHA256 656253d4c05acaa5336e2a240d3989f0f21db4e01cd9cf0e040aadeefd77e661
SHA512 dce861fd36d834b88907f5836da0bb46e824c569ddf4b308fdd59def6e7b186b2bf99e3b9d93d7329e8203b18061fb8f2d10131ad39e196e826a2d462b05039b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5e30d2.TMP

MD5 ec826b9a8b6fb180ec7f7cf56d7dbb22
SHA1 f174fddef83ca09145639481132dbfaf36e53538
SHA256 360f59ada4c27ec8461fd031f0a32f6f3a8451e21122ee961ca196f9871ac973
SHA512 8cd0f6443bdac54385152c6470b8ff4d0f847ba3df137ff91d2ec55c1a4a6e6b1247c78ccb80098614fa8293fbe91a66a49086ad85b18e3ff3302607daf02797

memory/4724-1952-0x00007FFD8BF30000-0x00007FFD8BF31000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

MD5 880d0199458cef52ffff20eba9524a14
SHA1 fee8d2574a102632ba6b282f2cb0c8ec9baa84f3
SHA256 94c17a444b475db995b7f65e345f903f54ef6f3fa42c1c1f644033abc33ee71c
SHA512 2139c1e104ee6c453481cbfd3f43f27124657a9dc991befba165a952e85d1f149348d6bb32a7c44e7947501dee1f2ad81164f6d67216830b888c2e294b8577d4

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

memory/736-2028-0x00007FFD8BF30000-0x00007FFD8BF31000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000c

MD5 6eafc48312528e2515d622428b6b95cc
SHA1 8c21c748004366757a93c587668ab55cb6a4bdf0
SHA256 dee6942321440ad24c989d45fd96bf0c0c11e63e04357af2128118eb75eb887b
SHA512 c501160df9b93014d510cd22060704b434fac4c6ba242d3e625e1bb6e838aca31889197e74fd4d082f4333147ec18197b2a31619d55d37c9157ec275621ee64a

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000019

MD5 0acd8ff34f3a5c177d02e9011ee74eb3
SHA1 7985774d3676c27586c71bbf28b1f53598951a05
SHA256 ecc55e4682a2b83956e183e86dc4d475e91bf192ea71faab52a8ed8cde83a3a3
SHA512 bd5402b5214bbe9e499ec5cd9c6933592e1d3599ee80f72fd2ce2076fcd50dbc355cf3d58e923ae2400d09742768bbe9086c7cebc8d2560e741726bb37374ac2

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001b

MD5 66d562e3299ee732a53db150038c026e
SHA1 f514a9e346cd443d196c1bc401f078a9fa147323
SHA256 252d971616775193836fe6c0c057edc13c511ed2bdbdb61fbe3c4567a3a8e530
SHA512 ee24be2709cb98ccbde710654eb1ba533e432819caa8c6bf1fedfeceec452fa3c5f3b2402efc06e75d59e55b6e7beaa71f88bd049fad8e17449c0fde217a6468

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001a

MD5 38e00f7de6f417aa3a458560a15e2b8a
SHA1 b451a3a2ab0b04170804d6cf823c6465f33f6f44
SHA256 cafe3fe334035fb21ebef6484cfbe1efa85c46f02113c57f8047c875fb9928c5
SHA512 659f0a9a53e98b2e5dd3256c55b96e5cff82f6b323edd5f92f8eb9897e1376329454734c6c799963ae392833d948eac84fb9b483a5a099c9ab942990a18e7f91

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 d5a593cf86e6623baf3abbc9cf2191a2
SHA1 f815b271c19cd9bb3cc1080ffc811067a59195c8
SHA256 297abafdd42b36abc65fc5f87aa5d0cd973aeb62e7ef753c37d5d5f5d25b23d4
SHA512 c2f6dbfeb50f058ce3458403ce164461ae5e63a11a8fef3589e2b565d9ed5a1976db32b3869b58f082def5e94dcffcb4daf89c88f08ddab4eb0f08f1d17530fb

memory/4724-2318-0x00000224C0EC0000-0x00000224C0FAA000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 2867b59b55d97ddf0a70c9b64f3eb2e4
SHA1 488f4b7a0b969bd24d4e0b5981a0bb21a3eda57a
SHA256 d245b346c564fd32e0f01a9a1ae0cfdd08e45437be318aac513a6e8728df3d5a
SHA512 cb8d3542f4042cb4ce1a39b32dd641317932f9c7451a82ae707d9f2997c65a73ad3874bff21a2afc83957cffafb4133fe714c0c6483c7ce6d1aa6aa68f54d73a

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5e853b.TMP

MD5 3c67858a866d778714a305a476c4f7d9
SHA1 885b71892e242862c244f27f1fdb3e5556edbfc8
SHA256 f685419e101d106a24e702386e3c03885949145a5dcea54bc2de18c77e398675
SHA512 9ae187b638b42a7098cc72f0e47fbccb36023a64d6450a65a9425b576fde3922f597578c961bee237c3c41445e6f6b3d30e1b876ab3972ae237742783b05bee6

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5e86f1.TMP

MD5 e3b13c31d6654c3a40e0a6605d7ae5d7
SHA1 81c50b7d54a6f76049d91997bd95dfdaf64c137d
SHA256 a365943c88d3caae9335d4b326166185473a528c2e8156313c937f22d5f4db28
SHA512 ffe225920862de215420ffd8889c65eb5ad10e95be6c2b1d6191a2b3b9306bb26989666dc05bd4e40b4919ae11354c3c6f1e212d4bc91420aae9d44416785004

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 1e9695db58d6b8a3433f679c2b42f2ca
SHA1 3daf388b5fe4de31c0b37db9cf7371d0adf04d41
SHA256 ae309eb32dbf0329e1afc55c2d423999f881bdf441ac9feb6dee286122f05ac4
SHA512 5b3ba1694523a5f3f445d3cc4018461ef4be3ebadf7a8159d035aeb9efe876e1879f48c9609d95619515618924c18252b514907cdf4fcd0917356bd146b2ebea

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 c887104b7bb0a15015003a01ccfee39b
SHA1 6a9f773be28462d4477837238750f3f107275a28
SHA256 a161be3085eb15e05744ad46cb6c5321e7f5596c41ec6ba27636b61fff93c653
SHA512 03af0d9dc8137bf352d4cd4a7f4745b99312b4ea0c827f705817065700cd4538ffaf3fa73f3707c14fac603424eb12817df1774a6654a7ce3492a22af332c767

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe5eb89f.TMP

MD5 af4aa3968b9513985c51be8c527ea7a4
SHA1 ec992cb4944680a685959e7fd193ee09b652c829
SHA256 e691abed221c8547a41770b82e375e8e25a0a4f30fba283dbf776027e32052fe
SHA512 1dfcd288dacb9412785dc21220bf57e2eedf0f2c8ea46d11a3b2d14c94d06c7014d569968455a5c32cfcd5315ade77ca1bb8e61a59669961b1af60b1378bc216

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001d

MD5 3c102ace52ea35b16da4383819acfa38
SHA1 91a9953eeaf4ed11a424ea57bd3c2dfaa686c948
SHA256 eb447eecadbf640fa5e062754192cd7c2b60b4d37c621320ca3eb7ab25b0c3ca
SHA512 1fc15585854512f6b5652719b8443c3e421eb88699035f18a6e13de5528b72d858e5bde40b9c2863effb3c9cd570197fc718d0c2a61b334ef5133efabd050a95

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 47a509edcf60311a33dae7b4306b64a8
SHA1 05f31220a28fc3e0c886ad7ed99f9f796329bef5
SHA256 a07caf35673d820c7363bf67fd9427988cf2c4699ae81ca672671697c12b5a75
SHA512 198493566619f4ec86179e96668b959ec4f740085cce7bedd5f2df24ce5042189ec0bacd935151cd2974c1e6c9c03007b2ca32d74e6bd1270de3d64fc3c3e123

memory/5820-2425-0x00007FFD8AB70000-0x00007FFD8AB71000-memory.dmp

memory/5820-2424-0x00007FFD8AA50000-0x00007FFD8AA51000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\keys.json

MD5 af8fcadd95b5f42bdb56962938f7d078
SHA1 2713e1da42c96163d18f84ee662b8b61a1e56d35
SHA256 142c07267a3e13f64862d83748ff110704354d3facc3b60743602fc47e651ab3
SHA512 a45d792cb98509a1ec7e87e8371f6dd16b7c12b167f62ab68af43f7f3c3d2e5f5890a9556826dc80565adc2db20f7f06eeb3f12cef797ed2d1b132bd6c304d28

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_1435965587\manifest.json

MD5 b2ac91ca2bec034d1a335f9e2f574526
SHA1 ae9d2be2c07bfe84fea807d18a235609ac5cae8e
SHA256 dfa347c4668c5d16a7d946e9330f08d3551a89dea06e53e1cf24bcf3510ea40e
SHA512 ff3dd90c1dc9b10754f54c5c54fff2a6877f00fda09f47e07ab05bcaa40a8d3e960a3654b1cad498cd233c0c09d44d686b523b882a385525b60040d708e88b44

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

MD5 280b3e086f12efe40d1a54192949cacd
SHA1 5d2255eb959c14785d6c06b485513d6a8280f11e
SHA256 f97a9c8f31004f37391b1b500d1f359ecd22208a9728ab6db18e410e91b58258
SHA512 8328d29fa635ff51d3da7db45d768bf012a8a7b30fef5ad64f2af2f6e3779aff6ecd5e2453c4e482e5682ba2acce330729fa45a5f967981203637a44a623efc5

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5f4474.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1396_2030064083\manifest.json

MD5 55cf847309615667a4165f3796268958
SHA1 097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA256 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA512 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 386351c532fc78075353642e017aa1a1
SHA1 b86d1c850c9a9ba8a2ea1e7d6c2f189d59b7a7c9
SHA256 3796d5ccd4d373d3eafb2898c3c1502f65974a43eb72b68dab82e7d74b0ab057
SHA512 66b0573e6a7350bda57327d88f06a03af69ef7ecb721c79580edae299cac8a83f8cae4a376305ece1e6217519e61ae5f544d65395722b6b39acfe37c69b601ef

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 3c1e2b6ca29e48341bc30bc55b314b52
SHA1 e991a687499786716923da1d085a464eab0c6806
SHA256 0df269c2c8516ee0693565d526a293aca6c83b8ac737ac169c07e5affdb6a053
SHA512 00d6a49a86162d75ff6b2514730c45a112ec57c090c6b7ded7609d9c5e9a8c236e698ee707157eb2bc21efb89f4862b46c0bd74551de6c7a975700c2399dff40

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 6efda8f3d2db43659dbebdf96fac9c25
SHA1 bd5fe80c52feb15ecd4899ade0da8e475630a8c7
SHA256 8e833ad4ae0bd39fe364ebc66c05934f5aadc61b79c97404ca1547550cf74f19
SHA512 775d96cfbad25fc6a12f06239c9ec234d1b67a4d8317b8675f17f0cb682220f888b7c3c23a9e4d6216b1568a5dc51351da2e467d39853040a04a9e209b1ea999

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 c99c0c440acf559b3f833b9a4e9cf711
SHA1 212ea0a36def472912445246ed3b2f32e20de09a
SHA256 af89647535f2718066112771c782b4b577e6adcb04e2845da6e9c1bfd2358eb3
SHA512 767c654cd0d619c147c55abf3b289d13e916f38412149986178d3ad9239fb81ae99b459e4f1c579f3a0fa6c396e0b02e98a87cca9fbd1d23bf0fdb3cbf9378a1

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

MD5 fc76827d1d3cd515a5066b3dde98d1f4
SHA1 0d476bb815abf98276ceba186fe9de0b31133875
SHA256 09fa4aeec9d2150e6eea61f8666107b9985544a8efd2aa829e5c02767160c1cb
SHA512 ad499275c3933300382e87767e7587e68bde74e725bc072e5e007990ece0fa0aa5f9539f19e3b51758e66aa9cf8b870fb8b3c3d363c1c3aa52c8eef78da80019

memory/2368-2716-0x000001E61D020000-0x000001E61D460000-memory.dmp

memory/2368-2717-0x000001E60C4B0000-0x000001E60C6B0000-memory.dmp

memory/2368-2722-0x000001E60C700000-0x000001E60C701000-memory.dmp

memory/2368-2720-0x000001E60C6F0000-0x000001E60C6F1000-memory.dmp

memory/2368-2719-0x000001E60C6F0000-0x000001E60C6F1000-memory.dmp

memory/2368-2723-0x000001E60C6F0000-0x000001E60C6F1000-memory.dmp

memory/2368-2724-0x000001E60C700000-0x000001E60C701000-memory.dmp

memory/2368-2726-0x000001E60C700000-0x000001E60C701000-memory.dmp

memory/2368-2725-0x000001E60C700000-0x000001E60C701000-memory.dmp

memory/2368-2728-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2738-0x000001E61D500000-0x000001E61D501000-memory.dmp

memory/2368-2741-0x000001E61D500000-0x000001E61D501000-memory.dmp

memory/2368-2739-0x000001E61D500000-0x000001E61D501000-memory.dmp

memory/2368-2740-0x000001E61D500000-0x000001E61D501000-memory.dmp

memory/2368-2736-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2735-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2734-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2733-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2732-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2731-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2730-0x000001E61D4F0000-0x000001E61D4F1000-memory.dmp

memory/2368-2729-0x000001E60C700000-0x000001E60C701000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json

MD5 30c7b2bdc35c650d2b65150241646816
SHA1 94d466a5f5159784155b6adcc9555bfdae4710c6
SHA256 0784d39379f0a4f971777844ba07550aff31a3d5e32ce1d1eff6f4c7d49b90b1
SHA512 8d51ef924b6c8f46a7ced69f188f2ea583ef3feb7fd84f51a8af8810c51e5099052e2c1513f15ac6fb83fecbef8c984fb4e124ff524c2b20a437943dc127465d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0539171f06c734b8f92aa2f73d045687
SHA1 1f4d317013515574aa650ac7b2975e4d57f9f71f
SHA256 88230b88d3c95edc2072b65b0bdb11f3f4d24ce69a123ead69fc140ec05f5651
SHA512 ec8908780c1fefae688d7441d8166c9d7faba8f5c607364396ee68ec32abd3cbb067457adcbe84868043685ca35c26b9b7638471f9ee5fb9d382a803d2e17d85

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5d34a1f5416fdc978c6e0c7edc7d67a2

MD5 c76ac26f80988d0fcf03874d625b86af
SHA1 b04a5e95018f8eca571daa4077e66626b9ba0de6
SHA256 3dca66141315cdee30f7604013deab2fcc1dd74af93f9630fb700b7606f531ab
SHA512 23ba1357212eb135ad87fcbb81bf73fcf2e189da34f08ca1cccd40d763a856e9ca8ce5514af395caeefca2b0dd3a6fe3b8d43e060c5baf5139fb357fedb90a59

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0cbacc9a3c6aa07deb13db83f658936d

MD5 e3690a37568ee9fe7f191a17a47e2146
SHA1 476c939e0ca065001820946509e36ac2842fb1fa
SHA256 b8da756d34febd98745815e7ee643c49dfdf1adeece7fbdeda22487c06472f28
SHA512 c7b777cb3616fbe210b58c1e2395ffb378ffb36c2fed3af8c634e7d39667b9b433386d1a284f936a1d4e10e76c7a678e97216fe801cf95a0fc3fb313fc4514a3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ceea000e430b7c9714bd62a61ef5eb0d

MD5 e6bf3b994b7bd85aa47c17406d367d2b
SHA1 b18be2803acd9576aaa72bb19116b09680f0cbd0
SHA256 92638ea5cef2b20242923fd21757df86c8c434ff12243d480250364b8480f2fa
SHA512 3e207bfe1b30c981fb533971769a4051c0c87ffbfcabc012606ec939c5b66f2bf59cefeb85c2b903856d6396584b2c96472965c11d90d6a1ac9f59b29cf3d664

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0f10b6865c21c904e29f52a54a31f37a

MD5 38b25c1089062288a7a9a8876138e465
SHA1 d7dc1955cdabe9a50ef4f6b345c9012e3efeb56c
SHA256 e39aceee4952e730f1a101894520b046ff21156ebc79c0f8e070e87af20fdd29
SHA512 198469bc9aa03de2c29b322cee7714a67b1b421a8fb0b6ade7148f54fb5ea0a37f6afe5e80f052f41815174363ca2b2dc8395534c624f0f87d2f7a0e9d773dd5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1aac6bdbb2642f3f23fbed64d042c3f

MD5 2c65a49f36fbe81aed88d7626a0112e3
SHA1 832fc429cd021f288f5ef9531e7dad6c9c6507fc
SHA256 eb8f138e67962a5c7db64722b78454da2e3c3d656ec8d72c9bec566f10a942de
SHA512 4fe7c7a7e439f6b43bc13af9291994ff913fa65ab1d77f162c97b18ae505b1c46ffb2c9236b7c9010580b095526a58204bf182aa5d476e3d0a006b2ca450d181

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9c9142900ac97b440bb74add8dbcb3b2
SHA1 175fd5826ee2079e04759775a7451c6a3f17dd8b
SHA256 9394153d4c9d2cb7d72ca4cf926cc5c7766ea1c3caffe8e01cfee9cf6e6594f6
SHA512 6bcc13ef74149cd081dbe6e184b03abb72015faa044ee53bb54e4d13c8e94b6fe0552485199cfbe0c24316128906518d015e520f1bcfd6dc5e16968b660461e6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8fbe2ad68bce1f4933b291c365e04e75

MD5 d6a9f27b18ba6c1cd064cfee32420a8a
SHA1 3eb4fe70132f76c96bf7f951070f437ba176fc40
SHA256 612baaa3a5eeebe00562f3ecd4490073f3313811613ead2948c1626128191506
SHA512 1126e9b53315742eedcb4e28bec6330c03cbeff2d311c9bca1e8280720ded31b6ad7f4f4b6899aaf23656ec46b19fc2ea6566226c1fbb1ded1c3790832d9fc1a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3e2504bf31b5aa0ab48a8ae5f1dc5f1e

MD5 6abaefefcacaf36071c43e9dc51f1bda
SHA1 a562a7fc46cec9c90e86fa570267864ef2249a20
SHA256 55941590b6aff4d570b3531c493c14c46eb687ed9e4de19200de1681987f75ae
SHA512 5fc4b6db68c03630673789ec5f5d017709e5a9011f25575c0e428f4a21c30e1f6664faa9e4ed456ae79c7ea0fc45db30b8d45ad9b4e2e94f49b27c50237872c3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ac0ab8f16fbb1afe5c7b089b5d5698e6

MD5 5bff0b6da657e8e4ed652a4a5faf57f6
SHA1 ad49b5a7c4734d26061b0eea4496fc41949bc5b2
SHA256 c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f
SHA512 146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24

C:\Users\Admin\AppData\Local\Temp\Roblox\http\cb8a45c1430998ec1304e4c79176816a

MD5 933b1f5dc544d9868d257d80e517c112
SHA1 a8d55f9cd5f79ef7f6fa1ffb229d8bcfb30ce348
SHA256 51a66f59fb6018efd308234879746581b50566d967cf1fbf63fd3fb6917f1295
SHA512 6e03ebecd629ec937171a7a2d11a88c83c0267c0f153b86194683fc967f0e1c827e6393a39af735813a1cb3fe2297cd6582d2f7578355e797a5152dd92d6e600

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1a1d7a8fb35b007494a82bd5304ba1e9

MD5 2414d644ab2dc0d3c58d8546b4cd7ea0
SHA1 77a854549c69f719657f5d404ae9391c705d88f6
SHA256 28be75fd24c5225fe212cbece08722d92c4d2816e5c3a0051294826a5fe79458
SHA512 02bc18971dd372438e6f93b0db0e29a2b647b7e1acc5e8d8321f73857b746c5523e7c720ddadb96363664fd5652c30d5e396f7128813dfc0c30fe7ea4086a229

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0d8b0fd3715ff57ba968ae5740d39a12

MD5 a3366bed53be5f4fed574fc819a07072
SHA1 a79b59561cf06c8a209fb701567a67376d83924d
SHA256 ec5c1697be4eba9851b9a413c13e1a94f9846f6dba1d8d0fa33e1ca7292e8030
SHA512 f8424133bac79bbf7547bf7076cbaf0bd0767f220778275c36878bb982bb69bfe64aede42d67c9db009047e66bcf5eb9604205f6b0aa9a801f6827e2034399fa

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b80d47fd48f8d137ca2aca87e1d00059

MD5 7dae317d3e65c483f462a48cee3002cd
SHA1 330c91065d277740b721b723ffae4e5511e8da2c
SHA256 ad244e68f3ae289677897bd171703b8ab65bb03b17621b3c8f61594b906f8b78
SHA512 966a981204a7979932981d8870704fbe3d4afc2a0306cf149117eeb30a54debf852c8ef04fda90fb2d1d1261daec60db390a4c9b9fa77740d14171335384ecc9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e0fce80600a43748c6cbc0ac23f6cfa2

MD5 3bf49259291542dfee0f89d587c177f1
SHA1 22328c74fce75f7918f6c4b3ca5ad9e1921db437
SHA256 971101824fc41a26f9b1386d72750a69298f4725f266edb3c93b21f9600d2916
SHA512 20366e5775f42da8e313d67ace54bed3b2a010a84d9b3422276a8b544186345683c00663ce4f541c9890f906344ca3400015bef988d4ffa7dd4bf1c38161e271

C:\Users\Admin\AppData\Local\Temp\Roblox\http\31e8a63e8fa08c8135be1c5384c3e0a2

MD5 1221a85cb03fd45c001ef47af9935e7e
SHA1 f209b998e8972ecf158f58270244b831d107ace1
SHA256 e7c79bc6240600fc94d67a9c0e9c1f563a3f30698d7cae3d19b1735865835d4e
SHA512 2e6846a2ea3bcf0892703f3f2024a0acdf277251c55ad9c65e61fb5a8780c67ec707d42818b3d98103504dda9984c109ec0f8e393fc063f734bbc7bce168ad90

C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json

MD5 eaef4b677b2babd4fb7b29da0f065bf5
SHA1 655dc02137cacabfeebb0705832c3378062b1598
SHA256 c5a33fdff10981930005746e120f5cab8bd1321ea949ea5cd1b2e34a88f7aaf7
SHA512 7ddab6aac206bbd23350667487335e674466d66b3f0c425ec3789a62749bd6073eea1e1f5785ca539a0b7e0bbd8a83605191508d97c8280644088cc7d8161aa3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\175af5595dfe9780b5b7b10ecb943336

MD5 0c9078c249c45630688d2af7e0574c25
SHA1 8fae18c0c69cf3a58abddcc9a55fba6d81aca2b2
SHA256 b0e7f0945d5de86014379ede1d9a9528a8c944534ab33e58c7b3be1b5706500e
SHA512 24e0cfdac58bc3714541bd39f6992bf0a4bd4c47e492edc40b72d045b4f06573d582d9f4e50e0c23f964ec678d857752caeec6a65ef89b70e2ecbefe749b21f0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcbcf8ab7914469e06c8fa6ee80f2201

MD5 958ad6c1423022b1905d452d8772d16b
SHA1 a1c5aef3f0d7550f8a9ac31ac1e295696477c02f
SHA256 8965deb3f4a35faba9f087defdbc2fb071e006f283ee7e6b1ce250c6ec12a49f
SHA512 5185a342c83ca7770ecb1103d95d061cc17c80526f755ebfac53305947b09765515221ba65b43a98eff3860e47bfc7a15f51e67d0636de7596a6859ff20804e5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1daaef2a5ce0ea927443fd099437bb55

MD5 e4a239995837749223ed2039a40a3a21
SHA1 b1cc97f9ffc3a367dd3a55a1a3342d59cb610403
SHA256 36ef28d0243f78f746ddc7abb74563980829c81dcfb91abcdaf6459bc7d374af
SHA512 ad81fe4cbaed589da0a3b97c20e7e5fc0deabf5910b1c41dc7d6e6e8b8f22486f71c9577886689739bdb87e34b330ce43cb60fb2e3c1305d77984ec78cc0879b

C:\Users\Admin\AppData\Local\Temp\Roblox\http\32c38bb4f4a560d621ab93aeb6ca5d7a

MD5 f7b60787135cc235066319d2412e77e0
SHA1 ff9e626cfeeb124bc95d830d20e13b15c6427c77
SHA256 e815d7145b898343e81a796bee29e8a71a678c9c3475a7b1107cdbefeefb6152
SHA512 bb21ace97ed300299a276844630c2b30aa0aab87a3a8684391bbe37a0ce7761c82011035f741cc1f596136043f1871d16b0238249d3b943b2c08fdaab8c0d762

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5b794cd8b1447c984ba301aa73a6625d

MD5 2740a9a1a4020c08f3ae9fce5509416d
SHA1 371eb56fa91013a45a38486d5d77ccc12ad03990
SHA256 239bce8cdaa04b7e91497dc8fad14e5af36ebf244712d7a04e37c2be5a0e0a38
SHA512 fbbad878010bb317d5ddc6de48c87d838db393fc52c564555883d07e62b77cd37a3584414566977fbaef792ce0d2a00cf851ce871e880d1cda34357d2fd4682a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d8b4554062d011287069393d07af8706

MD5 a0c28b8252eda35f15ff0931e1817ac9
SHA1 3fa429b9d0b8926907abc63b81a301bad2442eef
SHA256 ee880812bbf7cc1f00cb363632e9746e7342cb5048765c483d56f4284e555a0d
SHA512 e49af44a8fa6e0c0fe4a5f55df2910ff43a6a9360d6e0ba507375487526fa4fae8c974763e4bb757e0907036141123920024adfb312f9d53703bf6d45a83956f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\706b550a2be783fb6e220ca8181485e5

MD5 be4a508de308b15bf9c711a769ed61a9
SHA1 2b980f20a1466d2f1508bfaf8dc2a2558450c1d9
SHA256 0ac514138710cda19cc114cafa8a3fce046654dda1cce0915f525c6f5ed0b812
SHA512 dc71cf06e2466f17b843b96fdbec856b3b67df95105895597e73fad455340d4237f1b7cf91ac2906efb9efeac89515deb79a045859a0651420edecabfef8cf8c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\9fd0b17a3402934b24f3b349c8d753a2

MD5 59e7e73fef4a9df2680ff8fe1722014f
SHA1 2b9d42140ad6207b1e3f5cf8d66b345109cb1098
SHA256 05f280e512673a8f1358b88e8706bf5a763727dc16e8c43abe1be6129a820b57
SHA512 49edc88448345ee5bbb1093bbb62bb49b0ac3c1c0a29d4a862be76845fbbacff0347ea457d66e40f721dccb8071c18e4ca7f41cbce88d57a64a02ed400f4f783

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc27c501541df155b6fb12496e5bac70

MD5 f635924f866829484247044f991b14ec
SHA1 39c6f43e94e4b0d0ce9c30da5b78aab7fa5086f5
SHA256 30b18b2546442b630f0fb8c6a7c26419a9a73988e8e1a118dae5b7241e98074b
SHA512 ca145397fe454c2623651c9ccaf86fd15212fe83d758fab2f8de35e4ea00f8eb8f58aeecb2fc95a4ceda07c9bfa960ccc29b1a56c2bb317c94297c24a366be68

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4dd9b09ac0d9a7bb380a273db7cac4ac

MD5 d97f6e22eba42d95c89cfd439f36c1d4
SHA1 3a439aff0b80708f6510643f70997b897500d2bd
SHA256 25f91091126b2855bcb9c2daa26fec21fe7cc6d25319925a95a55a37cc840b6e
SHA512 52ca405f845e8313b0a04657eaa9a22d1c4fbcf758d5796d2deaf41c7ed6abc28e3597dc1f5d803c009360a63db4e686e6622fac669c252b09d2a3d8dc451e72

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77b3cd784a40d8349719b23b5c0e414b

MD5 05c43f778ddcf81fb06a2fdfb4f7624b
SHA1 616dade772feb66bb1b8dee218c7a5a39d43de06
SHA256 f4a00d60cb52477dfdb2eb264470e5daffd44139c118b73c80e8fdef16f9dd45
SHA512 a2443c678bc019dcc50fd7a49d5c19dfa0c45a7c43fffa24ca225f0f24b6839865288b2fe843bb233752fe59c712c54bff8d9b5c4e8ef5ff4ad8ef20b053feed

C:\Users\Admin\AppData\Local\Temp\Roblox\http\78e2b6ce1224c7617a6a8c90174aa783

MD5 22b25a819c414b6c626e5306888142d6
SHA1 e7d68968d0848af0e5203409227a1980dfeb4a0f
SHA256 275eacbd4554f5b0e4a4266514243c661edb1e4eea694a2fa01ac20a531dfcea
SHA512 bd04fe05aedb2cf10fef09648566834b019d40a6ec8532b19edcbb2348059984dbd5c04d6fd9579dac55f99a6b4de820cda159256d236450b0d0a51594e3b15d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5477b96b8c7694aaab08397c539323cd

MD5 74efd118f986358ad4cde9a57e61dc32
SHA1 0cfe0335bb35298456edc9ed791e019b70266c31
SHA256 b973558fa71e5b3a07fe6ca6180c5bd0cffdb343af3a0d2e4e4e89b40b194ee5
SHA512 357ad98fcdea45563ac733ff39aae16b103a1327a063445b6febb89616a61fbcd140c2148eeef122965cae78c2158bb39bd3eacac6d6c70a58546489687dd733

C:\Users\Admin\AppData\Local\Temp\Roblox\http\09f04b99b82b262e105a232e97395311

MD5 e3a0c050904f457b02b36bfebb1c0b6e
SHA1 a611605082957d8eb5dcb83939e1b6bd3d870bf7
SHA256 02c51e5a41d473f8e0befe8e5fb49073f0dec0ca88ee83e0e6a3c0ba3e18d399
SHA512 f2b6b3a7c193a951feaa1d5abeaf52316773d7895284e806f7267708672f6a7baf37191a244d2c044c785fe967d416353ab83517b28932b9e521172b89e22275

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f469136d50a09240f313e4f48b35b40a

MD5 81927a5a1612202db2ce511c62ced773
SHA1 4414e92b078a515ca699a82cc3bc64a1e264e4bb
SHA256 a8a2313bedad3d93a06ce01ca1abb579013d083e2fec866cc22342713b7b6b2e
SHA512 33918119fc071674aac79062c0e4bab978d04cc957189cffdb8c1bb1c7add1bf7d9a0ab03b08d9e997bd8734266bcbc7a312b316f8303347e2aba876022e7cad

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcece68795e396ad03d6e2608d740126

MD5 0ba72ed050100e6779ea0f1c713ac441
SHA1 ff585cbb4b671bd3a04f3bdb2512a896ff07883b
SHA256 0949d1f525ea9da560f02a0447eb12a33ac6db673e89754b8f3d230e24ccfd06
SHA512 22c09e80f4af164d94ef40999572d2ce35bfb1dfacbd1762b380c9685889d515ed9aa064db4f8ab6746c8a26ea4ecffef9337014293905abb2f0cece7344b851

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7948b73360f27446739cb67376a2d7bf

MD5 6c261f23c63795849eba5b1ef6f17cf3
SHA1 464f91ce49db8b5546722bd62c4f59aae33dfc20
SHA256 e4274c467ca592398736e990eaa97a937f209768239400cd90ea59f9e58a27fa
SHA512 ab6f671b1939df79ee60a873148a1763c06fa880e2f17a23c9e09c5401120873167905e49be3abaf546b9fee33096b76a5573a473b72de3806c38a128ab91ab9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b39eb4053e10b7ff21430e80432eed8

MD5 be1dacdbf4fea39b16e7c11e286b7205
SHA1 28ae9237170d6fa225c54e7a36e35549d191d450
SHA256 3a6d14f833f7da8ddf3139d42e41b2b83d1ea0d4570db39d9c10dd98e33da800
SHA512 72cef9e399c0652a340cb12dd239cc0dfa14a2c832fa63f76dc442308ee9f91b41ddff62fb70331895716b61fdccd332f75c0ba2003f818900e3e6f260303176

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d132016b6bd0b89da2690c24749f6ff7

MD5 2e2350147bec3587e3bc14b7a1e32c2a
SHA1 c275f45e728f71d24ac6d8b496865c218f972b41
SHA256 7ddec5794d779b1ad88ffec41f00c793f21046d18c930328d662a3c2d1c27d84
SHA512 670d3893ab1503dea9437b61b2b1488238d84d3703f94b74b5c20bb7bd26eaa0479e6d3d91319219bae1c1c357c6807101c5960ee2f29ff48475c0e6d9ac3adc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\848d350916ab0af9758cff8167a2aea2

MD5 0042d3425d57e55a4e8c899aa911012b
SHA1 f260334951b11b4ace9af45974e365ecbc6cb9cf
SHA256 f312918dae9b5ebf3028f14575ac8bdb78e7f152061fc59d0885ab7acb3e9581
SHA512 cbab405431b5a95ae3c9d3816b4a1c4d4a07cdc4dfcf64d0977ec80533a6029329db101ac36361114288fa18c769c85a3f238b13f63d2e1e83ef4ef64ae45521

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0af1ae578b1c58a0e785712d31028c1e

MD5 4ffc139d6996c3eba2d40053423d07fa
SHA1 6da7d02805c626596d055c20cf084aafed9b9768
SHA256 0445b87f48bfd12bf0dae91d8dd7c20ee924212b4cc8be782c0a54193546f43c
SHA512 5af3417cdb0d099add05b22090b5aea9ba39069c4704d000aa323b859e47ea67328f616ab03b7b878ef8cce0d528ac0ff5c0f8fe305175b952e840368e0d4a81

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e526d6628fea4b1243fbb953bdf85ac9

MD5 3964c0c8b23c560175f4b299e1a9605e
SHA1 6c155c8a5ece5d5d7340ee4ff0fcb730e4d2b0fe
SHA256 20dc4a3272ebc6ff5edf0494d9e6e2d06c690bb079a36bd04e074818f16a2dbf
SHA512 c6f53903aa3a14f3187bcec1afba4b5b07c10ebef6dd10a710f400996f2214703d29d58abff6e7e0025ea91a78ed2f799f69c542bea006dace570464acf90d64

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c36700f9b5f405f69b210d702f6087c

MD5 94b44243d9e420ff19ff04f4e434b83f
SHA1 04687ed0f779c6873da97da0f16f042b2b459b69
SHA256 f76c45b8c4831588b971b25431b7b85f529a7214f99103ed82b4c2e97d9919e8
SHA512 b7778206ef730254f469214ace61b13f7031d0c4c751b2988decee93dd5a6c8336c40974af74b0aca6d42874d54e23dfcdfc743f5d633610aab2f05e948bea6e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\571e70bdfa73e0cdaa28fdbd2ca19ddd

MD5 bd289aae66f24d373fe9d4388f8ba9b2
SHA1 4d248d4f9aeffef2fdd953bffbacf81ff3ac8554
SHA256 78561a946c48755de0fce9695d30ab82d9e5dfce2eeb0ef6a0824282bc88a0d0
SHA512 50666175b0955dbdf933302016675f035df38deeef6b4a0e8d0cf40b6e3d2c3e4a089a5b78d75015e0048b2e7f91d81b69857004d55436437d3fa0754d1ef8a0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\be241f3cbd5449b0c30c651c4834e3da

MD5 2866f1aa81a7f9c354d34be6a58aa88e
SHA1 c470d8ad431f9876d7966796a503c15440a35345
SHA256 38baca61b0de1abef8c3a97557b6e246fbf9091d1193e3732f6011508e5f0a27
SHA512 1af43841070856ee4c509080c286285ef4850d9dd8507381a5045ed748ffdd09fc32843c0d18aaac70621a8ec88064f0a3b74036cbdfe91be207594f55b24ef3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e665da7061b12f952145852fc21ef7ec

MD5 4cfd979bf14b07dfed01ef9a3b1279a7
SHA1 2e7aad8b8909d3117bb151bf4d34b608e3ab9c56
SHA256 589b00b0a2fbada62af8b7daa8755ce68420a009bf6ce7a53e0865fcf262f94f
SHA512 79a25e0af653d6ecb5fd1908c3652c6fc8ad3d0cf1e00510801bb369728dcbe3c5e1e66f73d058c511320badca3c8ea82f2baaa5e0682f304235b68f622685cf

C:\Users\Admin\AppData\Local\Temp\Roblox\http\be58ec8ab04ff195247b1536cdfb3d44

MD5 d1d2f476fd075d55fa0e77b3c507cb0d
SHA1 5976cdae821737161f6debcba500a2842f988f8c
SHA256 650bcfb9e1c7855d2b72865695c2f4d4212ccedb53584f089c26e2087cc65d41
SHA512 958c07812ae7e89143874ce4effb112eed3bec3436fc0b71ee70de38298130d08d89f6bce42d2b0696839f67be260791d121e81f46a4935f3985e241aec7b0df

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e385854d0ae9ba50e28a7a5629fa28be

MD5 0c889bbbf77ec231120674d4843ee0b4
SHA1 fd29658b2fa416059cb30a6729030b6a6b125e92
SHA256 5006fa1587ba1da5b7696daea22929c490049bc0f10661d9c79322b0a647efc6
SHA512 504d43f9104b8c56ba12ae9533ad3554858ebfb4f5b4b8b1692ba339deed831a66f5441a1e4706015cc59f4de4729c0128fe7da2c8c3d095b2993e92eec378f6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d5ee01099db60480061c57d9831c261

MD5 839f812fb19680ae8e62c2ebe0355e4d
SHA1 a256751297a9f82a082bc4d5ef08d5d9d89a2c17
SHA256 b414e1186136cb1f46c6cdc69dc5b637ac5de6a390d67cf25907907c61b364a4
SHA512 f2209d8bbb8f7ce1e6b675cdd2da3a10bb450d50b4f73a596fc0639f201999f32d3c1a2418e0b92c918c0a667a5750ef122e4331361e0022b66a2fc5e489e5ed

C:\Users\Admin\AppData\Local\Temp\Roblox\http\73b0a5d180fa4202c3e9365c3d577fd4

MD5 2c2e29b04e1f7144017730d5b5ed8b87
SHA1 8a36310825cfb7d8ea6fd487afa46dde29147199
SHA256 6026fca2672513a7a42dc67687850d630434b2260621f77ef5b2634486048d5a
SHA512 bbd5097d544d3bea8b5e97f3262a4f7765b13d5c742c9df8fd07e6a56e7c021a41de575dc1c24749631eb1003db0b9548c634eba7d6d2701fe4035f0a5880615

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcf8e7398be5b1007fef514afffffa6c

MD5 864c04942289c1dee2c1aa18ea77f1c0
SHA1 1be7f1b6c2f1472adb9b34fb6f7a51d3d1ba161d
SHA256 9855931b8e0500c6753d77200447963d1981fa7f7b4fb34067bfedbdec0db442
SHA512 6f3934ea3ca2317756e45bcf065abae6cf34ab7c24e1847023ecee8e404294420f5cc978af2afcea986bf160eda88c020fa1b799f5ad75a5e3991e7268192dbe

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f9cfb35c8f272d46d504f99d9c00054a

MD5 5a67e8e85c0ad7280e9f1ca86f138b77
SHA1 b9fc6b3311df7710e1251114946b93a72dd5d5d0
SHA256 09e7111ea12f1236be9b1da699f8c93eb68127d0a98f2ceebfc5c2d7b25f0ed2
SHA512 ac5e400ce21e5e2503a11642cf401ab5ad4e625a01ac87f1711a02a415fc924556d0d3e50386d17e29ec20bb99b5d3a2d0496dc2ac1fc1381b29774b826cd9ad

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c9d72083ee0b41e11170f5a9845c3060

MD5 92e9669fc7c748554c057eccb11a97e0
SHA1 d3fd8c1e136a2ebed238d95bfbfbf3ce61a385b7
SHA256 b29195912662d71be85e0db741dec5ef005d744d3aa0913dad8ad1e51c3aeff2
SHA512 cdc3a1b4c596fd3c9621e53887a9d503205a0d5f8663e1ee3366129ddbfa83f2b15bedef155eda2949f24d1df615ead664114310e3d3dd03f9fb2d95df2e29b2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d27efcc314894472628caf798daafe01

MD5 bdec8723e953241ac3edc46458a6ed7e
SHA1 783605b1587b096807a81e32c488be272e0ad581
SHA256 c31b000a001faa6e08026a24043899ee4941371ce464146a9c78befc2a796e4d
SHA512 221cf258c9c88c857e34fda1da4290c67c3a34459f86b828ab968f5e57b2be53eb4f7aaced83151576fb843a7f1166c267de0efb116740ab2ac2b37ca0cd4d93

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d4f8d4ffe8696350702fd146346140ac

MD5 084a09f4a178b2533a56610f28f252d4
SHA1 70c343a804ea4674a214d5ca8e24bce33cf662f5
SHA256 91b1a39172d8f6f0c98a2a3aaf8c137b29dcc4ed4c1bb4a3bd449dc16fb45e97
SHA512 fd8205ea2edc70743247666bf8ff414ef6038f6ec03bfc7590dc037024ca66eface1f3cc559511919058754a5dfc2224ca04368ed31df8aa942a7d9022b93e5f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\697aeac1e8e025f05cf4b76086fb70df

MD5 749deb1ff197b5082e2b07aa55a33d31
SHA1 08b4d7441ffa13b8dc3610d74a56d8eb11d8acb0
SHA256 e593f31edc529b51f9b253994d8aa93d8ab0bc8faf433e737b0a09e80cf2784a
SHA512 eff256220d72675ba4b23344191b963f7acdce9743af8be81020e2a74662d2f3f1b2735e686806b73198463c550b2d18921840271d515dca0b2d4ce226954d0d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\90d821a0b7efe2541659a0ff6b31b88b

MD5 6f0ea4b31f2f55764db79b43833bf83d
SHA1 2522c29622377d611419babb3eba2e8cb13fe0e6
SHA256 08f380d19a3cf8307b098cdb5e9992ed1d29e5d15226340758a1af3cb4300c64
SHA512 6a5437574ce2db6feac98928a22c7002ce526501335ac00444190febe302dcab5f18ba33a5ae00bcd83f469b5f1cd356474c8cfd31d9992d186fdd0846db5641

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6443205f8638cd85aaa1caed016b8ac4

MD5 20db412bf509b564fa765bbc0b917fbd
SHA1 938513617f173454649543b7c014ecc762ba5b5a
SHA256 8b7281d0d0576ed2b73ab842080238d7e006e1524ed48f423f61a86cecf3ad40
SHA512 f6c54fb0478c2df40776125a920621a1789d02239a78cdd3de8eb83a27a00464b2aaf8714776897a4b3ae5488da664befa604ec836fe12010a046d48eaa519a1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\aa3db4232d83f97f5e078c526e25a6e2

MD5 3e1ba08877dd32fe4178a730b0ea5e19
SHA1 c020afb22c7cde0c77a9d1d6be18ac8f1e62973a
SHA256 1a6447007e90d27fc71fa7bedef2219bda30eebc33447c2929e4488315e19641
SHA512 bad57ec1a48f686fbc5842a291c95f01db413600828b198b55615857bb1e50e4b3b6031d5896c8d7b9d6753c290c0253ddb83482f89c7fc348b8b80194a07286

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8aad44a486e1e94cb992a6a0e230f735

MD5 451b527070f0cfb1431ff5052642059b
SHA1 6021d49e6b87b9ae8fa64c3cfd0180d625c7d761
SHA256 b9391062d160f5bd861cf7e5ecda919954e84a87eeb3b000bf9b93c068057c9c
SHA512 3ec22e77061670685a576d96cc3897473d11c45c24e581688da54d8700b186d3583ffc23cc2c3395fd93af36afc45083058a2bad9cffb1362be8bf4edb20cef5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5105c207d9317b50c40470887ccfd3aa

MD5 481555658adb9b672941de82171b343c
SHA1 7937e7bac46ac99e1897c00285fd23059828dc12
SHA256 5069797f8a4b926fcc5bcdb668c1f67ece5d5e8f05d6f19a260c55c9a67f289b
SHA512 aa9aae6ac82a3e320ce9c1b83883263d547a82369d8f31d3db0ce6d6bc5cd07ef96157ebf234d6e31b40b32e276c233f7c2c0856394a70d183bd64e03720737d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\74f7241d43fd3efbef367cddf2de0712

MD5 1e996f012273818bd88129d26108d8f9
SHA1 c193db2eca6d190e929375e617f45790cae442bb
SHA256 c7c8ee23804c70ae96b1399c2f6730543f10f7678f5e3ee36fcbce97245aa8c8
SHA512 40ea7f36824cb96dace8ff41b1e92a03e0f7e61cac33a3a81c81cba12714812504554eaa0f4344d30061ce1d89f231ab21cab164a008e1f68d18ccfcf5525173

C:\Users\Admin\AppData\Local\Temp\Roblox\http\afa231f024ffddec5f9d2963d20c450b

MD5 64c05df26d12845b64880218a48e1b3f
SHA1 6ae26e09d6c23ea9ba5ad92d3d40790948b36141
SHA256 e41beb094c8bcc0d8825e031ec9ca5b13e45b94f3c93601c31c10955cfdd8da8
SHA512 d6925cf4d6eeb5275a7c008723410edfe1dd24b9097656e8573f749864f8fc7c61dac61b05230de13a7b9b7b866528c04adca85ad83e8e2831c43b46a70d4c27

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77fad0fb4662c6b81630ee443153aceb

MD5 183fe999017d5e5654364c0d8fd895b8
SHA1 64cbdd4bfac3c60803acfb2871a9fc8da27d318c
SHA256 3622ef17da158e25761124720a642153fb6eee615b54da286e731ca2920216ed
SHA512 d5026e42d343185e14360a292c6d13131dbdf081ba44960598e12652d99d999b4f5c70c5c02335596d18302b1cf64128a8bd06273237a48e2cc4eb0267d12307

C:\Users\Admin\AppData\Local\Temp\Roblox\http\251c7269a8dc64cf406e8c2d5f5cc688

MD5 7e7342c1c2e3602906a1fd64acde7735
SHA1 357de58a6c39a0fe4d7e4c13c16d8c1d25f9e649
SHA256 24a5a23ded1de17bc3170afbe5eb7debbb47f0ed7b2a4b5303bc899e927a99e9
SHA512 c6313b65687a5ce03772ff6f1edf761aa91f07a29f8b61db7edebf1beb5c548fbc53aba721ede32d4c4bbdd31361dc724c676d41c06278904291579d25d93202

C:\Users\Admin\AppData\Local\Temp\Roblox\http\83eeeca932186715a9107df83747a179

MD5 e7ee77fadd485e9a35a1bfb4be99691c
SHA1 bf1aacc9fe769fd1dd111a1009473db1dcac7399
SHA256 d98e995f0160e551443de0eba015bf29192aea408469c2fc2d9c93a5c1c82cd9
SHA512 3ae849a12cabc409e435da98308db2ec0b86f8fa8624a23632ab0ea836a0aed001853eef600bb99f67f8f907dbb641c9c6bc37bbf959dd12c1bf2ad9c8147460

C:\Users\Admin\AppData\Local\Temp\Roblox\http\993f844b48dbb84a0eece0b1d1aad326

MD5 c05764b76e6db0114c1d6200b56a3588
SHA1 5f96252b5a83e5c0810e4ba604dfc433ee449639
SHA256 427939d6cefb89facb6e71e082e42ed184f0883db715e0bd8ca832a316150430
SHA512 4c6c06afb99e99d6a7466ba40146b7fd02f83de16e5c89acbe64179860547f42dad0562b2a281706cfc6acdc5558e8fba5647874ff15d2778f3f6d8c1cd983a7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2da892c80dea8811c616fe5e0e6c010e

MD5 0dbe0b49a06c4093d004ec7d44303fd5
SHA1 2bac861a6075854f8dc8db470558936c36201aee
SHA256 b136004ec10d66b813386e21fc6c5f86d37071e01e8a82437676902eb3e63e8a
SHA512 1d306115aa97102b5d68552b591f5faeade373ff3a718d9f39dbeade32892e47fd921cd78e5dd71e91072476e5ad933ff9659ee5ea1d07133b55745f00c22828

C:\Users\Admin\AppData\Local\Temp\Roblox\http\584bbf8c27b2f156742be22b280cc8d6

MD5 7c0764a501b7f8f1eab14fa7f9337a4f
SHA1 2e17a9b6d5bd740c4dc91af9311e4a6e77bd55ce
SHA256 dc0524c0d7f9f637466570c86adad7021f9316e42e69745bf8d27081a98f09d2
SHA512 dba17c07bc4310c556ef62f157dfd3a0ea1a617ffbbc4324f9a046bf47be9a2bd500921bf02bb79d9ac2df1aeca3745ee1cbd7f33bbdb80fe67e1adaa0bd82bc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c677a51b0924e108a9b1485dbdf883da

MD5 e1e4307ebd3e7f8280c75be0ccd3b5bd
SHA1 3f2a56ac3ee57082ebcf4a1ca21001821286e77e
SHA256 10dcbda8315ffe2e7215b8d61dbd26b0553b438fe94b1bdf005758b1b96d9f94
SHA512 7f3ef600e2ecca826fc163d9092bfc10fcca9a9e6206ef29fe5d61902e3e9625bb2bcc07a58ab480ad19354bd0a1c56dd9f13c4e62aed22d87da146252144ef4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b39250833fce2d9f0655b124db089d4e

MD5 639a9c5f588be3e48a6bf5601215f027
SHA1 1ab7c1d3d5df21a05324853fb235b848945c351f
SHA256 4fd48841bac69eaaeaa9c936347395f5eab6fd4f5549d65cf6fc541884a4b2d7
SHA512 c3aced88385dbd9b10841f72c422b17cabeca80ad11af01222f8901b950be3b42467851d5ef61fa3a1d92f7977724926f765b8bc594655e93e116d04223497dc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ecc495a0b2b0470e25d688a9077fd977

MD5 741a45f09ceaf9cba7f0ee5b8aac236a
SHA1 aa6b59bba687981191db42af8a8b17dc0fc9150a
SHA256 92ee9b175404bf4aa4e346ebe4948ae5c0ee7edf5693778a5e6a4a1bed508eac
SHA512 97cb36fc2281753eb7a42f762c8ad5cdef7c14665214a71f33518f88cff24ec5e91267f834a6ea5ab0206457c7e9c730dcfb4f7a2ec527e3ce48877e2f34be6d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\477a618fe08d138e560e0c8eab9f3583

MD5 4f9c826223fb8d7fb603bac0b294a706
SHA1 44a185bf8edbfee521dc92ae012e6ed18cfae3a0
SHA256 e12f126277c8b35c48dc15cb2f37850ff5ab0816e5982eaeceb571c99bd17502
SHA512 ecf987dc0d416a7fb1779289a0bd9ba55625abff41491ec3731fd77950e91d5b454b17573be388766b20fc630ee3f125d37feda44e068d2ed0cd2a87be021fda

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5ba3b6fc7c95f933bacb9db38c93e80

MD5 0de2eda8831ddddda130102597e758bc
SHA1 0fa49f0691a4ae61e422a22b07fd4e5def0ae5b2
SHA256 2d60885d3492996ffe223ec6dfddb240eba00a9e03ac0506d3489edc4822e1ee
SHA512 f466e1ea3867fae7618b76a2895cccabb0f646f54bf8c4cb6cf6a5c2eaf4b8e31eb4f8b42971ee53c929241d9f40af6a684647cc09395cfd709774503f274b75

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc70073e6562a1a0cb99b092be4629f8

MD5 acc9db15cdf0932e73bfd20b9857b80e
SHA1 cb6455b641cdaa693de88e9b0d1f422744faa35e
SHA256 f0e15f7608b3829d33eb8e057f31f21e931d9d2ab4814891b11ecf47494c141c
SHA512 7ca5152691d595acc0f0398e26f82c4cf491bea98f2c81e7a972af8fe763ef5926a716ea44112c2fa257ba0109b8848f8611f071b88902901bdee1d32a315913

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f1c2eede7a115f0fd9ddcfae03372516

MD5 08ba91e62331009631f755289dcf7324
SHA1 03786d766cac0b39437b98cb61e65c25d16325bd
SHA256 c50ad1d35d0b3e81ef6780da13361923d7525a39db5c9cbc6c5344a0bf5e1380
SHA512 3fe207322d4249f92893d0eb7a93f455374849ca583dd0fd00c79790ab7bc7f0699fe16de332b767689e0a104fb272992ddc37e002b6962cdb6c66a63618e3d5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4130cf898fa8b448f1568bfb61305e94

MD5 86df60a0980b57864a2e2d68f857e0d8
SHA1 60c24af81c8406f05ee1721b374ab8a466d878a2
SHA256 ccdedffa29231d609157ccf22019e03a721e9ca248eabf12be511b76f795c247
SHA512 c025bcd3d21ec036712ad8e40afa7da973db770bf5b9b019c73ca8b99202c8e37999e6daaeab3f1c2190f84434a5e4657a8593e8a59066e0feaf38fcd8bc41e1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\388a60aa5e51ff44455d359825078031

MD5 eb62ee1626b44f54b2c444a487ef84fa
SHA1 d3d918dae048e4ee9c9626608693d69c4c4ae55c
SHA256 bf2f079ca21684f382d094af52836d83862c93800e8e054c2f6bc0838c442d86
SHA512 68022f2ac538c51acc24065480cd23670efff68d56a4b5dec2c28316726ab82c81b48fbfe76c44f32dc32b0af75fe3e203aeb40610f34e2e5d75bc684f712381

C:\Users\Admin\AppData\Local\Temp\Roblox\http\28c39719e7218d9c2d686d4daccb1b72

MD5 25a0b3d9ce5e6e1cc4cc7f4cdb328273
SHA1 4d2dddbe9502a5373e6ea99771bb1de6e828b95e
SHA256 013275e837c61c631932167d47d5d9b838ba8b9863915d39f06d8ba4914df147
SHA512 20df5153edab7085594382f80b5d7c6afa5f2a84741efb46961e36331c94369a7c7302c9799676e18aab171cf398dae8f314395c22238de6f8450726c4c992c7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8ead55fcc97d21deacf012df5c33fdff

MD5 16e22cfdc829405af27279c364ba2f8e
SHA1 0c75b97959d7df1586db85cd1166f99c65603c68
SHA256 aa2f6c8bba8aec6b84f7ef8a7d8c30022097b784236806e63da1f0417124a3d7
SHA512 d1f6695e255f5b7ad498ce177a16591757d5570a4ea45d396f3fa159f5658bddcb7d524c102efdd982fd9ccfa557d984280c27e57484b8f61be512ce994d7964

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc86756c9d8f409a887054cf26a854b3

MD5 70461ebd3bf0f7a0beafcba1d52417ab
SHA1 53dd7894e76f0fe7c02f378d7c67107ed4a03d45
SHA256 e3ef21dd9efd05fd1260691d6dd47f76155bd0b5ef1ccb62ef1e588dca161fd7
SHA512 ccc18b368873c76fb25c97009bfd17e4456d488b16da511e61fe1dee031cce48bb25d507d7fb1237345bdc2191085bd384ce45ca98a5864d10b65b28650e553e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6d1b0fd2905f7655bf0108dd4e655991

MD5 efe7165d72ce56eef26da49dbefa586c
SHA1 b2441c50e501f7121277d205876ec6a5811c4e67
SHA256 4e12e3ed0da10924a1dbc49e464b0b07c017970c839f1c1cb4ecf5a8019d3ae5
SHA512 195b3d7954627b571226a4d5293b19dd0b7b565d4b295b494361ed81f3d9e1c193533dd0e53b2ededa326278294694286669095147d769c5de343aa611ab0238

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c288ffb1fe759d2618c218fa0d2bee8

MD5 c914fc7a80c8ebee4ddd7216cb8e63e3
SHA1 2e4bbbe23167be5f26e5f3e9f1e1b2409b38e7ef
SHA256 c718cff1df66ac36549451bc6de0535c3f2f9e74b4fcdcea38af9eeecc42a674
SHA512 7564812cd051e0970b3d06aa1bb839c8fae5d1e95e23615eea42d2f12b6284d06f2936cedd947e9d4d33c4656fec00494121d58cd38ddaf1ce2ad8be8685d0fd

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e4317e6c6a87bdf6f00c6c80866345fc

MD5 fa00f598036aff7c2e4728ff840efdd6
SHA1 7873ee7205e2817fc8fdcb3afdc275aab494ea91
SHA256 18fecafdfbf34c5b261f4acbd607c439e35177802c8002a0d88221258108abb8
SHA512 f72faa02c263ed200f7a296ed86ef5da614911c1cd212aedd12923ba551aabc44b33cbced8dac80aae67dc09988d53ee191755afe3d51383ce885750bb00a944

C:\Users\Admin\AppData\Local\Temp\Roblox\http\23f316746f014ce443f0b0adb0d9d90d

MD5 4843f2fc4404a016a8a7b7f5c352f877
SHA1 1446153b0498dd65dbb53b417d5ce5db49f0dec5
SHA256 46ec4647b950351b091ab0bb34d1964bf24b0eb58760175def7a4a1d7a4e09b2
SHA512 8d5198bd48be46a6aec5cb5d9eb6e75828f88742f12102a1f5091f9c8b51167fd6db13981fb875b032795b9407fa64cf3aa54224a64008262084dbfd3d98dc27

C:\Users\Admin\AppData\Local\Temp\Roblox\http\98c582bbf5493f077bd8f59567067f24

MD5 ed3f4356a5aa9295ec58f77ab387582f
SHA1 99f94109e03097ddf835c06292ecb6142c93fdea
SHA256 60e6db5121cddd5bc13b1019c85b5d962599e2548c347ee3c7d944cb20ff01b7
SHA512 cc7869759564fe9d5e1580be978727c4b0da340c052db74f677bf7cc24d93da0b837d01ae0199c6404e02b49d08fe47a2fec7165cfad841f1b6fbb1d7e8d7fc4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bbd52b35df5f543d23b7f35ae9e845be

MD5 2de5aeee01688c41f23b2ddc07c0b442
SHA1 68bd21cd4284ff390c1f4f5f4b61c9ff3b8f2268
SHA256 3ceb6af768ce708d114195ea3521c71370ee69172d4d0cdaeb1efff406571d73
SHA512 ce845ebebe20efbfb1a0565e69cea69e3a4f3e71289ec68379565052a2e8a3e5ac873b52e74ea26f2afae7ff64c789c348b4b9d4426ac0c0d6547d9f12290090

C:\Users\Admin\AppData\Local\Temp\Roblox\http\252921e7f19d826cf6778747e86132fd

MD5 e06fafb3ee051c215c7118dcb4a75354
SHA1 c72b3e0f2bb1139344053256bcc3ac48f590174c
SHA256 ea771a4652058a4110a95a6fa24c847e7a50cdfdd711f57e02f9c7caedda7908
SHA512 83008fcb8a91bb42f76568773c98e5dcf6658b0d7972d595eb7059b5a598faf80fcc8492351e9e98a6d3a9ddfc17fca742f07ffe4af644d99c087062ed7b14b0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\16f7441682caf62a1789b9d3e75ec170

MD5 cb94125a0b01b9335f3c3c9a9c6cd60f
SHA1 85ae6cca4c661270b389c00299bf7f5d81fc3943
SHA256 afd92a2c0ea64515200f7dd1c6237f18b6d1bd2065296939697d34a3d4e1b0d4
SHA512 649155baa2d26fc6afd0496d11f37d9dcb588726806eec89be58faa54fcf3b90d1becf114c4e2f3964c98e93399b87bf5bb87709a7bd9a3540c7ddb56e2da555

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f40c00885cbd0588eebf8bd59a345579

MD5 9c0241f7306bbf3cd085509dd7840c99
SHA1 21c2a9c916d0e537c5662db2acb565615ef79962
SHA256 e2afaf1d969e104e2ffc22494e2f7e2ec4a0bda49b9de0dcb3bbaa3da9bc8655
SHA512 afdf2c9a29559645e08604b15f023475e8610f41f650f3527a4c2199fc4bda9c291bb24e2f337e00cfac6a5347fae125d8055f0af6eaca38b92ec408343cb9b0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3ca8206460663e9e944ccfb414623b40

MD5 816be237e27ddb79f9fe0c46efa0119c
SHA1 fe0af06e1155ba784ed6ce8b97849eb3fffb5f9c
SHA256 ec6063b82a1adc4187ee0e01f413d4b5ed10277605f741295658acd3f0ceabcc
SHA512 5ca3c5bca3f5559a500de1262c133a972e776dba7192e6cade152245c0e1118fac41c48a79dd0f15c78ef177294867f041bccd3eece6a388eadcc32da8efaf00

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0407c8d6df198f6864381d3e595ae971

MD5 703dee4351832fd18ef5b85c6e1bf992
SHA1 bdea9dbbdae401cd68814d9815a17bab6f3870c2
SHA256 8fb57fee0d1c996a828a3147fdd9a38e8d1624163dad101e4bc1d44894bc3d68
SHA512 d43b5dc41be38f5fbe30a51c1abcbbc5c606c9d911dd164b5106fe2bcf0310ae8b641299c5491bbd5ba66433d87ebd17dc8a487d88d56d0ee8e81309533ef0b7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\852240b4203e72d7bfa66fcea2e589eb

MD5 547ffe689cd0af21ec616bd935f78b14
SHA1 36e70f429bea53fc2c8dd76eaad82f7bf9f3742c
SHA256 abf9ebe04321f9b8926304bc16041965dd79405783b7d3ea56d5fc802863bd9c
SHA512 3683baf37d3da8ac536ae4d2d852acfb49039b3c9d4ab42d972c23e2df6dbfd178a552ef023f48c43c6887161313d516914d26b7cca0c022e2741875d62e38d2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\06bf3774b39be975c53ba2193da7f90d

MD5 29abb94b78b9a73db28b7ba825833346
SHA1 fd6da6bc273d4a44067d8c2b625980ab8cc52aca
SHA256 d929c9d2ba98883044b81894da3e921de179d5915e1f92ca9d4df9cc89f1424f
SHA512 d5069ac2996929a5d1622f65ab450bd152130978b049f672b1a9f28cadcf724e317024bd95a11109e0ae488834ab184f5e4b10f6a21ba3329cf056a0b7139613

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b597c88ce139f36dee5c4afd7d80a2c1

MD5 f195c3e8ddb6711a2feaad4aec69b8b0
SHA1 20b1011f280842fe6aaa58117a05f57cc17b6c69
SHA256 9c263d2a5db10ebc2d543bbd0c125bcc5da6c2245ed133fe0abb1b308f343a71
SHA512 52ed2e19a2b991880336b6b1694016f4c8e5a5e92a9dc989ab317f7f743f38dddaeba8fb5764826bfd9aa145028a1b3f9fa34a02f39c1e5162aef7ad282b0632

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1489d1b06ae2d917aae075e6fa9b8f7

MD5 5420558b929446bbd89f3d35e72b5836
SHA1 da46e5c797831b47c4d62fb9321c420c6b0ba50c
SHA256 12d1d581ac394291754c5b042baec0904c2f3b3be6a17e0a8761b32b6e53d507
SHA512 e125c8d668b2c73d583c528f6d35bf8a1c9558c594cb3aee98e25eda051f621a6924626d845f200442da65034dd77aa4a51dd1668c07b26611909f76cf9174b4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8550d05ebb82e2c3691bc35b7c166899

MD5 f3e7b2683bee3c3628f500d157a7184c
SHA1 17aa34cf9e45a2a10cc370ef0047d6ec844053dd
SHA256 66d177f97d367d8181feedc6db9f92f71dbabf58cef1355439559005be6a24ac
SHA512 48994f038f0cca5a1ad783d05490ccc209ac4ff2a9fc3b508d5225348d2202f9760ac6c0334d12f74ab8227eab5a412370459ab328f44177729f8fb6b8911088

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1cb6044427da36923148711b8796b750

MD5 ccdd89dadb2a17edd97a48f05de218ab
SHA1 c8829afdfda3e414304f09f588a9e00cd43de4d0
SHA256 8ebad66a66dec464ea8f6a70c240e6fac36d2155ef5460b2f1cc80451e9949ec
SHA512 79976e6623479c42c3b9babb2bbec208a8f13b580dc19419df33639e3922ab973e740fcf33c94841e833ef3ca8209b5b149d2ba5c064f08e3b6a526a651432f9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6c536340229d1bb052a390124806163e

MD5 8dda220de3bfd073f993acca9cce3f19
SHA1 c78e343e500f592bfc59de89dcf8548cd6fa1f71
SHA256 21710259e1dbf800de1bd2dd8e19f33cf70dcf6ad306f7738a23300e40d385e3
SHA512 d21115712737f5d51c7fc887a14bb7b9dda4b9db295ecf429623a20eee02b2868956e6d66907997f100395625c42464218c36e750224e02fe0245c0292fc9e1c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\05e6fbe7faeaf27e476e2247265bd7e2

MD5 774331951556eabf4930f06518bfe5f8
SHA1 79a7b332357aa2b18cf400033bfeeb5db7614627
SHA256 c4239a4d05bd3e427245f920cd4eba313e0af75c819f89553c7b6758da9b4d57
SHA512 bf67dd1c1d57779578524ee404de1648d9a4d8ed7f524fd49643ec49c3165b9321d64bda2216cfb8617c32cb500eacc2966263dc03841af51ee37facb2b1724e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6e62dea9b6f892b37a40251f84c9e0e3

MD5 f48177bf38c02c3a2cb322b77d627f23
SHA1 e207f206d2f707e7feddc32c02883bb71015d23d
SHA256 4a8a4eb5baa01e72889b67caa16b69a4c2e8a07aa12f84ade87376f344b2fbd9
SHA512 bb3c4ba048199ddd3cf5d554a90c279d7b868871f1a0eea4ce27c641556fb3e483cf839e3f9a27a092021783a25d604c952fb1ea34528d722db9930fe48e38a8

C:\Users\Admin\AppData\Local\Temp\Roblox\http\92ca8d0a36e9ce06a1c3537675677ffb

MD5 ae7d26697baf4e3c0a4f7e4fd800f89b
SHA1 4f2472e39c964861701d80139cdc33bb967b2c34
SHA256 58c1370bf264ecee15638ab670a0af85f8bc3b974670875c757751fd116f4833
SHA512 e93451a30c74751ebd6996efb038016e28370de37bfbfe2fafd1f3c3817f2e720bc3b7d96e1c0e346f08e3c581d13f77a535c30c07a487f2c4a13b4da9970a0f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7df53404f56c9f1787b277ba9d17049b

MD5 ecaba5cf9469daab7c05847af2da45d7
SHA1 78d9c8d289db9815482249769dea663f4999cac2
SHA256 23946e247fe3bb06503a06be2b8e154d724a8c2e86fa4f441fc09ba1e5781121
SHA512 4204260b2efe3b4c95584394b30ad7957b154229828f0ac90a04e5167c7eb78f254777fad0d4fce9c5675fccc390dfccae2ecbd8d17e0e73bb0a6933605df7d1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7209cd4fd5e4a48a4cabe7e3498368ec

MD5 643d56f3cc2d206fc1eeafd601a0e287
SHA1 0e55be4bc02d884a40a586b44d5728f9e8fefa6e
SHA256 637c7f57eea4b46821e968a691bc2181ac0ed00252691845fefd947a4c594f66
SHA512 10cb34ff5d98467c3de396ef4993a11c7db2545329ea473eb3ffe387f2663cfda6d21d31299f87aa3f298d2bfdb88d705b9236e9f71c48c22970713c2c3f75e6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ec9a7853aa53bb67f2099830ce97922a

MD5 0ab1d8c6659dc5952cb81416c8d9a85a
SHA1 16d889c645dd70901f87cc86f6db8a632b8518a0
SHA256 1ebc2f03253024917e0b562d101603c2f9e04aa70a05accc5e63eed9976ea0b4
SHA512 657a549264297c42e4783cdfc76baff2dab9b5b9c1f991b3aa8b16f2b8f87ccdb0c1a56edc23713ea7f34ffcc4cfc95b7fbba8d5fa06ea443610f06a00433f36

C:\Users\Admin\AppData\Local\Temp\Roblox\http\68119f28ce3eca78171a6a8c8822e1bd

MD5 35e84ac53c5b6ac5714c5589d7d79153
SHA1 cedd01f0263fc9e5718b8e77b3467c14a35a1b53
SHA256 47da60997e22feaa88bff58bd2db6320534331990a14e2b64b6d665df77b931c
SHA512 7cbdf8f0eaee0c4e00e3813d1e558cc5aa305d6e9861255d721bfb655cddbf08c70fe61f686e79154f1c36e7a4b5c29f2ecf2776fee9eb0b7ac1da8c87e75dff

C:\Users\Admin\AppData\Local\Temp\Roblox\http\38b0d496d6e95d4a4e1f049ecb71b4d1

MD5 60dc54bc02627b188fbc37f3c81899b3
SHA1 7065242d6e88ff9ed0e0cb891a9a6f6db2be5334
SHA256 35fd7f2804d4edd74c14cb7bb1534edc993ab7ce9e2d64be997b12ffa8ee5b16
SHA512 2b43c5d1f2ee4621055d94f3e04cbfed24371eea9a7c719f8392a993464e7d05635f59bf230e294c60de5656f421f4661bd5b1b8f286c4c15e79bf9c57d686c5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\234369d070cc483f7122fd415837b73a

MD5 51d45f80859fca2ea5720897d7f1612a
SHA1 2a7d736969502784b96328f4fd1fc7697a099273
SHA256 5bf07b195c3902c69653ca0294f2bdbf9124df501af426b14d6bcdbb87d70745
SHA512 059455bc829431130377e4c8cee87ed3652b712eb46afa6f666d9e4aff7401b59068da840b91f4914d0752880cb2ed8c64a90e79e37f45b4b90996e44f2932b5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b00de5dcbb5ba1d0d58ba82e9c2f97bc

MD5 9a3aa49a6c57739a171e507a3b0a90ff
SHA1 f3c154299bec91f215954c1df2b03f68fa08efa3
SHA256 6d61517c2a006e117a5d5032dc1be0f993f275b6d0c8a0fbef25bda8cfc12691
SHA512 0a02917b5eefba73d3420852a5c66719bae97bc3c8f9adfb2dcad89dee9caf5852f660a3e787d84e9b86e3793ae0605b2db10c0a1463e0f09a733b614d2f4c1c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6105c4318cc0c25a63a6c9b8db84bc28

MD5 6badf7314b5d440a6ec8dea899d7872e
SHA1 003170f75f86922af2aa5bc4b2c3c41f5f14106d
SHA256 c13071122b4ff111c8ee877e0d8bde8f34ab3569df48fa81f6f4f1b0b0ba855a
SHA512 5fd8098470eb97e06e62f6d8753d3dbef34d8db6b3ff463cdc964e61e765ab844168170a64c837fa5d60c029a79ac0fe7cc661b9bae07acbaa2400120037aa13

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1f571bce12b3689efa5586c78436d68a

MD5 aa1cb968768ba580f7e7d559906a49de
SHA1 1a6a0906ac3c68f859790103094a617e0439d77b
SHA256 b9e49fcb7d0be8aac8bf1d990f2277363077dbd34af7f5109a14bea85b9fd35b
SHA512 a72d7246405dea401b6e97963ea624772f65a7b20eacf2c358fdb73d7e5c2afac79b5cd39cd548ea8c43f14b5f03cc38deee8a495e9c7a1f264c1ca7de4f2411

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5a479665357e877c36a8bc4ebab8ac84

MD5 f5366499a754da1e3317be61d63cc243
SHA1 8689a3cc6a2e1af5dbd2b6c23b488283362bab0a
SHA256 14873e016597bf69824fb29a219f6d81befb11b19fe2e505544115b33f030e6e
SHA512 6920f31ed14ef4621559e67c75a69ecdb7832aac639c40febd98dcf9b7c02402510e983b84cd309bdcd7b0438b394cd6b1d11bd4c32c58488d24a5d38db930c5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3acc8af1251b7ed321f9b36da661d9ed

MD5 808cb55c51b6fc55fa6cdb17892dc876
SHA1 4487b86a3a42ff05e109800b1827c100390245c0
SHA256 eed0725bdeac66a2e53e7daaa033f06c360314d751df70176a0af3f23eb08c7d
SHA512 0d2e6534792e7d417a6fa8403f22397f406352a38bfe1019d87e0308d041b3e69d7defae77e2bf6b87adb3b7d59718efea7d5fad340847c681eeb293beb0f24e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a116d80baa851750ec02ad98f6a28052

MD5 db41d22b9f9f4a43ff8916ff8d513da0
SHA1 00dee570785465bff97ec8a96ebfad3d21f1d248
SHA256 31e6f7d03515207ae87b2f9e9594fc94db77038fcc28ee3990689c6590b7547c
SHA512 df4e09d0f24ec1cf13ffa1a062f9d28a5d36d99b606f27f7ab757f82e4202e51ff4e033b6554b763e6f97c73bbe77b9d133b4b842469b96056654cc2f202124c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7deb7c677f433c0b6c649020e88fe58a

MD5 d76037dbae4ae81158187aeced5816b1
SHA1 7858adc6bdb9f9b03fcb28746d7a0d08c297d058
SHA256 8113ac3b2c1f9a16f7c5a9be473b64abfa8c9689afcbcc30750aeb3077e3e27b
SHA512 e9e1b515c621e760968098b8e0a16e00cf1fc17b74065efd2f8793add04d5e506205df5d65be1db885fb958b9c5879ca728528963b4048bfe073d4249c0dc6eb

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1489s

Max time network

1511s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\new_shaders\vehicleShader.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3388968341" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104012" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\new_shaders\vehicleShader.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_shaders\vehicleShader.xml

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/4336-0-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-2-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-3-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-4-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-5-0x00007FFE809E3000-0x00007FFE809E4000-memory.dmp

memory/4336-1-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-7-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-6-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-9-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-8-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-10-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-11-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-12-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-13-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-14-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-15-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-16-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-19-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-21-0x00007FFE80940000-0x00007FFE80B49000-memory.dmp

memory/4336-20-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-18-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

memory/4336-17-0x00007FFE409D0000-0x00007FFE409E0000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1474s

Max time network

1483s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_diffuse.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_diffuse.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1489s

Max time network

1499s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2116770476" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31104095" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sounds\Duramax.xml

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

memory/2564-1-0x00007FF86FE23000-0x00007FF86FE24000-memory.dmp

memory/2564-0-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-3-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-2-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-6-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-5-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-7-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-4-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-8-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-9-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-10-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-11-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-12-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-13-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-15-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-17-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-19-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-18-0x00007FF86FD80000-0x00007FF86FF89000-memory.dmp

memory/2564-16-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

memory/2564-14-0x00007FF82FE10000-0x00007FF82FE20000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:12

Platform

win11-20240419-en

Max time kernel

1488s

Max time network

1497s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\brand.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\brand.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1486s

Max time network

1495s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\UDIM_Brakes_specular.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\UDIM_Brakes_specular.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1525s

Max time network

1504s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\Windshield_Dirty.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\Windshield_Dirty.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240419-en

Max time kernel

1491s

Max time network

1512s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass02_diffuse.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass02_diffuse.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:12

Platform

win11-20240419-en

Max time kernel

1490s

Max time network

1499s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_lightdiffuse.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\window_lightdiffuse.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:28

Platform

win11-20240426-en

Max time kernel

2700s

Max time network

2703s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PTR_Fleetwood.zip

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B8153D7D-D86A-4EFA-BD57-1AB6599288A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=0F96B1C43DEC4587BB6A5E1415681D8F" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Players\BlockIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\icons\ic-leave.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioSharedUI\RoundedCenterBorder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation-5e891f46-2818f7fd\RoactNavigation\routers\validateRouteConfigArray.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\Dev\SocialTestHelpers.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\wns_push_client.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\BusyIndicator.qml C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\WideView.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_9.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\designer\ButtonSpecifics.qml C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VoiceChat\Dev\JestConfigs.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Components\Connection\PurchasePromptPolicy.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameCollectionViews\Dev\JestConfigs.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AvatarImporter\icon_error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\RoactStudioWidgets\toggle_on_disable_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\icon_placeowner.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Analytics\Dev\tutils.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\PointerLabel.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\PlayerScripts\StarterPlayerScripts_old\ControlScript\MasterControl\Gamepad.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation-067f4e4b-660967ca\RoactNavigation\routers\validateRouteConfigMap.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\Dev\UnitTestHelpers.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\LayeredClothingEditor\Icon_Preview_Clothing.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ApolloLocalState\Cryo.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\PurchasePrompt\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\he.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GamePlayButton\SplashScreenManager.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Lua\TagEditor\Light\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\Otter-7466d762-1.1.0\Collections.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RbxDesignFoundations-77b1a117-2f841688\RbxDesignFoundations\tokens\Common\Light\Semantic.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\ButtonR2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\VoiceChat\SpeakerDark\Unmuted100.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ViewSelector\top_zh_cn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\Alerts\Light\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\WrapTarget.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Settings\.robloxrc C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NotificationsCommon\RobloxAppEnums.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CompositorDebugger\blend2d.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CompositorDebugger\clip.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\StudioToolbox\AssetConfig\version.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\SideNavigation\HomeButton.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Test\MockPlatformInterface.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Settings\Components\ReportConfirmation\ReportConfirmationContainer.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\init.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\XboxController\ButtonSelect.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\chat_teamButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\LayeredClothingEditor\Icon_Play_Light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\ContactList\Hooks\useStartCallCallback.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Screenshots\Cryo.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-cy.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-da.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-nn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-as.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-hr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-und-ethi.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-de-ch-1901.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-kn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-bg.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-nb.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-te.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-hu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-en-us.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-et.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-hi.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-tk.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-de-1996.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-gu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-la.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-ml.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-bn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-be.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-mn-cyrl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-or.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-sl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-fr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-pt.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-cu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-de-1901.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-hy.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-mr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-es.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-pa.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-en-gb.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-eu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-ga.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-ta.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-STUDIO C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "17" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "21" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "8" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "37" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "62" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "26" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "34" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "54" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "49" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "75" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "65" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "38" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "46" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "66" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "67" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "13" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "51" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "83" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "40" C:\Windows\System32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Roblox.Place\ = "Roblox Place" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-7d64f40489634ca5" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ELEVATION C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\DEFAULTICON C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4396 wrote to memory of 1908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 2064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4396 wrote to memory of 1712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PTR_Fleetwood.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7ffe2fffab58,0x7ffe2fffab68,0x7ffe2fffab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2308 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2116 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3388 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3416 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4152 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3196 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDdGMUQ5NUEtNDJEQS00QjdCLThEM0MtMTQ3M0JCRjZDNjRDfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRTFGMDQ3Qy0xMUZBLTRFN0ItOTYxNi00QkY1RkMyNUIwRjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NTEzNDU1NTgwIiBpbnN0YWxsX3RpbWVfbXM9IjY1MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D7F1D95A-42DA-4B7B-8D3C-1473BBF6C64C}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDdGMUQ5NUEtNDJEQS00QjdCLThEM0MtMTQ3M0JCRjZDNjRDfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCOTNEOEMzRi02MTI2LTREREUtODg2OS1FNDg3MjQ4RjhCOTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU1MTgxMzU1MTgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5448 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3132 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5480 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA68F2A-9DD4-4659-B916-9F6158AEC2CF}\EDGEMITMP_EDA7F.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x1e0,0x250,0x7ff72a5288c0,0x7ff72a5288cc,0x7ff72a5288d8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDdGMUQ5NUEtNDJEQS00QjdCLThEM0MtMTQ3M0JCRjZDNjRDfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNjYzMDQyQi0yNThBLTRBNkYtOURDRi1BREE4OUREMUVENDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTUyNzczNTYxNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NTI3ODQ1NDE5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYxNTQxNTAxMzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTk4NDc3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PURZMHpTMXklMmZiMVlacUhhdkR1ZWZvbXVCRGxLcnFJUTNLaGMlMmIlMmZIVDJMVGRxcmRsUTFnT2IlMmY4eFhYbWVBSk9GUDBka1Jmek42em1tVkNTVGM5d3hJb0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjU2Mzc0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYxNTQzNzAzNTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjE2ODc4MDE2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY2MDE5NzAyODciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNjMiIGRvd25sb2FkX3RpbWVfbXM9IjYyNjM0IiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMzE2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3836 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:4eNyj-d7UWrUnknF02HSwPQOU2pVr8enLlbNbp_wbpNtx2dF2AqkdkUg_DLrStVZpSKKOrfveayyxcJSAUNu1DdgPpNRszJcATa2qLZDcAyAMaxH6yoy6rN_6qlO2qAb--I_1FiT_wFVZK3zaIFb-Gc-ZXW7iEEvTXY1tjgSDjZTTb6xRHkUy11S9uZ8ofbrYIyYwRfj_WvLTKfwRsEbJ97j_21VBy0ifTtCMOo6RQU+launchtime:1714593865570+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714593456339006%26placeId%3D11927338608%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbd4ee5dc-78cc-46f2-9bd2-fb2d13e3d023%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714593456339006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1756 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:K1-UG51sQJp9_tUNwN0bJ87ObrhoFHyLY__je59mENYoxlXJ5i3hvofe0PIhM4U8YfBHVPWUcb-xx7WCx9wpByis_6mV0aVP8AuC3NDDpEUYExwRyqp4lBBc4iGs_9taq0W4DQKD40Z4kp068ut08-y70L24BIQWusiM6WfdnS5vtZHqXhmzWn0r5eRMcTGL5-C8Ai3bx1QSTf8Tr1YfGa7m71TPfYZp3Cnu38rH6YA+launchtime:1714593882970+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714593456339006%26placeId%3D11927338608%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db9c33cf4-ca6e-45fb-9996-87b366460655%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714593456339006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2380 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:ulXX5LUW4mEXB3JlcVkptvIYrHH0pya5B2NNJ9Ymg9WqyrH8fsGXUgIoJEt2PajzWAfIkpY681TF_pH0BieSsMWU61p9hXiCDjnj97U5FozJYZTl3S5gZlK7T7j-B1nc1i2NjCi10fPk71zQUOma8D9iZwLghAuZnqUuMAXmXtPlQx4i7M93DSmgHRjiSBqInLeQVl8g_eWwjZggDXSv1Vbo9Ymp3erdtxhvz1vDpm4+launchtime:1714594037945+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714593456339006%26placeId%3D11927338608%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8b5c243c-20d9-489c-8c86-e8f38b9a794e%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714593456339006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B8153D7D-D86A-4EFA-BD57-1AB6599288A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B8153D7D-D86A-4EFA-BD57-1AB6599288A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{37FE22D5-2711-45A4-811A-2DBF7B2E0784}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzdGRTIyRDUtMjcxMS00NUE0LTgxMUEtMkRCRjdCMkUwNzg0fSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3MTM5RUEwRS1BQkQ1LTQzQTUtOTlEMS0xMTJBMEQxRUQ2RUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODYwMTY1NTQ5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODYwMjA1NTM3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxOTI2NzU5MDQ2MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTk4ODEwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVuUW5TRG9ZSFhRU1hsNllxYVlJQjAlMmI5bDJkOTB5MkJteXd6QVVIR0t0NTNEUjdOMiUyYlVWdXhXT3BURndYYVp1RTIlMmZDdXFKUUQ4YXg1bXp0Q25RRmV3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTkyNjc1OTA0NjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTk4ODEwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVuUW5TRG9ZSFhRU1hsNllxYVlJQjAlMmI5bDJkOTB5MkJteXd6QVVIR0t0NTNEUjdOMiUyYlVWdXhXT3BURndYYVp1RTIlMmZDdXFKUUQ4YXg1bXp0Q25RRmV3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjM2NDA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE5MjY3NTkwNDYxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE5MjcyOTA1Njg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODYxOTU1NDk3MDc0MzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNC4wLjI0NzguNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins3NTVBMThBQi1GM0ZCLTQxRDgtQUQwRi0yQzBFRTJCMjYwRDJ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUD5A4.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{37FE22D5-2711-45A4-811A-2DBF7B2E0784}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzdGRTIyRDUtMjcxMS00NUE0LTgxMUEtMkRCRjdCMkUwNzg0fSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NzA0MjBCNjMtMzZEOC00MDFFLTk5OTEtRDFDOTU0RDlDMTUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQ1OTM2NzEiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE5MjgyNTkyMDQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5680 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4420 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3356 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1568 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxStudioInstaller.exe

"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1764.2708.14218718843829470814

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7ffe165aceb8,0x7ffe165acec4,0x7ffe165aced0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1724 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1964,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2132,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3584,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4008,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3672,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4812,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=340 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5108,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5076,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5428,i,2798260328068857025,17062204429919045727,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x0000000000000480

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDYwNEJBQTItQzk2OS00OEY4LThCRUEtQTQ4QTkzMkNBNUFEfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QjQ4NzdEOTItODY1MC00RUE2LUE4NUUtQjExQUJGOEI2ODEwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGluc3RhbGxkYXRldGltZT0iMTcxNDE0NDQ5NSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU4NjQyNDI3NDE5NDY2OSI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQwNjgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyMjgzMDU3NTU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3513704-9414-4451-9362-D1B4A737A85C}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDYwNEJBQTItQzk2OS00OEY4LThCRUEtQTQ4QTkzMkNBNUFEfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2OUEzM0I4RS02ODdELTQ5NzUtODg4Mi0wQzU3ODg4RDE2RkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyMjkzODM3ODgxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIyOTM5OTQwNzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIzNDc1ODczNTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE5OTE1MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hbmVXMkt3b1B6UjNUNUQ5JTJiejRBZU1hYlNaOFFuYmt4dkw4Q2E2VGJYSzQ3MUpRJTJmN2c5RlZTcng4VGkzdzVQeXljSnhsVXhQR0Z4eSUyYnluUTFhbzV2dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIzNDc1ODczNTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1MTk5MTUzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWFuZVcyS3dvUHpSM1Q1RDklMmJ6NEFlTWFiU1o4UW5ia3h2TDhDYTZUYlhLNDcxSlElMmY3ZzlGVlNyeDhUaTN3NVB5eWNKeGxVeFBHRnh5JTJieW5RMWFvNXZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iNDk2OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyMzQ3NzQzNTQwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjIzNTU1OTQ0ODMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMjM1OTE4OTcyNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM5MCIgZG93bmxvYWRfdGltZV9tcz0iNTM0NCIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5704 --field-trial-handle=1776,i,16501997076365878260,7017694197375582821,131072 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1714594381391+avatar+browsertrackerid:1714593456339006+robloxLocale:en-US+gameLocale:en-US+channel:+browser:chrome+userId:2490176024+distributorType:Global+launchmode:edit+task:EditPlace+placeId:14499138401+universeId:5006053822

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7255888c0,0x7ff7255888cc,0x7ff7255888d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x22c,0x228,0x254,0x230,0x258,0x7ff7255888c0,0x7ff7255888cc,0x7ff7255888d8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6b43188c0,0x7ff6b43188cc,0x7ff6b43188d8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDVERDM4MUMtOUE1RS00MjU1LUI3RUYtREIyQTkwODMzNUJCfSIgdXNlcmlkPSJ7QjIwMEJDNEMtNzcxMC00MjlGLUEwOTUtOEI2NUI3MkQzNDlCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFNjQxMEVBQS1DNkMxLTQwRUYtOTM2Mi1ENUM3MTJBOTBDRDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjg3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0ie0EyMjA0NzI1LUIwNzgtNEI1MC04MzkxLUVEOTgzRkFBQzBBQ30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODYxOTU1NDk3MDc0MzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyNzMzMjc4MDQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyNzMzMzc4MzUxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyNzkwNDA0MDY1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIyODIwMTUwNzY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNDIyODkzMzg5MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMwNSIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIxNDA4NzUiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0iezE1NUU0RTlGLUQyMEEtNDA5QS04QTZBLUI5M0FBOUFCNjBBOX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBjb2hvcnQ9InJyZkAwLjIyIiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTA2Nzc0OTQ2ODQ4NTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgYWQ9Ii0xIiByZD0iNjMzMCIgcGluZ19mcmVzaG5lc3M9Ins1Njg0RTVCMC1DN0EzLTRFNzUtQjFDOC05NzgyRTEzODk5MjV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 consent.google.com udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.70:443 static.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 18.239.208.95:443 js.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
FR 128.116.122.4:443 assetgame.roblox.com udp
US 128.116.99.4:443 roblox.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 70.190.18.2.in-addr.arpa udp
FR 128.116.122.4:443 locale.roblox.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
US 2.18.190.83:443 apis.rbxcdn.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.75:443 images.rbxcdn.com tcp
US 2.18.190.75:443 images.rbxcdn.com tcp
US 2.18.190.75:443 images.rbxcdn.com tcp
US 2.18.190.75:443 images.rbxcdn.com tcp
US 2.18.190.75:443 images.rbxcdn.com tcp
US 2.18.190.75:443 images.rbxcdn.com tcp
FR 128.116.122.4:443 locale.roblox.com udp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
FR 216.58.214.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
FR 128.116.122.4:443 locale.roblox.com udp
GB 172.217.169.67:443 beacons3.gvt2.com udp
FR 216.58.214.67:443 beacons.gcp.gvt2.com udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
FR 128.116.122.4:443 locale.roblox.com udp
FR 128.116.122.4:443 locale.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 18.239.208.92:443 static.rbxcdn.com tcp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 nrt1-128-116-120-3.roblox.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
US 8.8.8.8:53 aws-us-east-2c-lms.rbx.com udp
US 8.8.8.8:53 aws-us-west-1a-lms.rbx.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 3.134.228.184:443 aws-us-east-2c-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 54.177.223.231:443 aws-us-west-1a-lms.rbx.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 3.134.228.184:443 aws-us-east-2c-lms.rbx.com tcp
US 54.177.223.231:443 aws-us-west-1a-lms.rbx.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
DE 18.158.231.76:443 cs.ns1p.net tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.124.116.128.in-addr.arpa udp
US 8.8.8.8:53 184.228.134.3.in-addr.arpa udp
US 8.8.8.8:53 3.45.116.128.in-addr.arpa udp
DE 18.158.231.76:443 cs.ns1p.net tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 18.239.208.102:443 c0aws.rbxcdn.com tcp
FR 128.116.122.3:443 gold.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 8.8.8.8:53 3.63.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 18.239.208.101:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51068 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
N/A 127.0.0.1:51072 tcp
US 18.239.208.47:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 134.237.211.23.in-addr.arpa udp
US 8.8.8.8:53 47.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:51075 tcp
N/A 127.0.0.1:51078 tcp
US 18.239.208.47:443 setup.rbxcdn.com tcp
US 18.239.208.47:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 128.116.122.4:443 voice.roblox.com udp
FR 128.116.122.4:443 voice.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:51635 tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 18.239.208.119:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 119.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:51648 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:51651 tcp
N/A 127.0.0.1:51658 tcp
N/A 127.0.0.1:51761 tcp
US 8.8.8.8:53 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
FR 128.116.122.4:443 ncs.roblox.com udp
FR 128.116.122.4:443 ncs.roblox.com udp
N/A 127.0.0.1:51990 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:52002 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:52005 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 18.239.208.114:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:52018 tcp
US 8.8.8.8:53 114.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
FR 128.116.122.4:443 presence.roblox.com udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.112:443 www.bing.com tcp
US 8.8.8.8:53 112.61.62.23.in-addr.arpa udp
FR 128.116.122.4:443 presence.roblox.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52215 tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
N/A 127.0.0.1:52219 tcp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52222 tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:52227 tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 18.239.208.119:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 143.191.67.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
NL 104.109.143.93:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 93.143.109.104.in-addr.arpa udp
FR 128.116.122.4:443 presence.roblox.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 create.roblox.com udp
US 18.239.208.42:443 create.roblox.com tcp
US 18.239.208.42:443 create.roblox.com tcp
US 8.8.8.8:53 o293668.ingest.sentry.io udp
US 34.120.195.249:443 o293668.ingest.sentry.io tcp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 18.239.208.15:443 webblox.roblox.com tcp
US 18.239.208.15:443 webblox.roblox.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 doy2mn9upadnk.cloudfront.net udp
US 18.239.190.57:443 doy2mn9upadnk.cloudfront.net tcp
FR 128.116.122.4:443 economy.roblox.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 57.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 18.239.190.57:443 doy2mn9upadnk.cloudfront.net tcp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 t1.rbxcdn.com udp
US 18.239.208.13:443 t1.rbxcdn.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
NL 104.109.143.70:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 13.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 70.143.109.104.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 clientsettings.roblox.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
BE 2.17.107.82:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 82.107.17.2.in-addr.arpa udp
N/A 127.0.0.1:52818 tcp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:52822 tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 18.239.208.119:443 setup.rbxcdn.com tcp
US 18.239.208.119:443 setup.rbxcdn.com tcp
US 18.239.208.119:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:52825 tcp
N/A 127.0.0.1:52828 tcp
FR 128.116.122.4:443 clientsettings.roblox.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c53.gcp.gvt2.com udp
US 35.217.93.191:443 e2c53.gcp.gvt2.com tcp
US 35.217.93.191:443 e2c53.gcp.gvt2.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 191.93.217.35.in-addr.arpa udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
FR 128.116.122.4:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
N/A 127.0.0.1:52941 tcp
N/A 127.0.0.1:52949 tcp
N/A 127.0.0.1:52952 tcp
N/A 127.0.0.1:52956 tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.25:443 images.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
NL 23.63.101.170:443 js.rbxcdn.com tcp
US 18.239.208.26:443 static.rbxcdn.com tcp
US 18.239.208.26:443 static.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 27.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 25.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 26.208.239.18.in-addr.arpa udp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 128.116.102.4:443 roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
FR 128.116.122.4:443 metrics.roblox.com udp
FR 128.116.122.4:443 metrics.roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
BE 104.117.77.144:443 apis.rbxcdn.com tcp
FR 128.116.122.4:443 metrics.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 4.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 144.77.117.104.in-addr.arpa udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:443 dns.google udp
GB 51.140.242.104:443 tcp
GB 172.165.61.93:443 tcp
GB 172.165.61.93:443 tcp
GB 172.165.61.93:443 tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:53487 tcp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
GB 104.91.71.142:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.4.4:443 dns.google udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 142.71.91.104.in-addr.arpa udp
FR 128.116.122.4:443 users.roblox.com udp
FR 128.116.122.4:443 users.roblox.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:53756 tcp
FR 128.116.122.4:443 users.roblox.com tcp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
FR 128.116.122.4:443 users.roblox.com tcp
FR 128.116.122.4:443 users.roblox.com tcp
FR 128.116.122.4:443 users.roblox.com tcp
FR 128.116.122.4:443 users.roblox.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
US 8.8.8.8:53 develop.roblox.com udp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
FR 128.116.122.4:443 develop.roblox.com tcp
N/A 127.0.0.1:53952 tcp
N/A 127.0.0.1:53954 tcp
N/A 127.0.0.1:53956 tcp
N/A 127.0.0.1:55228 tcp
N/A 127.0.0.1:55230 tcp
N/A 127.0.0.1:55232 tcp
US 8.8.8.8:53 assetgame.roblox.com udp
FR 128.116.122.4:443 assetgame.roblox.com tcp
US 8.8.8.8:53 clientsettings.roblox.com udp
FR 128.116.122.4:443 clientsettings.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 t7.rbxcdn.com udp
N/A 127.0.0.1:55244 tcp
N/A 127.0.0.1:55247 tcp
N/A 127.0.0.1:55358 tcp
N/A 127.0.0.1:55367 tcp
N/A 127.0.0.1:55369 tcp
N/A 127.0.0.1:55456 tcp
N/A 127.0.0.1:55458 tcp
N/A 127.0.0.1:55460 tcp
N/A 127.0.0.1:55462 tcp
N/A 127.0.0.1:55464 tcp
N/A 127.0.0.1:55473 tcp
US 18.239.208.108:443 t7.rbxcdn.com tcp
US 8.8.8.8:53 108.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:55648 tcp
N/A 127.0.0.1:55650 tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
FR 128.116.122.3:443 realtime-signalr.roblox.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.169.67:443 beacons3.gvt2.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
NL 96.16.53.139:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 webblox.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com udp
US 18.239.208.48:443 create.roblox.com tcp
US 18.239.208.20:443 webblox.roblox.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 o293668.ingest.sentry.io udp
US 34.120.195.249:443 o293668.ingest.sentry.io udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 users.roblox.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 locale.roblox.com udp
US 18.239.208.20:443 webblox.roblox.com tcp
FR 128.116.122.4:443 locale.roblox.com udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
FR 128.116.122.4:443 locale.roblox.com udp
FR 128.116.122.4:443 locale.roblox.com udp
FR 128.116.122.4:443 locale.roblox.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 premiumfeatures.roblox.com udp
US 8.8.8.8:53 itemconfiguration.roblox.com udp
FR 128.116.122.4:443 gamejoin.roblox.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 18.239.208.84:443 t7.rbxcdn.com tcp
BE 88.221.83.43:443 t7.rbxcdn.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
N/A 127.0.0.1:55930 tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:55938 tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
N/A 127.0.0.1:55941 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
N/A 127.0.0.1:55944 tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
N/A 127.0.0.1:55951 tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
N/A 127.0.0.1:55965 tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
N/A 127.0.0.1:57235 tcp
N/A 127.0.0.1:57237 tcp
N/A 127.0.0.1:57239 tcp
N/A 127.0.0.1:57251 tcp
N/A 127.0.0.1:57254 tcp
N/A 127.0.0.1:57257 tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
FR 128.116.122.4:443 gamejoin.roblox.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
FR 128.116.122.4:443 thumbnails.roblox.com tcp
US 8.8.8.8:53 avatar.roblox.com udp
NL 128.116.21.33:50053 udp
US 8.8.8.8:53 tr.rbxcdn.com udp
FR 128.116.122.4:443 avatar.roblox.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 t7.rbxcdn.com udp
US 18.239.208.40:443 t7.rbxcdn.com tcp
US 8.8.8.8:53 33.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 146.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 40.208.239.18.in-addr.arpa udp
N/A 127.0.0.1:57259 tcp
N/A 127.0.0.1:57391 tcp
N/A 127.0.0.1:57394 tcp
N/A 127.0.0.1:57402 tcp
N/A 127.0.0.1:57417 tcp
N/A 127.0.0.1:57424 tcp
N/A 127.0.0.1:57466 tcp
N/A 127.0.0.1:57483 tcp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
FR 128.116.122.4:443 avatar.roblox.com tcp
US 8.8.8.8:53 chat.roblox.com udp
FR 128.116.122.4:443 chat.roblox.com tcp
US 8.8.8.8:53 economy.roblox.com udp
FR 128.116.122.4:443 economy.roblox.com tcp
FR 128.116.122.4:443 economy.roblox.com tcp
N/A 127.0.0.1:57659 tcp
US 8.8.8.8:53 assetdelivery.roblox.com udp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 18.239.208.102:443 c0.rbxcdn.com tcp
US 8.8.8.8:53 c3.rbxcdn.com udp
US 8.8.8.8:53 t6.rbxcdn.com udp
US 8.8.8.8:53 c2.rbxcdn.com udp
US 18.239.208.99:443 c3.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.47:443 c2.rbxcdn.com tcp
US 8.8.8.8:53 99.208.239.18.in-addr.arpa udp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
US 8.8.8.8:53 t0.rbxcdn.com udp
US 8.8.8.8:53 t4.rbxcdn.com udp
US 8.8.8.8:53 t1.rbxcdn.com udp
US 205.234.175.102:443 t4.rbxcdn.com tcp
US 205.234.175.102:443 t4.rbxcdn.com tcp
US 8.8.8.8:53 t5.rbxcdn.com udp
BE 88.221.83.43:443 t0.rbxcdn.com tcp
US 18.239.208.123:443 t1.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
US 18.239.208.123:443 t1.rbxcdn.com tcp
BE 88.221.83.43:443 t0.rbxcdn.com tcp
US 205.234.175.102:443 t4.rbxcdn.com tcp
US 18.239.208.123:443 t1.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
US 8.8.8.8:53 t2.rbxcdn.com udp
BE 2.17.107.202:443 t2.rbxcdn.com tcp
BE 2.17.107.202:443 t2.rbxcdn.com tcp
BE 88.221.83.43:443 t0.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
BE 88.221.83.43:443 t0.rbxcdn.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 18.239.208.114:443 t6.rbxcdn.com tcp
BE 2.17.107.202:443 t2.rbxcdn.com tcp
US 8.8.8.8:53 t3.rbxcdn.com udp
US 18.239.208.104:443 t5.rbxcdn.com tcp
BE 88.221.83.41:443 t3.rbxcdn.com tcp
BE 88.221.83.41:443 t3.rbxcdn.com tcp
US 8.8.8.8:53 41.83.221.88.in-addr.arpa udp
BE 88.221.83.41:443 t3.rbxcdn.com tcp
US 18.239.208.40:443 t7.rbxcdn.com tcp
US 18.239.208.123:443 t1.rbxcdn.com tcp
US 18.239.208.123:443 t1.rbxcdn.com tcp
US 18.239.208.104:443 t5.rbxcdn.com tcp
BE 2.17.107.202:443 t2.rbxcdn.com tcp
US 18.239.208.114:443 t6.rbxcdn.com tcp
US 18.239.208.40:443 t7.rbxcdn.com tcp
FR 128.116.122.4:443 assetdelivery.roblox.com tcp
US 8.8.8.8:53 itemconfiguration.roblox.com udp
FR 128.116.122.4:443 itemconfiguration.roblox.com tcp
N/A 127.0.0.1:57662 tcp
N/A 127.0.0.1:57665 tcp
FR 128.116.122.4:443 itemconfiguration.roblox.com tcp
US 8.8.8.8:53 inventory.roblox.com udp
FR 128.116.122.4:443 inventory.roblox.com tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
FR 128.116.122.4:443 inventory.roblox.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
N/A 127.0.0.1:57680 tcp
N/A 127.0.0.1:57693 tcp
N/A 127.0.0.1:57704 tcp
N/A 127.0.0.1:57706 tcp
N/A 127.0.0.1:57720 tcp
US 8.8.8.8:53 ncs.roblox.com udp
FR 128.116.122.4:443 ncs.roblox.com udp
FR 128.116.122.4:443 ncs.roblox.com tcp
FR 128.116.122.4:443 ncs.roblox.com tcp
N/A 127.0.0.1:57744 tcp
N/A 127.0.0.1:57746 tcp
N/A 127.0.0.1:57748 tcp
N/A 127.0.0.1:57750 tcp
N/A 127.0.0.1:57752 tcp
N/A 127.0.0.1:57800 tcp
N/A 127.0.0.1:57802 tcp
FR 128.116.122.4:443 ncs.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:57995 tcp
FR 128.116.122.4:443 ncs.roblox.com tcp
N/A 127.0.0.1:58657 tcp
N/A 127.0.0.1:58691 tcp
N/A 127.0.0.1:58693 tcp
N/A 127.0.0.1:58695 tcp
FR 128.116.122.4:443 ncs.roblox.com udp
FR 128.116.122.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 t7.rbxcdn.com udp
US 18.239.208.108:443 t7.rbxcdn.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
FR 128.116.122.4:443 ncs.roblox.com tcp
N/A 127.0.0.1:58751 tcp
N/A 127.0.0.1:58754 tcp
N/A 127.0.0.1:58767 tcp
FR 128.116.122.4:443 ncs.roblox.com tcp
N/A 127.0.0.1:58770 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
FR 128.116.122.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:59375 tcp
FR 128.116.122.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:59390 tcp
N/A 127.0.0.1:59406 tcp
FR 128.116.122.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:59423 tcp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp

Files

\??\pipe\crashpad_4396_PCSGJNJIZXESEHLU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e828b53f-999c-499e-9fff-ae3db52f8f15.tmp

MD5 71f945916d078bd5c71f99ab877ed3df
SHA1 dc508bbe1c919f4c5789b879847b5a6217f0392d
SHA256 5b83a4a6cf2cd3aaef578790c1e89bfc07d5699f0ec56f23a6bc7dc9bd68cbce
SHA512 8b3f13b21979f5a4b7c6c2a1d4d04677ce20a36dea9026ded99ddb6d70f34294790728b0ff20dff1f154b7c85f319a8079cc137515d0436b659961537320cf72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a627bc84fd55122ec8cae1ccee970799
SHA1 9155572f2bcd662a8aad47ce38934a5a159fb51f
SHA256 1184091f23a403e86dd2682cd867ba7e61a0d4f70c8d4711bdcc26e09618016c
SHA512 68f828fca5b33046e76282076700b378bc4c2218aafbc5c48016ab20a6b01c5ae2382e77897184af3b43fadf63d196732fbd8cb6acb0ddf6e2f3b3362ebc0ccc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7436f641530eacac5bb9893413c9d022
SHA1 ec41e6354710164c3bcb6a4acb9f9148e5376baf
SHA256 6e7d132e8ed14753cc9e03747188a6815cec250b4a409bf3384f17261d870e6b
SHA512 0d3f282a53f825ee165f47ccee7aaa744838efb8ff5cf93270ff4aec9a8f06916bd9f6c862f9d2399b4b450e1034556ac16cf8ac627f064d9128600c5d6c3af7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a15ea8c2159bf37401f56f25ae8dec7f
SHA1 fe4f200d1a13cc463e41c61cb68fa6c366e71f43
SHA256 efbdbe1a980d1b0c560af44a0a2fb0ad0e54600f4c7d443c78cb7035375a05ee
SHA512 fe4aa70861ed9d12f69b73f4df6eee33d32e4263a8a46db0f14a6817b92ad1b68bd5391f144976d744f78512d09d597689abf9ba8e163971374011bc47a1d5f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 27eabca6809d70491593e624f2328682
SHA1 6e1869fbe251c2ffaff1fa29ec1a1ad4666227c5
SHA256 f9c148dc204282985428490b810f7f5c8950756f8a5b07348906085070e1b75f
SHA512 1dc948689560d6a901c762c6966e653b47ee0408798ccd17e3a607420a8efb6993303ec15c495d71d01172930e33d507efbb15c91d8b4dab52e218f7b32447bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f00735c0c27f50bd05d9a5cfd451eab
SHA1 067a86c21e09424211536a2eb2c57d41d6da757f
SHA256 819a3ab0eea5cd2972889d4d8448f40bddf9f89617b74309238d937bd7f4d14b
SHA512 4fa3415664f04fe26a33d671c87cd0b4b0fc551374f30cefa4c8ba3a150523865420d0343ff2ceed33855a519023a06d7a3aa6c6087eddfcee310969689f684d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e41d7d13c43406f4382c27dd358b26e
SHA1 2dcad26f8fb5216edf5c30e583d3e45fb795de63
SHA256 8dd75d0cbb44b9d259f3b91106dd9ab0daafbbd3b86457e23ffa93f53f4c2f30
SHA512 9cadbc490f24cd31b90b95d9c6f974d844e1533ef20abcb9aaf2d197f6f959e002c310ad133433398a313d7a9442bb7057006fc0de49d826703d921eba7e7bd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b654998f00b013fd398c5d26c3cc4e4
SHA1 299a0dd0d010ff6cb32706ec78cf131afe761a5e
SHA256 0913800627000a0df0a7a7a891f5bb073f4f812c870871bcfb9ce4e960cca2b7
SHA512 98fa4e9dc31a7fd11465fe459825c426256d4e2f4b2c416ee7a75b6c2ea1489f7d9a03fa7b8009629d49c36eff9723c83684df2a65c384c3fdf1a6c2de721bc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 06bf6287ed8fd6c4e3228a20be3f2541
SHA1 0562f7f87f1f26b61a0eaa01d099311ad13695f6
SHA256 3367ebd2619abbfbbffca577045f5d6ed7a4838dad48312a7df328b6c10b3ea0
SHA512 b30be0c00fb52a6207bf8a11a0d998e6757f12dc550b8783f2964c821b61714cd8e15a8e56cc6f31c5e2e347384031c76d32396eb38fb0342fd984525b71810e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b2b46e0d63670dcbf4b4aa4c7db0ae9
SHA1 6d68577bef9067f8cbe66c89ab4e8e4744298065
SHA256 dede34e89b75728c48b95d064d12ba2b3d0be230ecc12191c098b073b8f750af
SHA512 1332f14a9d5084e6350054cc889f43c53027f9fe6162cb6fdb3f20b034af1400c767f58f2bda95d0679a3c2bc446c017adc83ea802cfe17b82e1136f99b28d67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 37eae1a887a553cb5a30487cf05d66ad
SHA1 b96929fad252804ca465b0d1c42e1fdcdf5215b7
SHA256 3ca60784ae2754ab8ea617d86d114eb687570ff59c239bc72b1a7c94a22a2251
SHA512 6dea86cb02747006c772b6d456b372332ff3c5d359107ca7d6a2dd22b47f3fccddf75e844b3b14b4ce92c1004d14bbb30706cbc54a92e4fe8865171eb1a06859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe651d38.TMP

MD5 fc5194ae1eab6f7490cd905016f72c8f
SHA1 63c9caf93da91144fa64145adf0ad1baa3b5e8c7
SHA256 eb4615ed6dd76d5830168cde839d36b430007c4e686e9bce111f66c46c3f6420
SHA512 f8613a3780309596f42751e3a27607a0cae61d1a4ccb9f5860e240923988f4150cdbddb1d95faf8958361291dc8f649fa622cf8c3cec5e53f675d8df23f75384

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 238d3a63ab1e54d2c34d819d4f367f2f
SHA1 85866da3421a66c3dca35de9ee68631555006df4
SHA256 b4c03ba3368aff08b52f6b113ad2e34e48f5ecff50e763c025c71c79a51a770c
SHA512 16cde001feb20e96c2abd949b612b9353426d8c9dc2446828ad968d4d231f1fd9bcd572e76dc9deddac54617dad992d617365347fac312dc652036310e6444f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ff402b39ac46998968a6e1b2fce9b2eb
SHA1 b0a45769bd25cc7c4ae0a3371a9de770a27a8627
SHA256 8affa4f43530ed0fb36d70237ee9c146067f5ba9eda21cfe5df418dd64c36c89
SHA512 957735c67e02652f5bf6934d762721b2e2d94ce70f3654797726a979221678dcf7a6589ad8cdc29e3339839af95007f89ef3d9359550c7b7dc3b3eb5c91e55df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ac90f9546e93f90dced1a0df1dea227c
SHA1 d3374d18354bd683f560e5a952a38086c32fcf39
SHA256 1551169e779dbc979d1b90a133f86912a8aff937da125a51da6e9803afab1514
SHA512 55f33edc9e5d3048627e052e9d0a5e7736a8357ca39bc38e8755b996e7ec0ae880461383b0b035796b3dadc8e571eb1b92f5d3b0e6bc6644269d0b7f153fb8db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fb1b58779081494f063cbd94beda25fd
SHA1 2fc18d90285421ba718533a4c2161616860c0db6
SHA256 f799b2a1de665d736bb5a3858dec73e43d11e8e13dfcdada60030a9b634bc8a1
SHA512 029f99bf44dc908bca8cfaf8070539180b676a1813295f80806ac61fff152318b8ad720aa8a21a131f636cd5c7ffcd7d4f4981737b217ac30fbc70d62061f38d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c8129fdab8ca5e7e10d9daffec348c01
SHA1 a976951abf81933403fa51ed655bde903128e533
SHA256 579058a2513445b759fd752e0283ff8e41b61584f80a95e8aaec4e8541f9e362
SHA512 29d8899e8a8d2c48c77de5e7c1be07cec8de1623d35607e509e570b3e19c2411edead7fce562c755147d34985a160ba811e314c34f7ec66245a11bc2cddcecd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8462b97fd4ea254146c3621a41b8a549
SHA1 1908a61404fe4ec7dfff46ff323d1466b568d066
SHA256 37fa3dd666d5fc81954fca16a6ba8fa2bec26c4cf2e7a18b27d9918e63d9af1f
SHA512 a32c7b7c526bb35d3203db06a05ab39e9fc5ce0c8abc71fd01c4d0543561ba5df15d550b9429735ed5e352a4896a81ce84e8e684e58778dca457cb3a129eb240

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 ef632c156054a683fa8e4ba68d46cbca
SHA1 996f0045ccb2cb2afdd5ec1fadaa940c498dc69e
SHA256 dfbc22478bd963a9664cdc19c40fd8bb2da922fe472ca6d57eb86b15ef38594f
SHA512 7195a5d91bc3a14a6144cc10425bd6fce05d4e80430ce412a0a4c50a32779290f4bbc3c008bec9c3c9374d23ec2dc3d602f03f426825ed11f208bd16960ff705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 793b639f0483074bf878fcf19c131678
SHA1 b1a2ef0fd4d7944a9519e54e3201a05c62c90415
SHA256 b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869
SHA512 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4651ebf645f36e870b787317127a70f4
SHA1 5d8b21310ac8d6006fa0537763939ae13549e9be
SHA256 7308ece0cbb762fb772b3cd60c5b6dd5e5772d2c981cd1b3690fedd4693f9f19
SHA512 5469a7f23f0a932903f9d2b7c417328013790d72c7146a9e0917a0a0d70a908c92b67a0d80a692f38f881fea291b93365c672827ce28d365ce2d1ffb6949866e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b386597d7768818787e59c506547bfbe
SHA1 5ae57b79b0b62429a0d552a3645b16b5eec0a15c
SHA256 529991bdbef29e313eb9210b816935c6055d4d801c9c6d3e10922963c1654458
SHA512 a0d51cbc816f7272bef76816662c9be2c2f42ff26fa41e5eb60486de3961b8397592f61952e238624c6f59fd7c00b420226eeeb8ea4c91b91c5a1ed86bd6ae6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 89b37ea286843f0cc917ee6312608230
SHA1 030dd4c604bf39c490afcac43c941fde166e8db6
SHA256 bc8ce0115b6da050a8876a026f93f32e04d385167dd6883d96db7ee8c3cc6f46
SHA512 e628ba17918e74c77919f71d8694a653b7d3fbeda9a668c75ba57595c200495de8b202d5f48bef73bf1b614e60ff40fcfb60957ca89c712cdb605c3a85a7956b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 51b7b8ddc748a235a64293903f5fbd7f
SHA1 ba605d819da95d714344b16089b9140bfb06331c
SHA256 0480e2a8c8c08b48c9a222b434522a2b399a25f8dc896402cc77ace1d5f150ff
SHA512 fa1a64888d5f442c12ca4709177586433e492482eb00a719ea352f064023487b89d7ac4f8cf16e66316888bb34a04a17894f6cad618958ac606bcf5a1d46d4b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8be619a4ff17791ea2c5bbd24a82ae6b
SHA1 34019858ba7f23207ea06cf2d517c37fce495d64
SHA256 3a8ec31b064233384693e24a47d2fd977007b55fddd9ae3a37c7b4633681c2ff
SHA512 b8f6082edef8e0cb65f5e663c4ecfd2750e579000693aa1eb322f2f0acdd024a9d0a55f016cb45181b136bfcfd84bd01eb15e68ab40cdc02fc92c276293d1dc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd5818826a60e2af1ea4884ef59bb55c
SHA1 377d9c845041d127f4fb1d1ce07e7c0f8560c242
SHA256 db7ea69f9add72747753e9f164242dede33139c65c7a84a9a8fc8e38f3c8933a
SHA512 cb71ae41792c4956b60ab7ddf6229186bf081b47aa44eb111452a89c8e6ceeede29ae8803d9add52b95345c423f380656fd846eaa03db4a0f9e63f0967752dd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d4605d2310a2ba5c06b135a30861159e
SHA1 cb2bb34cd496c28ac63fcf40f4f77727c373fd1e
SHA256 e75cd06f0868172276735c16f622003d4b1dbf83a4c89c2fd05f4e6ac6d38227
SHA512 1244202470af745c6ecc64ff577c782f6e1ada586c210986143daebe2b461879b71c047be5b5f0aa9af010d09e24cc521255bf0254274bdf681f1d752a2e1986

C:\Users\Admin\Downloads\Unconfirmed 191745.crdownload

MD5 a2f58a117c60b1622eede88d2163ef19
SHA1 91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631
SHA256 e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04
SHA512 19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 cceab286992d9d5ae9267960f2e82a55
SHA1 7bd30d2b266c7380c6a601a7c0f47b5ac27fb667
SHA256 21b39ce26e0fa0b47b3b5fcfa4468820d3e413164ecb8128225b6dfd3e309a93
SHA512 5cbb34fbe68130cf1a8ceffb8beea794b2691fdbe5010f4d142eec4fde090bfe967c8d9a9d51743c93ef51d126ccadc8fcd20cfa21b7e776955aa3f7cd47558b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1179550ccc39f4e534aa4f9cfabd10b3
SHA1 465b05e4068ebb57949e8203a06685ae3641195a
SHA256 fdcbf28ca1726ea33656b7a2833595d3625ccc094ce624b5072e880bdb273b1a
SHA512 b695e7dc7a9738bbb82a70d8d6d27a50522939c7ebf9dd638fc0f36c0c0e8a448b0906c4a7311f377d5ee4c75191d78250396d33f7c6ba0c2cfba86d2ece4033

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9b14aa5c40cea780af0840c54cbec6c
SHA1 0aadafedc6e6ba3afba93e2d575f0b1178fa5a13
SHA256 97783ea69bd6fbeb0c8f39571173f5b1f129f2a58dabe9119faf9cda1b316328
SHA512 6f8e5c29540099df7deda2ce1517f54fcaf8261311b9be79694445e8db61739d5866886c4850cfd38ed758aa433f183ce8c206ebc30e27a046a44df2ffe0090f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54aee5d7d325b0928d661047488af5e1
SHA1 4328a200b4b59935c588a982cb293eae162a4d43
SHA256 5539a76e880b8cae5158cb1757bd326919e48d8714fedb211ac19eeecb14c65c
SHA512 48edac377b1db3ecd00c2eb2bcd365fba21e3614be855e65657f7721f5d4997f159c56adc565411276021500dd4f59186ba9059f553e405fbf396ff9e0967158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 63eefec27c6cf3589c7aa42c1f8ab0cc
SHA1 1b408a4d1b41a2bfcc753e1d9ca7a535cbee7080
SHA256 47b9ca7a81ae17f8fc3d2a29d9df67b9f2d3283181260f637e5006d10568ce1e
SHA512 c34a612352f80b75c1650c5bdedabdb3a22bb09e499dd70c161b08fe055138a0d53ed55420930ef68d5fd40da1663fbb14fee019460df768ed6daaa2ace89120

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 09f3991d76415f218e7b90d2c95deac1
SHA1 b61db1aea250e4f79686ded7f939e51032dcb377
SHA256 798212baa1042373fcd9075ea435755384565f28e141843fd73c3aaefa9b4fcf
SHA512 e352ca743444621ca0e847daba2ace29a9c9801be4c3ef1c929be5614457748f38f3f59afbc1de1c8f6c87756edce1fdf22e1a94a4219fb8bad192ccdd405e81

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 e284a7bdf53b953d5514c6abe985ed60
SHA1 91655419b0e29b53bebbd102127056f396af6bb0
SHA256 de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e
SHA512 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f76dd699b5cf8b046b741a6a8c4dad8c
SHA1 42d51fb59d178684c210d50555d442479b8ed477
SHA256 9a7da47d6952af4f49eb3ebcbdf58521c82c1ce1d18132976934171e09784a86
SHA512 d9b37756e2d9f753e7bccb07b056f2aeddc50ae0584d3321d6c34b4c83ecd61d438dd1fb78a23c4ad9ba097a750b7e989614eff7736cd1b8ff2aebf9208ab64e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7b5093531a47d3d4faaf63e5f3f41083
SHA1 9e4059b5f6b8c6641196d0e147abb047762de99f
SHA256 9f8b235e1437f620d97a3be3c65b8565c4da7b528dd6b0f0cbcf95cf1b2ac84f
SHA512 e87a8af5f70d2682d82c5059e69cf94bfeb40e5de4316fba7cd9cdb4b4fc86418cfcceb2abc965d70ea6c31cdbff57b1f06b8de8572add5035c28736268dc2b6

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\523f61d67bf4c528e001c52e84c35ef0

MD5 523f61d67bf4c528e001c52e84c35ef0
SHA1 f26774809dc1ea0bc7376606964ebcc06bfdc398
SHA256 834bd41f708d1393a528da769b015538b45b279b4af4969e1df54c0c426add3a
SHA512 d99d834d3632804160428367360f8a4c0ab6e1c9146ab12b07d6f44c30def1482809d5cac41ae84a64e5d8b99a4fcf2090c74e39b2692094168737501301b15f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 89bd74b9fee3ee36378f29b27193a201
SHA1 43ab898aa789ad6f6f1acce6294ef8580a8de1da
SHA256 140709748c34b8e1b687f7a59887e5f4b4a0273f66242243b80418954c96e70e
SHA512 9c62928f5ca9c7e5c46ccb07cc402d9413aafb8294e9f967448efcb05b6adaa8dc38037a94ce92e6f29d268f09c57892187562c7573db9fad84bdaa100ed5f9d

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU14BE.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 6baa25e3ca47acb3ee9dc77e23fc0655
SHA1 7dec08b6e4fc02bc45ad1f54939c4c051a60dd2d
SHA256 5be3b61274dba0d9508e399620905595d785f5f2a8761dedc2e459883334a24c
SHA512 539e115ab33dea20c1b85ac21ec48d7ee8c4a8bfaa63c623f9aa7b97ff42b8706ecb1407d77ddc3fa8b788ff672f94832bbe8c0d289bc4454bd97e5377adabd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 988a056ee3c5b81ab123a0b5adcf772c
SHA1 7af68139820e2dccfbfa1c9d2d357e07c64c053b
SHA256 3e48ecafb7feb2588d6a658394f07d2688aedfe6d51f0d134d3d998556ae08f5
SHA512 0674268d002b6b13bb752fdb4e7486f16237ecdb7b2c480510940c79d6330e3ed67b75200484a419fa173e1e91b57a85a669c716702abb07b7eeb1552d311e24

memory/3084-1504-0x0000000000D70000-0x0000000000DA5000-memory.dmp

memory/3084-1505-0x0000000073BC0000-0x0000000073DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 037ecccebd795408e2dba513e87ca3dc
SHA1 aaf3ca89476968b5304901252566dee11fa34131
SHA256 d64d52796c8add3ed68deda477906e064edbe4f8feb0fd40c3bf5d41102f5bc2
SHA512 c46eb76061d17845b8b8eb06adae16eab4eee893e72b73106df892e248be921c750a7be7e32905fcc7efd1440e7eedb82edd660dc8cf1f744117eccf3d1c1eb0

memory/3084-1528-0x0000000073BC0000-0x0000000073DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e142d3f70dd99ab7b7d291f583a3a37e
SHA1 c06eb0af12f1d6a344cb49a435a89bdea1882f1c
SHA256 133890ebf003c87f98fdb97a061fa6f1af5ea4882865368d4593269fc61f7eec
SHA512 b6be36ad516c0bb6e8b6ad3e2a1549c1539b784606a6556b20f180f1fbe25028b9059bad601099512dfa858369c8be2ebb7dd815906f59e00644bdd38ad26fde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ad5e9b6fa92067f22487cabb7a99465
SHA1 66ec557ff3beab6ed1147f2b1ab3fdb88c948986
SHA256 0307db20f2e074bd5cbb27f5ecbd37da7a8211e7fed50035d02234337020a814
SHA512 c4d49b0127217583c604a5acee5eadfefe3cda1407eed21eb07344eeadfeb9520189c9cf5fa72de2ac10a596517a5dbf9b69cb5dd97d4cc1ddb1334fde7d8892

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94ecc72cbd1b80b0e3743122d6a48a24
SHA1 20b121cf2df8891dac0fb4db6e00061c2fcc0a92
SHA256 b0f16200aad45e038c947bc337a3f0e009f61c4902f88501d5a8f81f0452488e
SHA512 a0a6054d09e71ee90776bb4c3031347f4fd68075b91824eb02013e7a9ac64a4d70ac5b020ba3c0d0ddd13e754a43b9be7941bd8073c6116b2fe3e1a590bc914e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3d8f6ed516fa78657cf9828a6a01a3b8
SHA1 ce50a44b8c503e5116cba3dea515b4bf9b48b057
SHA256 2a4289d74d76eeb9b0b29edc01dee9e43cf328f6dedc4d785d73614790a8b2f4
SHA512 aa923f29243437277804484e078574d98c2436807ce1a7ad11fd37997f7422a62c61328af16740d0f47a88d76fd9304420bdadf54dbeb46b7d2062248fe8e89a

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 6e63337a0f8c9ca0d3eff4f8d5925b34
SHA1 a9be14358daf561866832e4eea3150c2452f9096
SHA256 d90b58316b81488a184f09d807db22770517d4022ca0f865cce6816e97fdd51a
SHA512 929e41938205af0957c60a1877d7df3883ae60aed54da1d1de6fd2b96eb2a100a6ffae0e257e523cbe16f56ad2a86ad60ef1fa7ab133160ba5210f54686a0f8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 61492e50fb4c4c4a3d6ca84208add140
SHA1 677cbe95c8833a93cd7fa3bcc6715ff2143262a3
SHA256 898a5d7a8efdf2f3d96a7fec401d61ba5b9d84dc51828e1678b0500b294cc38f
SHA512 86f5089e93557f868ca62efdd52f6c28eb26d58e149834450633246f68c0834d7e5da0565a1759a0e4cdbc450c0e48e966a2b492437fb8df7f27c54d878214a7

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fe7209b97cd712ad8528730fc64cfd1
SHA1 ab8b64ab56740736b5bdeb7bd54de8b5298c3470
SHA256 2306d492580201c505790b4ea9fe657de57761a3a089cc8c45036b57af55dea4
SHA512 daa4d7095d3ac3e8293d27c9e8a5bf9eb6f323e5078226532c74a68c60a47c74b729d2dcd1d4520a4dbdbcfd46d389fc82b9b30bf82c36d52733422c7116bdb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 04f337aba26b9c7d85bbe23d6aa59796
SHA1 9c2e0a05762eaf3ce7d5ab3cd98dc3d06d0056e2
SHA256 a80cf3897ffaf4d2c45617025dadbffd472100190d3315c811dd107ebcf4f7d0
SHA512 4db461339fcaf8bc45920d1cec66684a1627b0f86808edd68001d5405929ef37400355b81db189501a50c32144593d42cd319b40da98d60484383142973477c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 98d15cb41035ea832a75e294a0d1f894
SHA1 240261a7694ebc5858fd24e293a404d14f8d86b0
SHA256 70866a908a1f65a0792abb0d8cefb6065836794392e0b163c3eff5f5341a4f5c
SHA512 2584aa048fbe0b24b4ef3301e9e7077ea5f9d00f19b767f37369985acb57aa690734c58bd871049f6401cfb13271cdd1aa8da7edb16018410566f971d4b6a8b2

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2e37e60e10226cf762d39b07e1b6d5e1
SHA1 145eabefefe935dd07aebe7ac7e4b949a3299e2e
SHA256 c2053c66da67809f192b82d9a34af471a78852ec5ff798b37eebc16839f6fd8a
SHA512 91fd05a5a83a7a42a7c8601e4ed972f4329c6a545515a57c0b8e403a1a321002bbcf19a34817ec86f05a41a4d89243c400bef9e87df9afbc947788408a2e05df

memory/3084-1679-0x0000000000D70000-0x0000000000DA5000-memory.dmp

memory/5036-1690-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp

memory/5036-1693-0x00007FFE3F380000-0x00007FFE3F389000-memory.dmp

memory/5036-1692-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp

memory/5036-1688-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp

memory/5036-1687-0x00007FFE3F2A0000-0x00007FFE3F2B0000-memory.dmp

memory/5036-1686-0x00007FFE3F2A0000-0x00007FFE3F2B0000-memory.dmp

memory/5036-1685-0x00007FFE3F180000-0x00007FFE3F190000-memory.dmp

memory/5036-1684-0x00007FFE3F180000-0x00007FFE3F190000-memory.dmp

memory/5036-1691-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp

memory/5036-1689-0x00007FFE3F2F0000-0x00007FFE3F320000-memory.dmp

memory/5036-1694-0x00007FFE3DB30000-0x00007FFE3DB40000-memory.dmp

memory/5036-1702-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp

memory/5036-1703-0x00007FFE3DCD0000-0x00007FFE3DCDC000-memory.dmp

memory/5036-1701-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp

memory/5036-1700-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp

memory/5036-1699-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp

memory/5036-1713-0x00007FFE3CAD0000-0x00007FFE3CAE0000-memory.dmp

memory/5036-1718-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp

memory/5036-1721-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp

memory/5036-1727-0x00007FFE3DF20000-0x00007FFE3DF29000-memory.dmp

memory/5036-1719-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp

memory/5036-1726-0x00007FFE3DF20000-0x00007FFE3DF29000-memory.dmp

memory/5036-1725-0x00007FFE3DF00000-0x00007FFE3DF10000-memory.dmp

memory/5036-1724-0x00007FFE3DF00000-0x00007FFE3DF10000-memory.dmp

memory/5036-1723-0x00007FFE3DF00000-0x00007FFE3DF10000-memory.dmp

memory/5036-1720-0x00007FFE3EB90000-0x00007FFE3EB9D000-memory.dmp

memory/5036-1715-0x00007FFE3EAE0000-0x00007FFE3EAF0000-memory.dmp

memory/5036-1717-0x00007FFE3EB50000-0x00007FFE3EB60000-memory.dmp

memory/5036-1716-0x00007FFE3EB50000-0x00007FFE3EB60000-memory.dmp

memory/5036-1714-0x00007FFE3EAE0000-0x00007FFE3EAF0000-memory.dmp

memory/5036-1712-0x00007FFE3CAD0000-0x00007FFE3CAE0000-memory.dmp

memory/5036-1711-0x00007FFE3CAD0000-0x00007FFE3CAE0000-memory.dmp

memory/5036-1710-0x00007FFE3CAB0000-0x00007FFE3CAC0000-memory.dmp

memory/5036-1709-0x00007FFE3CAB0000-0x00007FFE3CAC0000-memory.dmp

memory/5036-1708-0x00007FFE3CAB0000-0x00007FFE3CAC0000-memory.dmp

memory/5036-1707-0x00007FFE3C900000-0x00007FFE3C910000-memory.dmp

memory/5036-1706-0x00007FFE3C900000-0x00007FFE3C910000-memory.dmp

memory/5036-1705-0x00007FFE3C790000-0x00007FFE3C7A0000-memory.dmp

memory/5036-1704-0x00007FFE3C790000-0x00007FFE3C7A0000-memory.dmp

memory/5036-1698-0x00007FFE3DBE0000-0x00007FFE3DC00000-memory.dmp

memory/5036-1697-0x00007FFE3DBC0000-0x00007FFE3DBD0000-memory.dmp

memory/5036-1696-0x00007FFE3DBC0000-0x00007FFE3DBD0000-memory.dmp

memory/5036-1695-0x00007FFE3DB30000-0x00007FFE3DB40000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc6a192e3042a96f115e2d9495f4bd58
SHA1 9de32b3f16874968ddc7dd7bc5c86dccc3d8da50
SHA256 09416cb5015105f7d4633c9d3231ccefb19e92e6bfc559a1e997c844d5260484
SHA512 2c1a0dc72dd916109e30e74c86201b822c3742dacd65a8cec0843301c9e7bfc51960942ddc34cd90a0995a92d3fceed1ffe6d6a2d043e5145f4875e043b5351e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce5d5894fc93fe8ee08788cd85ac5986
SHA1 069c3d5a25a5686fb6c1b0af041abbbd9107f63c
SHA256 a85c9d3e23075e05bbe49c25a19711f5aec68f3d23de18887a654154f2eafe53
SHA512 5f104ae9ec8d3ac0039dfab5c8a63f5e500d1a04a25bfed623bdfd9a374dd48b44661268dedb26b6e97ca091e109c754e2f8ad8e063987d471bdb40ae115e5bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbe0882318ad901d4d50e0043c667a80
SHA1 a8142f10cbc163dffb96c9adfccd1163acdd569c
SHA256 1fe42910a933c08e5bab791fed2390a6d34d5f26cff8fdb372c8c420ae6c0601
SHA512 15807c33c3052293cce0c34529b9d2043d1dc16028741a2d974b0dc6b74d0352ee3f16a71157c78788e0d016ce97440f061fcebb38c79e3e7d6975e5d37477a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 adc71c6a02971e478e3e17cbb337930f
SHA1 fe203662a26c06e67cd9af55b709d0aabaa2dde0
SHA256 d64eeef7d9031c4d563ec4bd7e7cb4206b3a1b3a32ae4d84e58086c68a8232ac
SHA512 64df1421ae46fb204f1f3b87b5b5f9e04a54950f8793de92f9aee7f395da0c40784db3c474ed2d9cf5212baa5640e29c0a9b72b9aefe035a875d8ff65db09eba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8e032cf46bc8a86806d32ab4164d5de6
SHA1 2613aedb0cbcc9f680fc775afefa9ff2a6a1fcd3
SHA256 d42140af0d6381152a314f6e3b74f2c6b533f0ad72cafd2a103968f2df8edad2
SHA512 d0b081759b7a6dfe4fff72b022a5d93922b58db2cd262df00d7fd9997c9bddd5e78ed84e6ace01fd289ec43cfd0583492d912085102b40297fc807bdb8573ccc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7284b27d4bf06a00afeb116a462f534
SHA1 b5a72d54dceb053c9430682b49000ed3195e086a
SHA256 1827f0d888511a02ed8ab1edd384a1da0e477b4acc7b2c20ff48a5bc87e00daf
SHA512 188cff987520328b01c8f33f9416423b22d3df7a57b4cc9238ac4bdb2f8be6e2a182293ef7f5ce5ef1b2a61a20b9bfff07b649553b9d9f1b61918afe94021ac2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 79509c850106c0d918d16e45bc1f0aff
SHA1 dec2a0014e7813a694f257351fd9a6f3663d4cbd
SHA256 425149b7c086b6080bfc88f51ac643a1604a291dfef2e97d031ddfd3f29da5fd
SHA512 7af3ebf2f9d7dfb6714493eb8fe83e4012c6cabdf8f21d225af713aefc954f6755e4e9987959d82534b5fbb445b62c360c49b209a0a5419e203e1f5d870e8cda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 72fba7a2ee9900a3d6b22af14e019938
SHA1 04cdf1aa48725f60b4721441f8b2434bec1df107
SHA256 5e5b7abe469e698f458fcda1d7abe9f6cd3b9833cae2e0917740a89f6c0e3344
SHA512 ca384cc51140024889ad7b65cf824351b0078799d8aafafa4fc931939a334a0251faf595f03fedce8587eb45580b332e76822322d07bfb37a5c7aa299c315dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd97319e2eeb8baaf65d7ecb3c57add6
SHA1 732cc6bc5206f2da9a1e8da202e16cb24352d2a1
SHA256 aae563a4dba95d79f7768057dcbea78d797a58902c69e7c51243f9df8ce035e5
SHA512 10564f6e9ce51b091f9d41d64ac46dffbd2c43d6c2a98e76c582abbd76d10497fdc1bfd93ecc792d23c982a0248b4d1ff11cc18ed54dd83fff585e59da5800f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 23ad378e4a6cdf511929da33674485ee
SHA1 88d9c6eab91ffd842780cbe4860c5c4f26f8b71c
SHA256 772edd841641de347549d5f33a53072b551c34926b8ce7b11ca3a097752fbf7c
SHA512 c79c5c4f053168ea8ca79b618f2ba4ca074d214f0e85a1a230cfd19a6e955730c6a2a87501776e1ac000f18fea625066d5f7b91af55550c20896b8320d804679

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 432fc402d2f2cb47b9408b5b4a299b03
SHA1 755dce0a6a08410ea87528550ec406eda847b45d
SHA256 d8762c40aad2e6204ec7a606f9d82c6710d8af417c7624d4b0c7a2ed138623d7
SHA512 fc27d1a85b866a22b9bd5a0c2ba0c17ce2ca36e08e2bb7ec41eee0c1ed1748d6a8797660e52dc61233ea67e46d0d8121d561967e74084f15b10b0e59bb9c3524

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 803da545f02096bc70406ccaf4f0eba3
SHA1 0a9fe91b62d1a769d018b7c19d1874fa9a138879
SHA256 e18fe2699cda8c4a00bec5a96754b211084a7d160715783c05b4bd2ebc5b53d9
SHA512 e3ae43da1b257e6b4d7915ed25869a4ea810320d0a8ddab26f204246295537a7899a2296a3d870c9ece61097bb924fb511edf2c9be54ab4451b1c93657b87c49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30c5f60b213ecd153e6485720a44f389
SHA1 d6959fb07167b18a04b19adca82e91e9e4c401cc
SHA256 edd7ed6631c44fe99a2b72cb620bcbd2dfd9be36125b9510a924ed05923f9b90
SHA512 bf005026122d2b059c820bda18e102345e77d4cb4e282a7a17052ec2ebae25a5edb1064a16e1411ac1424ca1c41eb15eaa768a88e5eb9d7cae3c57d279f4fb2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bf59a8f830181fe8bd6544c40f08891
SHA1 505744ea8c8209e985a4a49edbd5a36cfc8a408f
SHA256 c8612aa27852e7d69b69fa8f8f2517d01d21ad58dd349b183d4f7f7c5abf1131
SHA512 953741c29f7e636f2ca38b0576008cc9325bc32e084f5f12b98c15c8b118bcf46669adeefc4c941c31f9053aed386be3bc8b7fb2ae7f48040150c87c1b81b711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4eebd2b35490cfb36ccd4bf15e6f47c7
SHA1 408ab36d1cba604d0fe58c7c82b6288316ea66ab
SHA256 2e99ea2c276bc751de76eed14c269e9805c96b54162f59879bdd23616c1a0e95
SHA512 197bdb720635b669667e115ade390c037fc7dfe5354c7fe94a6a266aea1ade299bf6ee78ff54afc824402ee86038dd3f112c2eaa9d94c49c27a2d4f6df0930fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 094c42cec6975a32b839d5247030924d
SHA1 9962363ecf08b50cdbfc022d2d6bcf0fdc2dec68
SHA256 dff8965c21de8da0beb823cc9ea7e679e7631e9be379971c1eb5106a75c646ba
SHA512 575a5f07806e820ae0075641f863aadf8e57f02159124d7e0f1de0cb911502210e65a998ec94d121953845c5461220527a7ccb6bca3143ad37bab1ba34cb1445

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 857b901297add73c88b36a5108178d72
SHA1 6fecbef737b33c36f4203e6dc884be4f6e3c54d3
SHA256 5381afc914e6ec00e857206837407f2c4252569aaca8457ce774f7b5ce40a522
SHA512 87d061f93928d6321b2803628463599918027b36cb05bfae0ce6aec49739b21e034bcd142be7867342dacb88862c05f82192f84c4b7bda0d06715bfb509b5029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d5566c11fcc8f54bab110021eddd8024
SHA1 b6da1a97d9a636e9325cc3a22548f9e1d1d12ec6
SHA256 16fc1fabf666098fc2909f1f7962e936978df46dc2cb3e208ef3059971a90234
SHA512 559b25745189ddc1a4536a7d71e334873ccc67b6179356bf02eabc1a379bb37f6a1495c32792e83306eb6352dd762d06fedc3811f5d438c50f01de669ebfff7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5213f7d6de3044ec7cc4115831d24b10
SHA1 930f4a259fe6c9710e5735699b1fd0d62ea70478
SHA256 673b3c143477bddd51b15892c085737517a6e0b2ce000f15a5bb9becff5cebfc
SHA512 015a9d72579641892a542cdaeecf76421deffca2a441392b2e1830e91596c490c81e3f0cc4c24b92d12f4f5f72baf84cc6ee5eb8cc4b091d74c027bc4a76b599

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e505d55f042692db1682168086f29c2b
SHA1 e8b2dfdab5f6e8788cb086ed6a1491b5f16ae344
SHA256 77275ed8db16b262e58fd170e6e4c752eee3c4bbc2985b7c4b5f936b7a215b1e
SHA512 9d3889cd0cc98969140d17cea1f1ceacdfd113b14c69601d02ec873092dc064f6ca8403d3f82efa1611bf07c7175ca437592524058dfb378c2be1bfda21e93ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e0f1a0700247c2351db13a61d69e4c72
SHA1 5711223f5a4f319e226f29bf8b861cbd1c955449
SHA256 acc0f98072117838698d9a54f707aa3e6978c101560794bdc335942c30ab0788
SHA512 a2104e9241261ba37da7f2f7ee1a39105b437932613c88e637f5da8f23bb46ce4f360b445dd8f9a060434e8c3e722b4ef7637b88d4431f2a5e7ab799b6cfc600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 16639b4ee9503f836c37f21d4de1b5b4
SHA1 99bfefbe39e6b180eb3e9a8194a883b2dd08c0ab
SHA256 03abf1a3197d30b89b2649585c2cf40ed81023ac0563c1fb47ba6bdd65838d95
SHA512 f1f20e305ea3e5cfa8f8045ab3d3fab9c6bdb17c3b85e1ea4d7056c7ec84408d8883d101ca423af669e85480944102e4b6858ade84e1a301a35b5c18118ce7f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df31b987ccfc2ed01baa82806a464227
SHA1 ca83daee51f7358ac8ae066c5b9a832930cde701
SHA256 8825bc18c206935b49ed160ea29d9690344000df6aa761e96a0ca65f5d9b0352
SHA512 9a6f91a95c1eb30ebdba0f60617eeb5decb154b7437297c04e91c645c689f625d97e4be249b6440b89249c2d660346fc0654f40cfbdf86926ee8587c03a1284f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9df05bf48f45d22f4414624871c0dfb0
SHA1 d903629b818c6293429fad9bb06bbf1077cae90a
SHA256 dd27db01578278cd987924f13aed4b950b2a5e51f9b3b2522a54763615256df8
SHA512 d9e37d9b272f66d93b9f9bf546376ec42bb3b3f361f808e1165dada7c54d760441a34dc9ae1b2b4c1fc8489d66c7e5ad83fe4d29d14f96927debc67e5230fb3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac618d10136d7396fdc329cfb8ac9657
SHA1 f8bd6f1a0d18541b243498ea443ed01d1224febf
SHA256 e447ba0a5e2bc9772ffc25daa562c4a779a4e794fd11412bf4170e9e8318f646
SHA512 da3e7ccba05d387b2582dfd5963d418d171308b07d085c1267c4eec472ed8854acb2fcf720e62722dfbe3002190136836be76aa70b99b2e8fb44580f7e8431c6

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28ac91bbaec5708b724939cb7851af64
SHA1 2c101e720733723cadb324db99f295aa27cf1f6c
SHA256 807a288c68e7bc97093b0d9fc94ae4b4bc8b1c58d9741ca6b3228aa72f91f97a
SHA512 1383a87f9d56c7bef22d69adec5da9b12938004203ac083d68449749777fa04be825778452d05f395d4a3c3a87158459b8fc7eafdb9034b856a1f9f3c30c4e79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1d4c9e6efd5e73922dddd5608c902db
SHA1 0945698daeeae5bb1d59b37b6528249f7c354c2c
SHA256 7ebc2657518fe6f6c027dabac2570fb015596a9256672760b9274b50f47c5b5b
SHA512 eb056f35582587da6171055a7dbbc7c8f46b8ce1134b19aaf484674a1051f88ff25e4b69e7f0c40ce746ae740b1a74d6c607b46952f6148d132081647f1afe9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b1aba9ba21874d216fd0d69f8c1120c
SHA1 e8e9146b08ef086a8dd3eca197e835019d054ed6
SHA256 b385d6080f88a6639e822b1d64548864521f947184865a3913a5002c957e5b3a
SHA512 9e0d278fabdd577142905e246e6ce1d2a28afafa73c1a64fad64ade6c907c2ae1920f3623e46e802316ad88d720a5ae7225c81820a9717ab70dded7f04808448

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28f39c62ad0ab471927e33fdc8589ab4
SHA1 67c375c94f2b2a03009b3d726d311ba857291bd7
SHA256 36d2b960f799a71bb327fdde96195038192831c34aa2b0b4da41543a7102c914
SHA512 4aad9c476ef3a1a4f68555d9ddbdfe9b00c7bab61ecbaf0e5ed4950fe8715b513c76cd86f0aedc6537296e4dc306e09fbf0cb84b0cb93bc832f0ea4cc509b4f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 99ba7f465143b762780f991f4df5555b
SHA1 abcdbd436b1325969d5d2718ddc239d1b3f70a34
SHA256 6f4b2a59ca70669acbe0a86cf45fa2234ed5fa9c651f3bdbece5b03a962d40e1
SHA512 1acc5d041b88b1bdc5b45a92fb569e5bd579efd52f060e1641fc62ee47bf39a20e2031dd96da183f2d05672a472871fdbb9a5170d17406a8f00d1a6f38b6ff50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 939bb3df0de3dcdfe878556dba8d83d0
SHA1 565a6af5c1702e703cf957045b229f22976148ed
SHA256 1713c724b5ccdd7200aca582e5c5405e0be8482d524728b19a2aff250c9cf888
SHA512 a3417f51ce75a70ae911f61bccd37b178dc3e0e2a6bcc75a56b61470ce43f753372284b5bb6692f60686fbfb74b99af1396a09b1114fb40c51c4c67764ab81e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e4a510fbed713ebf98bf8e8cc703368d
SHA1 16fcac511d2a379b8ec328c44d6fcd47c5e05b1c
SHA256 66ecbc737b1dfea1af14f5b028dcc2426f4d5e02128dea4bade98b7bab9d23bd
SHA512 0bdeac8ba3c83f634e803cab53f39389077ca9d2a50278b224f0722e4bdec617d68e7d4b610df15b10e79474188b1632fc240e4f321e6cb41fca0c7d83ad203d

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\AppSettings.xml

MD5 431a6eb20932ec1c56682a1f60d231d3
SHA1 40bb32db040cabade103c21ba5b6f811dfb0773e
SHA256 d5de39863fe721668ce1e115e0fc55a7c733747daff6235d27dad3d160c84dbb
SHA512 0969b9484bb7c661d4e0452ff1c77396796333904b39f24c56d5a92ac4ed4ebde9b8981a985c6950b4af2852e8d9599e071a51ce4f9ef21ead778a2fdc76fcec

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

MD5 a3bb286324d5eef600b140388f5ef9b1
SHA1 d44122577b88039cdb6182c05067fbd0c4e7f175
SHA256 edcec40b7a831e3a244727e0345f8d770d9733291b64597761f80a6b294127b0
SHA512 23112ff9e233e8c4d80ef65fd29fc343cc9c217d14bccc3ec3f39b4a1d16cb01e827d49659a226979a1099e6120ee32b217950182b5b249c36111971b9b7168f

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 13f5dd5e7bfd567b79ac5a61794c4451
SHA1 1c865bc0612843f4876e8f5b218bf260d6a35125
SHA256 673a578ab78b6721ddebf4198175b8fc88311cb5f11d0efb5abb7436acf517d9
SHA512 263359a891d0864b56aaed3d4d71799e9f2790dc99ca857a618ab19041789c30dc47f47737dd3ed7493296eb918901671fc4fe7a6e72e400582c7d4c8cae8642

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 bb736186cfb5ed2a3605e4bd88831b29
SHA1 ab05105d2cd9cf737cd25f8af5f75364e1d51ea8
SHA256 2dbd3a96b5c1e3735ab0b3389f87f216133152d0ad1f5cd5eefe40a56db318c9
SHA512 567be5b1053a7718fb7bcc7a62195b31686c4f622ee3def098a69d8fe7d748f135f4370108ad622efd25903fddc999dfa82d2319e0804aee5d225ec69b20e649

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe6f62cc.TMP

MD5 30274bfca175168287977b8e984938e9
SHA1 ffb1165e90e53d51b9b3ccae65c1ee85e5717ac8
SHA256 000c395dd3602a413e67aa91577caaa235dee3a1e6e70b6bcb34f1815896d8ae
SHA512 1802e7764cf717ad59492c81b217c4e9754da0b8461822b0ddcd14dd95799bff1b0c3291288f4c74d0511d9e6f6f05225317a4b668f313cdf8971a6172b3b1c7

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 d1e82034253085b31940df772d0ab1f9
SHA1 44a42c81c8dc2bc282236c3fd00eb08ca4bd4fb0
SHA256 520bb574a01a94cdd0d7d02a3130409041c5976a062e43aad4366b4c7d6c8487
SHA512 4c517b2a5cacb8394b4fe074b54f4d6d911d0cd4d96bef475548bcd29ffa55cac7546fa7048ee67c494e9cfbc739622b2f16cdf5cd0a818935f180067f1a86cb

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 0ab44b55581e9e92a9ceaff886e45b96
SHA1 8825f07af08d94aff0ca5a6c94de7bc2fe6390d9
SHA256 67d6b84449a0635aad602dfb23a732051dd965b8ee1ea46872aa88a7d58c5d95
SHA512 ea181bad5b30b8510f248328bf3dbb71196bd6864ce22ab60aa83b95a396d8a5cad3c0b6824c85315991624b1ab8df0ce17d33d64006963da993903b49e78136

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe6fb89d.TMP

MD5 8d980ba4faba8d3131a1343e121a1c19
SHA1 df8f6ebd6c2a33c20e58d0c9b14498c64553b2a0
SHA256 9a95e3fdb9f715421b779b7f5a474d6c03e2a03654c00e19c1d41f56507d0915
SHA512 b24daff4f2599d467895c41270d41849bce3e7631007bbdaf9bad83bd46303f8f1ebeb4ff9fdf6e44dbaaf9780fac2311c26c96b79abbb58928223d30da27d95

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\bbad343f-6056-4c5d-a4bd-0282f4b32576.tmp

MD5 1d27dd6240a70d6b7ab5b86d0e1f7579
SHA1 f1a9a594c2ffcbe611b91446ac312e9061fca7fc
SHA256 065b21e2cb5abddb036ce271931ca3bd02ea09aab099bd19e293f8b2913068ef
SHA512 2c86b7a5ca803e0371a963a1db35a387871477f52eee6ff7b846de4846c0ee09016073c174d060675dc3622f151d63475559ba142fb4b1ab10ca57732a76dd6c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 5eca534315adca7f5b8e2ace611cbf4b
SHA1 ee8d5e18cf7ff26e9034acc4a515e800171f8c4a
SHA256 250aafb02fd90eac5da77fc9ae2065ec3c0506c6b0b9f294acadb980248c3bce
SHA512 347c87f0b16eacc46ee6b87e3cafcf9dbbaa672735c4830cb39d72f0561f893d12752afdc15938dd9861a4be95a41d23bd8f5815f88747fc6867494f12c6f159

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 39b35541a71ef41c256783b1b65ce4fd
SHA1 5b0af0bbe83201219c34b59873d422deb76b1d4d
SHA256 d1d3170e8996f67b80ccd30aa839709a56f92d4e79e64bb6a9ccbb9c0b143a01
SHA512 81965e07ae1b7907eb01de73a48a1b5a1fe37545b87cd812606c9b630d29b2ec88b0eb74229a3a3572f7778391944fcc729f928ef791938ae82e79a2eaa223b7

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\SmartScreen\local\downloadCache_

MD5 47d41a980668e9bfae197488d6d56feb
SHA1 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d
SHA256 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43
SHA512 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c5122dee5f7874927d9273eebefdd8a4
SHA1 799c047bdc7c45a8ebff0ed02c44e22b869e250a
SHA256 9e6fd696b0401067be5897a7a07cbdfbf9d1d1732bf2c40bb0a4e675dd87d15a
SHA512 d2674d4a91b3767fad273615d94378659269ddc2f66baf868935d3aead76c39725e355a43beb5804bdbe54e7b5d8de8b9eab44621030ae4eeea337d7a31dfae7

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 967bb5a9db2465212bbf346f08a0d1c8
SHA1 d11e8d1d25c28262093249bcf424c79709812b49
SHA256 212928a954b51804aa188763faaca19e5bfb370ba167abb87235e547eae74005
SHA512 92a868558c04beed25148c6cbf13fbd3aa47cbd684f147a277a69e8def9a2dce346c9bfe94396d28b9b3d0bdf089f04c6d9747b517c5bdc2080b3ab32b790bea

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 6bb4d7bf3f64df7dc13bed2a87bc6163
SHA1 85bf5c8b356325e0265aa49c6532474209ac80bb
SHA256 11d136da218f3024898e20da59ba5c8776956e763a7b1221fc75e748b37530c2
SHA512 53b1b63fcdeab693a627e90eaf8b2199489e4243356548b8892f6f4454cb3ccb4eadce919539a5db7b7b3f1b91dc215f84fa8e3c7d2c1987d7e78369f8c1eedf

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\temp-index

MD5 8a137df2a053b1ce5f41b845813a6497
SHA1 9f0c936bf1ade71e6963233d1f5564ca5f101827
SHA256 81a74888b2b80b6ae5720ab96726978f412378eb2e6aeeee5b38eaa1e14c371f
SHA512 54308fd1ffb6080892a237112af631cf4ac11f1291663c7cf1f5fb0aa81bf6ff59a7ba50590f7aaa23bf0d2ac68209636d1a553db3a9cd1cd0c518a51d8081f9

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 18358e6a2f71933f100cfb852e1b909b
SHA1 063b1251e15b292b77e99f2121bd99e82d08862b
SHA256 66974d005581e9d02599c119a7e6b28a08c06e7afebabd2116142469532394ed
SHA512 f91cc2ca5f83c53bd69467fe070f148d3d710288b5e418cc51465e6feb5070e35a7faac727d161434e27bcdf689fc8642a2c4e2d0c359c54a74566d0457d5f4e

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

MD5 9b03fae05e5f84358673618d8b17770f
SHA1 634a9ca98627f9c0a6a5cdb9dfe5d171efb7a6a2
SHA256 8e7b4e39c261d7c1cf0397dd97588b080ad0235badfa6eda2408646e61c3d36f
SHA512 4635ea42d885b7093902e4e15a449ad24d73180fb203b9bfdd2fb9405c305cbdd2ed9a9960462c81c76319efdfd68bdd906bc6558a5a2861dd311472568bd2af

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe7076cc.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 8a18a30f7dffe74df2a2204a73679849
SHA1 2fa800567af60682d9284f9b99ffdc5e75dce880
SHA256 bcc153abac3c7c234e124b3a9ceb44490d3eaafa01d143e829023738612cd346
SHA512 c93466796d587f7f81c7855bc7a9089fad76cfd391e775b1cbce03fd063c9b606ab4125e25c93f412d01a32395a5aeea75faf95c9b4f0a71b638821f4bd2e6e6

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4772_44267454\manifest.json

MD5 273755bb7d5cc315c91f47cab6d88db9
SHA1 c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA256 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA512 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 2cd2405561feee59bd02c57ccc2f5506
SHA1 2a00c5e7e5a77c26b0f40b8abccf546540b7688c
SHA256 518186e1e5d79dd3382080f5845fa0854e6465eb5c62bfd41f3651cf9eb0377d
SHA512 21dac3e1e778c86b7b6dc272d3eddab0cd3809cbe3a3cee14acba66409fe173e9f6a9c4ac0eac4cfaef7ae5cc6149efdcca23c79da27f6cfc975c08cb324a809

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 1a5b7bb4862a7ecf1d440f34612245b6
SHA1 2acef60fcd9539d25950f4a6dcb21747aaaddf18
SHA256 f93487d0c81a3f7afca1acffdc4a9e2513a947d40d524ffcc53df3a5f5b8224c
SHA512 6358fae24a31a3ae4caef3bd578ca2d6e33020ae2ffbc434f9b2b1f7d43e43d715d9e0b52ba243f7ca35929b589e588032b6a5b45bb7d0d3fbfa8c5267ac853a

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 b869a3c5330ea2d5548f566b56e2029a
SHA1 853e7aa940f8a9f47e1c435075a1e2804b367058
SHA256 5ea378de96fd69fb6154c093ddce3867f4b8327647da2609c7cdd7c39f93f279
SHA512 d9a100502d7e71079b3c86c2c6926e9a317fb7bb19f6099e159a7130a52e895ef204953cd9331d191f864cc68209bc2638ef8d252fec78789d2c386532eb5a5b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

MD5 cda2255357f0e61db157d2521e61f0b2
SHA1 0f235ecd403324a03c14096fb0643de049e5ddb3
SHA256 483647716516233b327725ae5be0b4e95dcf9bf4b695092646b5a890d7d61c7b
SHA512 31c4e242567c6409db59b86eb290ba12524ff74e4faab3dddd59bad403fdd4ba95bbc13dc0d281a60f6d2d5de4d515d42d4ccec8e675bc0545950fb4cb0455ef

C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json

MD5 30c7b2bdc35c650d2b65150241646816
SHA1 94d466a5f5159784155b6adcc9555bfdae4710c6
SHA256 0784d39379f0a4f971777844ba07550aff31a3d5e32ce1d1eff6f4c7d49b90b1
SHA512 8d51ef924b6c8f46a7ced69f188f2ea583ef3feb7fd84f51a8af8810c51e5099052e2c1513f15ac6fb83fecbef8c984fb4e124ff524c2b20a437943dc127465d

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6

MD5 719b1d2d8267467ddcb5422942fccbf2
SHA1 96312adacb10f08125687bb0bcad4ae2e5e286d8
SHA256 aeb56f5295cb1d6a3818f973b775896cf8d2d1fc79c98eba8427ba483c63dd9e
SHA512 7bfc16e1dec18a37bf199c301fc8f5588292b6578bc30831dfa84626d1eae090594f2d81c6ef5974cc60a7667cc25d0a4e9e86fc45d89fffa77bb8594dea8390

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

MD5 74c83bd5206ebf63a1462ef4f9e736bf
SHA1 6e83a43500da60eea23ee03455436afa5f7d177b
SHA256 b1d95e0ab534726a5a17106bd4e1a2905dadfe58392d382a597feaab1230dfd0
SHA512 5369a620f3b390ff3b815872c66976046e1679936e2aec806cbf2cd17f70a37556a3e152f7f68776cc4eeed49b5bc0656e59aeec9b709badd1ff2cd671ed0353

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ec

MD5 eb9b9d13d9938962a6989b856b10de3b
SHA1 93c061e52f3ecd5a17a267b39ecddcdec65a8aed
SHA256 62f2b43295309751c8d80b6324b4610d7668be3dbdb0bd181b0a465d96417632
SHA512 6199f5d80cf9a51e99d15d8337ce00cbc7ff5fa80a1e4ed77b0cca5ca30f920efbc69446b0dbbd407653f6aeed66827da4ef5ae9b1be8c39e4a68eac2382d93e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8

MD5 7344f0e0545698a4bdc66979d1b6eb46
SHA1 6ee182ec6fab829b12371c97e2361d08402f127e
SHA256 3a960bc1251da2e2bc0f89fad127dd518271e36ca4fdb3392d7f5ef90af51857
SHA512 a935c906c41900f757eed3e8d99086f0e4a686b85126ea195bc9b9b8efcc0976d5a5ea9a51a8e3f969dc9aaf6803d5007ae6a0cb4e664f7a45b7b1fa2c78139e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ea

MD5 b9ab54b66a0e3a4cf03c8507a471b71c
SHA1 7f167a471937d0f0ac86eb9cc0cef87fb81da63b
SHA256 b8789a8e470151afd941458941aec7312bc04771da0e01840205ae2ccdd89f13
SHA512 e1b3dbb86789c3bb794456e8a748163622f688cd6f747811ba97df1068d94c703b5f58923ffee4a7073164e0b987a8100b2e5ec90ff436337d4149a1a2c52aa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000eb

MD5 fded1bf03bd4c68fa56819da3a58ae72
SHA1 e65202543881e38eb7dd4de989098c80885884f3
SHA256 859ce0c802f3924fa307b3107450a6b5fbc62de10fe788f665496bd7e372f5ca
SHA512 ad8867205b60104f902c747fb87d098849ead449bfab8bb6cad529ae618688871b964d2183d08f2bf552f701c704b929d677ad4a00efe3e3d1bdb48e3d93b593

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e9

MD5 5e02a9267ec2ed055d0e373c3e7673af
SHA1 31b36d3536eed29e0be7833672aa77d74e7828f1
SHA256 63158626ccd5bdbe96b2f27bb9fcecd736cbca03ea63cb7f64ab76adc30dddae
SHA512 13fa99a4220065cdccdb6638f183540049e9b0c893c6b6fc683d26442b5f16a7282bc837f5863629e6bbfdd6593018d647e1116e8ea6aa9a68a836b0acb70fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ef

MD5 97e5b866bec9d75a7f2201c3d6e3820f
SHA1 6e46bb93ef1cedb1053d2a800bdb8526026810cb
SHA256 63a73730756dbf969d3ccd943c866088de36819ea33fb624a13aa04ecfd59f7e
SHA512 57a013573cff70b2cf5c38fbdbae57a1f834df0c1eb41a722a30a2222b754590a2c8710d45bb044cf7c671f7ce3bce0c893f67e6c9458d514f0ef922cad9e2e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed

MD5 7495393be6bc910e7199b7187099ea7f
SHA1 9b316d89d38c6b222ee138f4ceae01a0bec2234a
SHA256 f6efe4a9fcff95301e28d878edc64181fdc765f19ae2c2be5f476ffe177a7cc4
SHA512 15e827864f51c48b33ecd1f31401044a22e82a3f1b09e020269faf2995e85a147121d54bd76854eb585de898f049ec68cfca61b7d4306f65709a4308f78ce453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0

MD5 3e63b6591c42393a360f8ff574499488
SHA1 b90a4f50cfd4c43b51c91b735f1407d24e7ba640
SHA256 85a584b56443d379a3b4f0a7f881402e7507d246bc199e23d26e513b2873b0ab
SHA512 86f4d1d76a6b50653b53dce0e815fc40b89e72c5a39bc19f28a0c5e07455ca3ffc884664c83a9449a0a77c83305f89aadb765317631e6278ff67d4ea74e130cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 444f42dcc5bdea21719e5a0cb9519de7
SHA1 53d64f810099ce6be9a9b3ab1a1070c916cde883
SHA256 0f811f8e3234f50b95e8f2e6363d525925b636e9124b256bbe99718615b9b752
SHA512 75d9ca8bd0191ea220ca9de643f63daf1d59af2bc19fe05bde35b83c203f6f01bc90edcc6fa82ecfa270089c31d28b0919648c12e90e1cc4e4c70f125a60429c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40d1f72db5572eeb3d0e7c64b4acdd37
SHA1 8680c439f47737745351df65fc32b56d4a7a246c
SHA256 76d3fae714e12d3b88e3ad033d07c1cdc9d94fb7b5dd3c5dac57123150faefb3
SHA512 79c20149c25f3797394507829c227456fd1d4b64c2387a556de2661c4198913d248918f6bc783ad661b712655e4f32d1a976c8c2a623ff77d70078c9602a2cd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fae675306574398f53ae9f5618f9b8c2
SHA1 ff69b43c16e557fa3729357becaeabf1fb776be2
SHA256 f01c48eda8ba246c7dee7d0e1abb8101435cefab084759fc9cdc233b62806966
SHA512 514948a436fae4fcd58c90c31ef8874baff52553951d0095af338b83b87cf8ae600b7a4fef13b1abd84e855345b235a1946943562f7af3649878444daeb1f45f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ee92fe055f6c928e03ced28e064e3e6d
SHA1 ca03be8a60aebc5ce2fbdab6d7bcdbd628cc64c5
SHA256 6809f7859fff46843255bfaacedf1390a01140cf3b1e5e026e71a6f69fdfc5a2
SHA512 549ffb87a7dde98343a086fe8a9ae752c40bf411def3453da56dd9c5c06beba4b2f0280c316508e781199f9431ad4369212cd8be3000c793c694464d40eef5d6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5d34a1f5416fdc978c6e0c7edc7d67a2

MD5 c76ac26f80988d0fcf03874d625b86af
SHA1 b04a5e95018f8eca571daa4077e66626b9ba0de6
SHA256 3dca66141315cdee30f7604013deab2fcc1dd74af93f9630fb700b7606f531ab
SHA512 23ba1357212eb135ad87fcbb81bf73fcf2e189da34f08ca1cccd40d763a856e9ca8ce5514af395caeefca2b0dd3a6fe3b8d43e060c5baf5139fb357fedb90a59

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0cbacc9a3c6aa07deb13db83f658936d

MD5 e3690a37568ee9fe7f191a17a47e2146
SHA1 476c939e0ca065001820946509e36ac2842fb1fa
SHA256 b8da756d34febd98745815e7ee643c49dfdf1adeece7fbdeda22487c06472f28
SHA512 c7b777cb3616fbe210b58c1e2395ffb378ffb36c2fed3af8c634e7d39667b9b433386d1a284f936a1d4e10e76c7a678e97216fe801cf95a0fc3fb313fc4514a3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ceea000e430b7c9714bd62a61ef5eb0d

MD5 e6bf3b994b7bd85aa47c17406d367d2b
SHA1 b18be2803acd9576aaa72bb19116b09680f0cbd0
SHA256 92638ea5cef2b20242923fd21757df86c8c434ff12243d480250364b8480f2fa
SHA512 3e207bfe1b30c981fb533971769a4051c0c87ffbfcabc012606ec939c5b66f2bf59cefeb85c2b903856d6396584b2c96472965c11d90d6a1ac9f59b29cf3d664

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1aac6bdbb2642f3f23fbed64d042c3f

MD5 2c65a49f36fbe81aed88d7626a0112e3
SHA1 832fc429cd021f288f5ef9531e7dad6c9c6507fc
SHA256 eb8f138e67962a5c7db64722b78454da2e3c3d656ec8d72c9bec566f10a942de
SHA512 4fe7c7a7e439f6b43bc13af9291994ff913fa65ab1d77f162c97b18ae505b1c46ffb2c9236b7c9010580b095526a58204bf182aa5d476e3d0a006b2ca450d181

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0f10b6865c21c904e29f52a54a31f37a

MD5 38b25c1089062288a7a9a8876138e465
SHA1 d7dc1955cdabe9a50ef4f6b345c9012e3efeb56c
SHA256 e39aceee4952e730f1a101894520b046ff21156ebc79c0f8e070e87af20fdd29
SHA512 198469bc9aa03de2c29b322cee7714a67b1b421a8fb0b6ade7148f54fb5ea0a37f6afe5e80f052f41815174363ca2b2dc8395534c624f0f87d2f7a0e9d773dd5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3e2504bf31b5aa0ab48a8ae5f1dc5f1e

MD5 6abaefefcacaf36071c43e9dc51f1bda
SHA1 a562a7fc46cec9c90e86fa570267864ef2249a20
SHA256 55941590b6aff4d570b3531c493c14c46eb687ed9e4de19200de1681987f75ae
SHA512 5fc4b6db68c03630673789ec5f5d017709e5a9011f25575c0e428f4a21c30e1f6664faa9e4ed456ae79c7ea0fc45db30b8d45ad9b4e2e94f49b27c50237872c3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8fbe2ad68bce1f4933b291c365e04e75

MD5 d6a9f27b18ba6c1cd064cfee32420a8a
SHA1 3eb4fe70132f76c96bf7f951070f437ba176fc40
SHA256 612baaa3a5eeebe00562f3ecd4490073f3313811613ead2948c1626128191506
SHA512 1126e9b53315742eedcb4e28bec6330c03cbeff2d311c9bca1e8280720ded31b6ad7f4f4b6899aaf23656ec46b19fc2ea6566226c1fbb1ded1c3790832d9fc1a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ac0ab8f16fbb1afe5c7b089b5d5698e6

MD5 5bff0b6da657e8e4ed652a4a5faf57f6
SHA1 ad49b5a7c4734d26061b0eea4496fc41949bc5b2
SHA256 c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f
SHA512 146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24

C:\Users\Admin\AppData\Local\Temp\Roblox\http\cb8a45c1430998ec1304e4c79176816a

MD5 933b1f5dc544d9868d257d80e517c112
SHA1 a8d55f9cd5f79ef7f6fa1ffb229d8bcfb30ce348
SHA256 51a66f59fb6018efd308234879746581b50566d967cf1fbf63fd3fb6917f1295
SHA512 6e03ebecd629ec937171a7a2d11a88c83c0267c0f153b86194683fc967f0e1c827e6393a39af735813a1cb3fe2297cd6582d2f7578355e797a5152dd92d6e600

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1a1d7a8fb35b007494a82bd5304ba1e9

MD5 2414d644ab2dc0d3c58d8546b4cd7ea0
SHA1 77a854549c69f719657f5d404ae9391c705d88f6
SHA256 28be75fd24c5225fe212cbece08722d92c4d2816e5c3a0051294826a5fe79458
SHA512 02bc18971dd372438e6f93b0db0e29a2b647b7e1acc5e8d8321f73857b746c5523e7c720ddadb96363664fd5652c30d5e396f7128813dfc0c30fe7ea4086a229

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e0fce80600a43748c6cbc0ac23f6cfa2

MD5 3bf49259291542dfee0f89d587c177f1
SHA1 22328c74fce75f7918f6c4b3ca5ad9e1921db437
SHA256 971101824fc41a26f9b1386d72750a69298f4725f266edb3c93b21f9600d2916
SHA512 20366e5775f42da8e313d67ace54bed3b2a010a84d9b3422276a8b544186345683c00663ce4f541c9890f906344ca3400015bef988d4ffa7dd4bf1c38161e271

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b80d47fd48f8d137ca2aca87e1d00059

MD5 7dae317d3e65c483f462a48cee3002cd
SHA1 330c91065d277740b721b723ffae4e5511e8da2c
SHA256 ad244e68f3ae289677897bd171703b8ab65bb03b17621b3c8f61594b906f8b78
SHA512 966a981204a7979932981d8870704fbe3d4afc2a0306cf149117eeb30a54debf852c8ef04fda90fb2d1d1261daec60db390a4c9b9fa77740d14171335384ecc9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\31e8a63e8fa08c8135be1c5384c3e0a2

MD5 1221a85cb03fd45c001ef47af9935e7e
SHA1 f209b998e8972ecf158f58270244b831d107ace1
SHA256 e7c79bc6240600fc94d67a9c0e9c1f563a3f30698d7cae3d19b1735865835d4e
SHA512 2e6846a2ea3bcf0892703f3f2024a0acdf277251c55ad9c65e61fb5a8780c67ec707d42818b3d98103504dda9984c109ec0f8e393fc063f734bbc7bce168ad90

C:\Users\Admin\AppData\Local\Temp\Roblox\http\175af5595dfe9780b5b7b10ecb943336

MD5 0c9078c249c45630688d2af7e0574c25
SHA1 8fae18c0c69cf3a58abddcc9a55fba6d81aca2b2
SHA256 b0e7f0945d5de86014379ede1d9a9528a8c944534ab33e58c7b3be1b5706500e
SHA512 24e0cfdac58bc3714541bd39f6992bf0a4bd4c47e492edc40b72d045b4f06573d582d9f4e50e0c23f964ec678d857752caeec6a65ef89b70e2ecbefe749b21f0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0d8b0fd3715ff57ba968ae5740d39a12

MD5 a3366bed53be5f4fed574fc819a07072
SHA1 a79b59561cf06c8a209fb701567a67376d83924d
SHA256 ec5c1697be4eba9851b9a413c13e1a94f9846f6dba1d8d0fa33e1ca7292e8030
SHA512 f8424133bac79bbf7547bf7076cbaf0bd0767f220778275c36878bb982bb69bfe64aede42d67c9db009047e66bcf5eb9604205f6b0aa9a801f6827e2034399fa

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcbcf8ab7914469e06c8fa6ee80f2201

MD5 958ad6c1423022b1905d452d8772d16b
SHA1 a1c5aef3f0d7550f8a9ac31ac1e295696477c02f
SHA256 8965deb3f4a35faba9f087defdbc2fb071e006f283ee7e6b1ce250c6ec12a49f
SHA512 5185a342c83ca7770ecb1103d95d061cc17c80526f755ebfac53305947b09765515221ba65b43a98eff3860e47bfc7a15f51e67d0636de7596a6859ff20804e5

C:\Users\Admin\AppData\Local\Roblox\2490176024\InstalledPlugins\0\settings.json

MD5 eaef4b677b2babd4fb7b29da0f065bf5
SHA1 655dc02137cacabfeebb0705832c3378062b1598
SHA256 c5a33fdff10981930005746e120f5cab8bd1321ea949ea5cd1b2e34a88f7aaf7
SHA512 7ddab6aac206bbd23350667487335e674466d66b3f0c425ec3789a62749bd6073eea1e1f5785ca539a0b7e0bbd8a83605191508d97c8280644088cc7d8161aa3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\32c38bb4f4a560d621ab93aeb6ca5d7a

MD5 f7b60787135cc235066319d2412e77e0
SHA1 ff9e626cfeeb124bc95d830d20e13b15c6427c77
SHA256 e815d7145b898343e81a796bee29e8a71a678c9c3475a7b1107cdbefeefb6152
SHA512 bb21ace97ed300299a276844630c2b30aa0aab87a3a8684391bbe37a0ce7761c82011035f741cc1f596136043f1871d16b0238249d3b943b2c08fdaab8c0d762

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5b794cd8b1447c984ba301aa73a6625d

MD5 2740a9a1a4020c08f3ae9fce5509416d
SHA1 371eb56fa91013a45a38486d5d77ccc12ad03990
SHA256 239bce8cdaa04b7e91497dc8fad14e5af36ebf244712d7a04e37c2be5a0e0a38
SHA512 fbbad878010bb317d5ddc6de48c87d838db393fc52c564555883d07e62b77cd37a3584414566977fbaef792ce0d2a00cf851ce871e880d1cda34357d2fd4682a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d8b4554062d011287069393d07af8706

MD5 a0c28b8252eda35f15ff0931e1817ac9
SHA1 3fa429b9d0b8926907abc63b81a301bad2442eef
SHA256 ee880812bbf7cc1f00cb363632e9746e7342cb5048765c483d56f4284e555a0d
SHA512 e49af44a8fa6e0c0fe4a5f55df2910ff43a6a9360d6e0ba507375487526fa4fae8c974763e4bb757e0907036141123920024adfb312f9d53703bf6d45a83956f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1daaef2a5ce0ea927443fd099437bb55

MD5 e4a239995837749223ed2039a40a3a21
SHA1 b1cc97f9ffc3a367dd3a55a1a3342d59cb610403
SHA256 36ef28d0243f78f746ddc7abb74563980829c81dcfb91abcdaf6459bc7d374af
SHA512 ad81fe4cbaed589da0a3b97c20e7e5fc0deabf5910b1c41dc7d6e6e8b8f22486f71c9577886689739bdb87e34b330ce43cb60fb2e3c1305d77984ec78cc0879b

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4dd9b09ac0d9a7bb380a273db7cac4ac

MD5 d97f6e22eba42d95c89cfd439f36c1d4
SHA1 3a439aff0b80708f6510643f70997b897500d2bd
SHA256 25f91091126b2855bcb9c2daa26fec21fe7cc6d25319925a95a55a37cc840b6e
SHA512 52ca405f845e8313b0a04657eaa9a22d1c4fbcf758d5796d2deaf41c7ed6abc28e3597dc1f5d803c009360a63db4e686e6622fac669c252b09d2a3d8dc451e72

C:\Users\Admin\AppData\Local\Temp\Roblox\http\9fd0b17a3402934b24f3b349c8d753a2

MD5 59e7e73fef4a9df2680ff8fe1722014f
SHA1 2b9d42140ad6207b1e3f5cf8d66b345109cb1098
SHA256 05f280e512673a8f1358b88e8706bf5a763727dc16e8c43abe1be6129a820b57
SHA512 49edc88448345ee5bbb1093bbb62bb49b0ac3c1c0a29d4a862be76845fbbacff0347ea457d66e40f721dccb8071c18e4ca7f41cbce88d57a64a02ed400f4f783

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7948b73360f27446739cb67376a2d7bf

MD5 6c261f23c63795849eba5b1ef6f17cf3
SHA1 464f91ce49db8b5546722bd62c4f59aae33dfc20
SHA256 e4274c467ca592398736e990eaa97a937f209768239400cd90ea59f9e58a27fa
SHA512 ab6f671b1939df79ee60a873148a1763c06fa880e2f17a23c9e09c5401120873167905e49be3abaf546b9fee33096b76a5573a473b72de3806c38a128ab91ab9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f469136d50a09240f313e4f48b35b40a

MD5 81927a5a1612202db2ce511c62ced773
SHA1 4414e92b078a515ca699a82cc3bc64a1e264e4bb
SHA256 a8a2313bedad3d93a06ce01ca1abb579013d083e2fec866cc22342713b7b6b2e
SHA512 33918119fc071674aac79062c0e4bab978d04cc957189cffdb8c1bb1c7add1bf7d9a0ab03b08d9e997bd8734266bcbc7a312b316f8303347e2aba876022e7cad

C:\Users\Admin\AppData\Local\Temp\Roblox\http\78e2b6ce1224c7617a6a8c90174aa783

MD5 22b25a819c414b6c626e5306888142d6
SHA1 e7d68968d0848af0e5203409227a1980dfeb4a0f
SHA256 275eacbd4554f5b0e4a4266514243c661edb1e4eea694a2fa01ac20a531dfcea
SHA512 bd04fe05aedb2cf10fef09648566834b019d40a6ec8532b19edcbb2348059984dbd5c04d6fd9579dac55f99a6b4de820cda159256d236450b0d0a51594e3b15d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5477b96b8c7694aaab08397c539323cd

MD5 74efd118f986358ad4cde9a57e61dc32
SHA1 0cfe0335bb35298456edc9ed791e019b70266c31
SHA256 b973558fa71e5b3a07fe6ca6180c5bd0cffdb343af3a0d2e4e4e89b40b194ee5
SHA512 357ad98fcdea45563ac733ff39aae16b103a1327a063445b6febb89616a61fbcd140c2148eeef122965cae78c2158bb39bd3eacac6d6c70a58546489687dd733

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc27c501541df155b6fb12496e5bac70

MD5 f635924f866829484247044f991b14ec
SHA1 39c6f43e94e4b0d0ce9c30da5b78aab7fa5086f5
SHA256 30b18b2546442b630f0fb8c6a7c26419a9a73988e8e1a118dae5b7241e98074b
SHA512 ca145397fe454c2623651c9ccaf86fd15212fe83d758fab2f8de35e4ea00f8eb8f58aeecb2fc95a4ceda07c9bfa960ccc29b1a56c2bb317c94297c24a366be68

C:\Users\Admin\AppData\Local\Temp\Roblox\http\706b550a2be783fb6e220ca8181485e5

MD5 be4a508de308b15bf9c711a769ed61a9
SHA1 2b980f20a1466d2f1508bfaf8dc2a2558450c1d9
SHA256 0ac514138710cda19cc114cafa8a3fce046654dda1cce0915f525c6f5ed0b812
SHA512 dc71cf06e2466f17b843b96fdbec856b3b67df95105895597e73fad455340d4237f1b7cf91ac2906efb9efeac89515deb79a045859a0651420edecabfef8cf8c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcece68795e396ad03d6e2608d740126

MD5 0ba72ed050100e6779ea0f1c713ac441
SHA1 ff585cbb4b671bd3a04f3bdb2512a896ff07883b
SHA256 0949d1f525ea9da560f02a0447eb12a33ac6db673e89754b8f3d230e24ccfd06
SHA512 22c09e80f4af164d94ef40999572d2ce35bfb1dfacbd1762b380c9685889d515ed9aa064db4f8ab6746c8a26ea4ecffef9337014293905abb2f0cece7344b851

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77b3cd784a40d8349719b23b5c0e414b

MD5 05c43f778ddcf81fb06a2fdfb4f7624b
SHA1 616dade772feb66bb1b8dee218c7a5a39d43de06
SHA256 f4a00d60cb52477dfdb2eb264470e5daffd44139c118b73c80e8fdef16f9dd45
SHA512 a2443c678bc019dcc50fd7a49d5c19dfa0c45a7c43fffa24ca225f0f24b6839865288b2fe843bb233752fe59c712c54bff8d9b5c4e8ef5ff4ad8ef20b053feed

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c36700f9b5f405f69b210d702f6087c

MD5 94b44243d9e420ff19ff04f4e434b83f
SHA1 04687ed0f779c6873da97da0f16f042b2b459b69
SHA256 f76c45b8c4831588b971b25431b7b85f529a7214f99103ed82b4c2e97d9919e8
SHA512 b7778206ef730254f469214ace61b13f7031d0c4c751b2988decee93dd5a6c8336c40974af74b0aca6d42874d54e23dfcdfc743f5d633610aab2f05e948bea6e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\571e70bdfa73e0cdaa28fdbd2ca19ddd

MD5 bd289aae66f24d373fe9d4388f8ba9b2
SHA1 4d248d4f9aeffef2fdd953bffbacf81ff3ac8554
SHA256 78561a946c48755de0fce9695d30ab82d9e5dfce2eeb0ef6a0824282bc88a0d0
SHA512 50666175b0955dbdf933302016675f035df38deeef6b4a0e8d0cf40b6e3d2c3e4a089a5b78d75015e0048b2e7f91d81b69857004d55436437d3fa0754d1ef8a0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e526d6628fea4b1243fbb953bdf85ac9

MD5 3964c0c8b23c560175f4b299e1a9605e
SHA1 6c155c8a5ece5d5d7340ee4ff0fcb730e4d2b0fe
SHA256 20dc4a3272ebc6ff5edf0494d9e6e2d06c690bb079a36bd04e074818f16a2dbf
SHA512 c6f53903aa3a14f3187bcec1afba4b5b07c10ebef6dd10a710f400996f2214703d29d58abff6e7e0025ea91a78ed2f799f69c542bea006dace570464acf90d64

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0af1ae578b1c58a0e785712d31028c1e

MD5 4ffc139d6996c3eba2d40053423d07fa
SHA1 6da7d02805c626596d055c20cf084aafed9b9768
SHA256 0445b87f48bfd12bf0dae91d8dd7c20ee924212b4cc8be782c0a54193546f43c
SHA512 5af3417cdb0d099add05b22090b5aea9ba39069c4704d000aa323b859e47ea67328f616ab03b7b878ef8cce0d528ac0ff5c0f8fe305175b952e840368e0d4a81

C:\Users\Admin\AppData\Local\Temp\Roblox\http\848d350916ab0af9758cff8167a2aea2

MD5 0042d3425d57e55a4e8c899aa911012b
SHA1 f260334951b11b4ace9af45974e365ecbc6cb9cf
SHA256 f312918dae9b5ebf3028f14575ac8bdb78e7f152061fc59d0885ab7acb3e9581
SHA512 cbab405431b5a95ae3c9d3816b4a1c4d4a07cdc4dfcf64d0977ec80533a6029329db101ac36361114288fa18c769c85a3f238b13f63d2e1e83ef4ef64ae45521

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d132016b6bd0b89da2690c24749f6ff7

MD5 2e2350147bec3587e3bc14b7a1e32c2a
SHA1 c275f45e728f71d24ac6d8b496865c218f972b41
SHA256 7ddec5794d779b1ad88ffec41f00c793f21046d18c930328d662a3c2d1c27d84
SHA512 670d3893ab1503dea9437b61b2b1488238d84d3703f94b74b5c20bb7bd26eaa0479e6d3d91319219bae1c1c357c6807101c5960ee2f29ff48475c0e6d9ac3adc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b39eb4053e10b7ff21430e80432eed8

MD5 be1dacdbf4fea39b16e7c11e286b7205
SHA1 28ae9237170d6fa225c54e7a36e35549d191d450
SHA256 3a6d14f833f7da8ddf3139d42e41b2b83d1ea0d4570db39d9c10dd98e33da800
SHA512 72cef9e399c0652a340cb12dd239cc0dfa14a2c832fa63f76dc442308ee9f91b41ddff62fb70331895716b61fdccd332f75c0ba2003f818900e3e6f260303176

C:\Users\Admin\AppData\Local\Temp\Roblox\http\09f04b99b82b262e105a232e97395311

MD5 e3a0c050904f457b02b36bfebb1c0b6e
SHA1 a611605082957d8eb5dcb83939e1b6bd3d870bf7
SHA256 02c51e5a41d473f8e0befe8e5fb49073f0dec0ca88ee83e0e6a3c0ba3e18d399
SHA512 f2b6b3a7c193a951feaa1d5abeaf52316773d7895284e806f7267708672f6a7baf37191a244d2c044c785fe967d416353ab83517b28932b9e521172b89e22275

C:\Users\Admin\AppData\Local\Temp\Roblox\http\be241f3cbd5449b0c30c651c4834e3da

MD5 2866f1aa81a7f9c354d34be6a58aa88e
SHA1 c470d8ad431f9876d7966796a503c15440a35345
SHA256 38baca61b0de1abef8c3a97557b6e246fbf9091d1193e3732f6011508e5f0a27
SHA512 1af43841070856ee4c509080c286285ef4850d9dd8507381a5045ed748ffdd09fc32843c0d18aaac70621a8ec88064f0a3b74036cbdfe91be207594f55b24ef3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e665da7061b12f952145852fc21ef7ec

MD5 4cfd979bf14b07dfed01ef9a3b1279a7
SHA1 2e7aad8b8909d3117bb151bf4d34b608e3ab9c56
SHA256 589b00b0a2fbada62af8b7daa8755ce68420a009bf6ce7a53e0865fcf262f94f
SHA512 79a25e0af653d6ecb5fd1908c3652c6fc8ad3d0cf1e00510801bb369728dcbe3c5e1e66f73d058c511320badca3c8ea82f2baaa5e0682f304235b68f622685cf

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d5ee01099db60480061c57d9831c261

MD5 839f812fb19680ae8e62c2ebe0355e4d
SHA1 a256751297a9f82a082bc4d5ef08d5d9d89a2c17
SHA256 b414e1186136cb1f46c6cdc69dc5b637ac5de6a390d67cf25907907c61b364a4
SHA512 f2209d8bbb8f7ce1e6b675cdd2da3a10bb450d50b4f73a596fc0639f201999f32d3c1a2418e0b92c918c0a667a5750ef122e4331361e0022b66a2fc5e489e5ed

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f9cfb35c8f272d46d504f99d9c00054a

MD5 5a67e8e85c0ad7280e9f1ca86f138b77
SHA1 b9fc6b3311df7710e1251114946b93a72dd5d5d0
SHA256 09e7111ea12f1236be9b1da699f8c93eb68127d0a98f2ceebfc5c2d7b25f0ed2
SHA512 ac5e400ce21e5e2503a11642cf401ab5ad4e625a01ac87f1711a02a415fc924556d0d3e50386d17e29ec20bb99b5d3a2d0496dc2ac1fc1381b29774b826cd9ad

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d27efcc314894472628caf798daafe01

MD5 bdec8723e953241ac3edc46458a6ed7e
SHA1 783605b1587b096807a81e32c488be272e0ad581
SHA256 c31b000a001faa6e08026a24043899ee4941371ce464146a9c78befc2a796e4d
SHA512 221cf258c9c88c857e34fda1da4290c67c3a34459f86b828ab968f5e57b2be53eb4f7aaced83151576fb843a7f1166c267de0efb116740ab2ac2b37ca0cd4d93

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcf8e7398be5b1007fef514afffffa6c

MD5 864c04942289c1dee2c1aa18ea77f1c0
SHA1 1be7f1b6c2f1472adb9b34fb6f7a51d3d1ba161d
SHA256 9855931b8e0500c6753d77200447963d1981fa7f7b4fb34067bfedbdec0db442
SHA512 6f3934ea3ca2317756e45bcf065abae6cf34ab7c24e1847023ecee8e404294420f5cc978af2afcea986bf160eda88c020fa1b799f5ad75a5e3991e7268192dbe

C:\Users\Admin\AppData\Local\Temp\Roblox\http\697aeac1e8e025f05cf4b76086fb70df

MD5 749deb1ff197b5082e2b07aa55a33d31
SHA1 08b4d7441ffa13b8dc3610d74a56d8eb11d8acb0
SHA256 e593f31edc529b51f9b253994d8aa93d8ab0bc8faf433e737b0a09e80cf2784a
SHA512 eff256220d72675ba4b23344191b963f7acdce9743af8be81020e2a74662d2f3f1b2735e686806b73198463c550b2d18921840271d515dca0b2d4ce226954d0d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\90d821a0b7efe2541659a0ff6b31b88b

MD5 6f0ea4b31f2f55764db79b43833bf83d
SHA1 2522c29622377d611419babb3eba2e8cb13fe0e6
SHA256 08f380d19a3cf8307b098cdb5e9992ed1d29e5d15226340758a1af3cb4300c64
SHA512 6a5437574ce2db6feac98928a22c7002ce526501335ac00444190febe302dcab5f18ba33a5ae00bcd83f469b5f1cd356474c8cfd31d9992d186fdd0846db5641

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e385854d0ae9ba50e28a7a5629fa28be

MD5 0c889bbbf77ec231120674d4843ee0b4
SHA1 fd29658b2fa416059cb30a6729030b6a6b125e92
SHA256 5006fa1587ba1da5b7696daea22929c490049bc0f10661d9c79322b0a647efc6
SHA512 504d43f9104b8c56ba12ae9533ad3554858ebfb4f5b4b8b1692ba339deed831a66f5441a1e4706015cc59f4de4729c0128fe7da2c8c3d095b2993e92eec378f6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\be58ec8ab04ff195247b1536cdfb3d44

MD5 d1d2f476fd075d55fa0e77b3c507cb0d
SHA1 5976cdae821737161f6debcba500a2842f988f8c
SHA256 650bcfb9e1c7855d2b72865695c2f4d4212ccedb53584f089c26e2087cc65d41
SHA512 958c07812ae7e89143874ce4effb112eed3bec3436fc0b71ee70de38298130d08d89f6bce42d2b0696839f67be260791d121e81f46a4935f3985e241aec7b0df

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d4f8d4ffe8696350702fd146346140ac

MD5 084a09f4a178b2533a56610f28f252d4
SHA1 70c343a804ea4674a214d5ca8e24bce33cf662f5
SHA256 91b1a39172d8f6f0c98a2a3aaf8c137b29dcc4ed4c1bb4a3bd449dc16fb45e97
SHA512 fd8205ea2edc70743247666bf8ff414ef6038f6ec03bfc7590dc037024ca66eface1f3cc559511919058754a5dfc2224ca04368ed31df8aa942a7d9022b93e5f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c9d72083ee0b41e11170f5a9845c3060

MD5 92e9669fc7c748554c057eccb11a97e0
SHA1 d3fd8c1e136a2ebed238d95bfbfbf3ce61a385b7
SHA256 b29195912662d71be85e0db741dec5ef005d744d3aa0913dad8ad1e51c3aeff2
SHA512 cdc3a1b4c596fd3c9621e53887a9d503205a0d5f8663e1ee3366129ddbfa83f2b15bedef155eda2949f24d1df615ead664114310e3d3dd03f9fb2d95df2e29b2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8aad44a486e1e94cb992a6a0e230f735

MD5 451b527070f0cfb1431ff5052642059b
SHA1 6021d49e6b87b9ae8fa64c3cfd0180d625c7d761
SHA256 b9391062d160f5bd861cf7e5ecda919954e84a87eeb3b000bf9b93c068057c9c
SHA512 3ec22e77061670685a576d96cc3897473d11c45c24e581688da54d8700b186d3583ffc23cc2c3395fd93af36afc45083058a2bad9cffb1362be8bf4edb20cef5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\aa3db4232d83f97f5e078c526e25a6e2

MD5 3e1ba08877dd32fe4178a730b0ea5e19
SHA1 c020afb22c7cde0c77a9d1d6be18ac8f1e62973a
SHA256 1a6447007e90d27fc71fa7bedef2219bda30eebc33447c2929e4488315e19641
SHA512 bad57ec1a48f686fbc5842a291c95f01db413600828b198b55615857bb1e50e4b3b6031d5896c8d7b9d6753c290c0253ddb83482f89c7fc348b8b80194a07286

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5105c207d9317b50c40470887ccfd3aa

MD5 481555658adb9b672941de82171b343c
SHA1 7937e7bac46ac99e1897c00285fd23059828dc12
SHA256 5069797f8a4b926fcc5bcdb668c1f67ece5d5e8f05d6f19a260c55c9a67f289b
SHA512 aa9aae6ac82a3e320ce9c1b83883263d547a82369d8f31d3db0ce6d6bc5cd07ef96157ebf234d6e31b40b32e276c233f7c2c0856394a70d183bd64e03720737d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6443205f8638cd85aaa1caed016b8ac4

MD5 20db412bf509b564fa765bbc0b917fbd
SHA1 938513617f173454649543b7c014ecc762ba5b5a
SHA256 8b7281d0d0576ed2b73ab842080238d7e006e1524ed48f423f61a86cecf3ad40
SHA512 f6c54fb0478c2df40776125a920621a1789d02239a78cdd3de8eb83a27a00464b2aaf8714776897a4b3ae5488da664befa604ec836fe12010a046d48eaa519a1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\73b0a5d180fa4202c3e9365c3d577fd4

MD5 2c2e29b04e1f7144017730d5b5ed8b87
SHA1 8a36310825cfb7d8ea6fd487afa46dde29147199
SHA256 6026fca2672513a7a42dc67687850d630434b2260621f77ef5b2634486048d5a
SHA512 bbd5097d544d3bea8b5e97f3262a4f7765b13d5c742c9df8fd07e6a56e7c021a41de575dc1c24749631eb1003db0b9548c634eba7d6d2701fe4035f0a5880615

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77fad0fb4662c6b81630ee443153aceb

MD5 183fe999017d5e5654364c0d8fd895b8
SHA1 64cbdd4bfac3c60803acfb2871a9fc8da27d318c
SHA256 3622ef17da158e25761124720a642153fb6eee615b54da286e731ca2920216ed
SHA512 d5026e42d343185e14360a292c6d13131dbdf081ba44960598e12652d99d999b4f5c70c5c02335596d18302b1cf64128a8bd06273237a48e2cc4eb0267d12307

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2da892c80dea8811c616fe5e0e6c010e

MD5 0dbe0b49a06c4093d004ec7d44303fd5
SHA1 2bac861a6075854f8dc8db470558936c36201aee
SHA256 b136004ec10d66b813386e21fc6c5f86d37071e01e8a82437676902eb3e63e8a
SHA512 1d306115aa97102b5d68552b591f5faeade373ff3a718d9f39dbeade32892e47fd921cd78e5dd71e91072476e5ad933ff9659ee5ea1d07133b55745f00c22828

C:\Users\Admin\AppData\Local\Temp\Roblox\http\251c7269a8dc64cf406e8c2d5f5cc688

MD5 7e7342c1c2e3602906a1fd64acde7735
SHA1 357de58a6c39a0fe4d7e4c13c16d8c1d25f9e649
SHA256 24a5a23ded1de17bc3170afbe5eb7debbb47f0ed7b2a4b5303bc899e927a99e9
SHA512 c6313b65687a5ce03772ff6f1edf761aa91f07a29f8b61db7edebf1beb5c548fbc53aba721ede32d4c4bbdd31361dc724c676d41c06278904291579d25d93202

C:\Users\Admin\AppData\Local\Temp\Roblox\http\afa231f024ffddec5f9d2963d20c450b

MD5 64c05df26d12845b64880218a48e1b3f
SHA1 6ae26e09d6c23ea9ba5ad92d3d40790948b36141
SHA256 e41beb094c8bcc0d8825e031ec9ca5b13e45b94f3c93601c31c10955cfdd8da8
SHA512 d6925cf4d6eeb5275a7c008723410edfe1dd24b9097656e8573f749864f8fc7c61dac61b05230de13a7b9b7b866528c04adca85ad83e8e2831c43b46a70d4c27

C:\Users\Admin\AppData\Local\Temp\Roblox\http\74f7241d43fd3efbef367cddf2de0712

MD5 1e996f012273818bd88129d26108d8f9
SHA1 c193db2eca6d190e929375e617f45790cae442bb
SHA256 c7c8ee23804c70ae96b1399c2f6730543f10f7678f5e3ee36fcbce97245aa8c8
SHA512 40ea7f36824cb96dace8ff41b1e92a03e0f7e61cac33a3a81c81cba12714812504554eaa0f4344d30061ce1d89f231ab21cab164a008e1f68d18ccfcf5525173

C:\Users\Admin\AppData\Local\Temp\Roblox\http\993f844b48dbb84a0eece0b1d1aad326

MD5 c05764b76e6db0114c1d6200b56a3588
SHA1 5f96252b5a83e5c0810e4ba604dfc433ee449639
SHA256 427939d6cefb89facb6e71e082e42ed184f0883db715e0bd8ca832a316150430
SHA512 4c6c06afb99e99d6a7466ba40146b7fd02f83de16e5c89acbe64179860547f42dad0562b2a281706cfc6acdc5558e8fba5647874ff15d2778f3f6d8c1cd983a7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\83eeeca932186715a9107df83747a179

MD5 e7ee77fadd485e9a35a1bfb4be99691c
SHA1 bf1aacc9fe769fd1dd111a1009473db1dcac7399
SHA256 d98e995f0160e551443de0eba015bf29192aea408469c2fc2d9c93a5c1c82cd9
SHA512 3ae849a12cabc409e435da98308db2ec0b86f8fa8624a23632ab0ea836a0aed001853eef600bb99f67f8f907dbb641c9c6bc37bbf959dd12c1bf2ad9c8147460

C:\Users\Admin\AppData\Local\Temp\Roblox\http\28c39719e7218d9c2d686d4daccb1b72

MD5 25a0b3d9ce5e6e1cc4cc7f4cdb328273
SHA1 4d2dddbe9502a5373e6ea99771bb1de6e828b95e
SHA256 013275e837c61c631932167d47d5d9b838ba8b9863915d39f06d8ba4914df147
SHA512 20df5153edab7085594382f80b5d7c6afa5f2a84741efb46961e36331c94369a7c7302c9799676e18aab171cf398dae8f314395c22238de6f8450726c4c992c7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c677a51b0924e108a9b1485dbdf883da

MD5 e1e4307ebd3e7f8280c75be0ccd3b5bd
SHA1 3f2a56ac3ee57082ebcf4a1ca21001821286e77e
SHA256 10dcbda8315ffe2e7215b8d61dbd26b0553b438fe94b1bdf005758b1b96d9f94
SHA512 7f3ef600e2ecca826fc163d9092bfc10fcca9a9e6206ef29fe5d61902e3e9625bb2bcc07a58ab480ad19354bd0a1c56dd9f13c4e62aed22d87da146252144ef4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\584bbf8c27b2f156742be22b280cc8d6

MD5 7c0764a501b7f8f1eab14fa7f9337a4f
SHA1 2e17a9b6d5bd740c4dc91af9311e4a6e77bd55ce
SHA256 dc0524c0d7f9f637466570c86adad7021f9316e42e69745bf8d27081a98f09d2
SHA512 dba17c07bc4310c556ef62f157dfd3a0ea1a617ffbbc4324f9a046bf47be9a2bd500921bf02bb79d9ac2df1aeca3745ee1cbd7f33bbdb80fe67e1adaa0bd82bc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4130cf898fa8b448f1568bfb61305e94

MD5 86df60a0980b57864a2e2d68f857e0d8
SHA1 60c24af81c8406f05ee1721b374ab8a466d878a2
SHA256 ccdedffa29231d609157ccf22019e03a721e9ca248eabf12be511b76f795c247
SHA512 c025bcd3d21ec036712ad8e40afa7da973db770bf5b9b019c73ca8b99202c8e37999e6daaeab3f1c2190f84434a5e4657a8593e8a59066e0feaf38fcd8bc41e1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b39250833fce2d9f0655b124db089d4e

MD5 639a9c5f588be3e48a6bf5601215f027
SHA1 1ab7c1d3d5df21a05324853fb235b848945c351f
SHA256 4fd48841bac69eaaeaa9c936347395f5eab6fd4f5549d65cf6fc541884a4b2d7
SHA512 c3aced88385dbd9b10841f72c422b17cabeca80ad11af01222f8901b950be3b42467851d5ef61fa3a1d92f7977724926f765b8bc594655e93e116d04223497dc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5ba3b6fc7c95f933bacb9db38c93e80

MD5 0de2eda8831ddddda130102597e758bc
SHA1 0fa49f0691a4ae61e422a22b07fd4e5def0ae5b2
SHA256 2d60885d3492996ffe223ec6dfddb240eba00a9e03ac0506d3489edc4822e1ee
SHA512 f466e1ea3867fae7618b76a2895cccabb0f646f54bf8c4cb6cf6a5c2eaf4b8e31eb4f8b42971ee53c929241d9f40af6a684647cc09395cfd709774503f274b75

C:\Users\Admin\AppData\Local\Temp\Roblox\http\388a60aa5e51ff44455d359825078031

MD5 eb62ee1626b44f54b2c444a487ef84fa
SHA1 d3d918dae048e4ee9c9626608693d69c4c4ae55c
SHA256 bf2f079ca21684f382d094af52836d83862c93800e8e054c2f6bc0838c442d86
SHA512 68022f2ac538c51acc24065480cd23670efff68d56a4b5dec2c28316726ab82c81b48fbfe76c44f32dc32b0af75fe3e203aeb40610f34e2e5d75bc684f712381

C:\Users\Admin\AppData\Local\Temp\Roblox\http\477a618fe08d138e560e0c8eab9f3583

MD5 4f9c826223fb8d7fb603bac0b294a706
SHA1 44a185bf8edbfee521dc92ae012e6ed18cfae3a0
SHA256 e12f126277c8b35c48dc15cb2f37850ff5ab0816e5982eaeceb571c99bd17502
SHA512 ecf987dc0d416a7fb1779289a0bd9ba55625abff41491ec3731fd77950e91d5b454b17573be388766b20fc630ee3f125d37feda44e068d2ed0cd2a87be021fda

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f1c2eede7a115f0fd9ddcfae03372516

MD5 08ba91e62331009631f755289dcf7324
SHA1 03786d766cac0b39437b98cb61e65c25d16325bd
SHA256 c50ad1d35d0b3e81ef6780da13361923d7525a39db5c9cbc6c5344a0bf5e1380
SHA512 3fe207322d4249f92893d0eb7a93f455374849ca583dd0fd00c79790ab7bc7f0699fe16de332b767689e0a104fb272992ddc37e002b6962cdb6c66a63618e3d5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc70073e6562a1a0cb99b092be4629f8

MD5 acc9db15cdf0932e73bfd20b9857b80e
SHA1 cb6455b641cdaa693de88e9b0d1f422744faa35e
SHA256 f0e15f7608b3829d33eb8e057f31f21e931d9d2ab4814891b11ecf47494c141c
SHA512 7ca5152691d595acc0f0398e26f82c4cf491bea98f2c81e7a972af8fe763ef5926a716ea44112c2fa257ba0109b8848f8611f071b88902901bdee1d32a315913

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ecc495a0b2b0470e25d688a9077fd977

MD5 741a45f09ceaf9cba7f0ee5b8aac236a
SHA1 aa6b59bba687981191db42af8a8b17dc0fc9150a
SHA256 92ee9b175404bf4aa4e346ebe4948ae5c0ee7edf5693778a5e6a4a1bed508eac
SHA512 97cb36fc2281753eb7a42f762c8ad5cdef7c14665214a71f33518f88cff24ec5e91267f834a6ea5ab0206457c7e9c730dcfb4f7a2ec527e3ce48877e2f34be6d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8ead55fcc97d21deacf012df5c33fdff

MD5 16e22cfdc829405af27279c364ba2f8e
SHA1 0c75b97959d7df1586db85cd1166f99c65603c68
SHA256 aa2f6c8bba8aec6b84f7ef8a7d8c30022097b784236806e63da1f0417124a3d7
SHA512 d1f6695e255f5b7ad498ce177a16591757d5570a4ea45d396f3fa159f5658bddcb7d524c102efdd982fd9ccfa557d984280c27e57484b8f61be512ce994d7964

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c288ffb1fe759d2618c218fa0d2bee8

MD5 c914fc7a80c8ebee4ddd7216cb8e63e3
SHA1 2e4bbbe23167be5f26e5f3e9f1e1b2409b38e7ef
SHA256 c718cff1df66ac36549451bc6de0535c3f2f9e74b4fcdcea38af9eeecc42a674
SHA512 7564812cd051e0970b3d06aa1bb839c8fae5d1e95e23615eea42d2f12b6284d06f2936cedd947e9d4d33c4656fec00494121d58cd38ddaf1ce2ad8be8685d0fd

C:\Users\Admin\AppData\Local\Temp\Roblox\http\23f316746f014ce443f0b0adb0d9d90d

MD5 4843f2fc4404a016a8a7b7f5c352f877
SHA1 1446153b0498dd65dbb53b417d5ce5db49f0dec5
SHA256 46ec4647b950351b091ab0bb34d1964bf24b0eb58760175def7a4a1d7a4e09b2
SHA512 8d5198bd48be46a6aec5cb5d9eb6e75828f88742f12102a1f5091f9c8b51167fd6db13981fb875b032795b9407fa64cf3aa54224a64008262084dbfd3d98dc27

C:\Users\Admin\AppData\Local\Temp\Roblox\http\252921e7f19d826cf6778747e86132fd

MD5 e06fafb3ee051c215c7118dcb4a75354
SHA1 c72b3e0f2bb1139344053256bcc3ac48f590174c
SHA256 ea771a4652058a4110a95a6fa24c847e7a50cdfdd711f57e02f9c7caedda7908
SHA512 83008fcb8a91bb42f76568773c98e5dcf6658b0d7972d595eb7059b5a598faf80fcc8492351e9e98a6d3a9ddfc17fca742f07ffe4af644d99c087062ed7b14b0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc86756c9d8f409a887054cf26a854b3

MD5 70461ebd3bf0f7a0beafcba1d52417ab
SHA1 53dd7894e76f0fe7c02f378d7c67107ed4a03d45
SHA256 e3ef21dd9efd05fd1260691d6dd47f76155bd0b5ef1ccb62ef1e588dca161fd7
SHA512 ccc18b368873c76fb25c97009bfd17e4456d488b16da511e61fe1dee031cce48bb25d507d7fb1237345bdc2191085bd384ce45ca98a5864d10b65b28650e553e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bbd52b35df5f543d23b7f35ae9e845be

MD5 2de5aeee01688c41f23b2ddc07c0b442
SHA1 68bd21cd4284ff390c1f4f5f4b61c9ff3b8f2268
SHA256 3ceb6af768ce708d114195ea3521c71370ee69172d4d0cdaeb1efff406571d73
SHA512 ce845ebebe20efbfb1a0565e69cea69e3a4f3e71289ec68379565052a2e8a3e5ac873b52e74ea26f2afae7ff64c789c348b4b9d4426ac0c0d6547d9f12290090

C:\Users\Admin\AppData\Local\Temp\Roblox\http\98c582bbf5493f077bd8f59567067f24

MD5 ed3f4356a5aa9295ec58f77ab387582f
SHA1 99f94109e03097ddf835c06292ecb6142c93fdea
SHA256 60e6db5121cddd5bc13b1019c85b5d962599e2548c347ee3c7d944cb20ff01b7
SHA512 cc7869759564fe9d5e1580be978727c4b0da340c052db74f677bf7cc24d93da0b837d01ae0199c6404e02b49d08fe47a2fec7165cfad841f1b6fbb1d7e8d7fc4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6d1b0fd2905f7655bf0108dd4e655991

MD5 efe7165d72ce56eef26da49dbefa586c
SHA1 b2441c50e501f7121277d205876ec6a5811c4e67
SHA256 4e12e3ed0da10924a1dbc49e464b0b07c017970c839f1c1cb4ecf5a8019d3ae5
SHA512 195b3d7954627b571226a4d5293b19dd0b7b565d4b295b494361ed81f3d9e1c193533dd0e53b2ededa326278294694286669095147d769c5de343aa611ab0238

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f40c00885cbd0588eebf8bd59a345579

MD5 9c0241f7306bbf3cd085509dd7840c99
SHA1 21c2a9c916d0e537c5662db2acb565615ef79962
SHA256 e2afaf1d969e104e2ffc22494e2f7e2ec4a0bda49b9de0dcb3bbaa3da9bc8655
SHA512 afdf2c9a29559645e08604b15f023475e8610f41f650f3527a4c2199fc4bda9c291bb24e2f337e00cfac6a5347fae125d8055f0af6eaca38b92ec408343cb9b0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\16f7441682caf62a1789b9d3e75ec170

MD5 cb94125a0b01b9335f3c3c9a9c6cd60f
SHA1 85ae6cca4c661270b389c00299bf7f5d81fc3943
SHA256 afd92a2c0ea64515200f7dd1c6237f18b6d1bd2065296939697d34a3d4e1b0d4
SHA512 649155baa2d26fc6afd0496d11f37d9dcb588726806eec89be58faa54fcf3b90d1becf114c4e2f3964c98e93399b87bf5bb87709a7bd9a3540c7ddb56e2da555

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3ca8206460663e9e944ccfb414623b40

MD5 816be237e27ddb79f9fe0c46efa0119c
SHA1 fe0af06e1155ba784ed6ce8b97849eb3fffb5f9c
SHA256 ec6063b82a1adc4187ee0e01f413d4b5ed10277605f741295658acd3f0ceabcc
SHA512 5ca3c5bca3f5559a500de1262c133a972e776dba7192e6cade152245c0e1118fac41c48a79dd0f15c78ef177294867f041bccd3eece6a388eadcc32da8efaf00

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0407c8d6df198f6864381d3e595ae971

MD5 703dee4351832fd18ef5b85c6e1bf992
SHA1 bdea9dbbdae401cd68814d9815a17bab6f3870c2
SHA256 8fb57fee0d1c996a828a3147fdd9a38e8d1624163dad101e4bc1d44894bc3d68
SHA512 d43b5dc41be38f5fbe30a51c1abcbbc5c606c9d911dd164b5106fe2bcf0310ae8b641299c5491bbd5ba66433d87ebd17dc8a487d88d56d0ee8e81309533ef0b7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\852240b4203e72d7bfa66fcea2e589eb

MD5 547ffe689cd0af21ec616bd935f78b14
SHA1 36e70f429bea53fc2c8dd76eaad82f7bf9f3742c
SHA256 abf9ebe04321f9b8926304bc16041965dd79405783b7d3ea56d5fc802863bd9c
SHA512 3683baf37d3da8ac536ae4d2d852acfb49039b3c9d4ab42d972c23e2df6dbfd178a552ef023f48c43c6887161313d516914d26b7cca0c022e2741875d62e38d2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\06bf3774b39be975c53ba2193da7f90d

MD5 29abb94b78b9a73db28b7ba825833346
SHA1 fd6da6bc273d4a44067d8c2b625980ab8cc52aca
SHA256 d929c9d2ba98883044b81894da3e921de179d5915e1f92ca9d4df9cc89f1424f
SHA512 d5069ac2996929a5d1622f65ab450bd152130978b049f672b1a9f28cadcf724e317024bd95a11109e0ae488834ab184f5e4b10f6a21ba3329cf056a0b7139613

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b597c88ce139f36dee5c4afd7d80a2c1

MD5 f195c3e8ddb6711a2feaad4aec69b8b0
SHA1 20b1011f280842fe6aaa58117a05f57cc17b6c69
SHA256 9c263d2a5db10ebc2d543bbd0c125bcc5da6c2245ed133fe0abb1b308f343a71
SHA512 52ed2e19a2b991880336b6b1694016f4c8e5a5e92a9dc989ab317f7f743f38dddaeba8fb5764826bfd9aa145028a1b3f9fa34a02f39c1e5162aef7ad282b0632

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1489d1b06ae2d917aae075e6fa9b8f7

MD5 5420558b929446bbd89f3d35e72b5836
SHA1 da46e5c797831b47c4d62fb9321c420c6b0ba50c
SHA256 12d1d581ac394291754c5b042baec0904c2f3b3be6a17e0a8761b32b6e53d507
SHA512 e125c8d668b2c73d583c528f6d35bf8a1c9558c594cb3aee98e25eda051f621a6924626d845f200442da65034dd77aa4a51dd1668c07b26611909f76cf9174b4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6c536340229d1bb052a390124806163e

MD5 8dda220de3bfd073f993acca9cce3f19
SHA1 c78e343e500f592bfc59de89dcf8548cd6fa1f71
SHA256 21710259e1dbf800de1bd2dd8e19f33cf70dcf6ad306f7738a23300e40d385e3
SHA512 d21115712737f5d51c7fc887a14bb7b9dda4b9db295ecf429623a20eee02b2868956e6d66907997f100395625c42464218c36e750224e02fe0245c0292fc9e1c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8550d05ebb82e2c3691bc35b7c166899

MD5 f3e7b2683bee3c3628f500d157a7184c
SHA1 17aa34cf9e45a2a10cc370ef0047d6ec844053dd
SHA256 66d177f97d367d8181feedc6db9f92f71dbabf58cef1355439559005be6a24ac
SHA512 48994f038f0cca5a1ad783d05490ccc209ac4ff2a9fc3b508d5225348d2202f9760ac6c0334d12f74ab8227eab5a412370459ab328f44177729f8fb6b8911088

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1cb6044427da36923148711b8796b750

MD5 ccdd89dadb2a17edd97a48f05de218ab
SHA1 c8829afdfda3e414304f09f588a9e00cd43de4d0
SHA256 8ebad66a66dec464ea8f6a70c240e6fac36d2155ef5460b2f1cc80451e9949ec
SHA512 79976e6623479c42c3b9babb2bbec208a8f13b580dc19419df33639e3922ab973e740fcf33c94841e833ef3ca8209b5b149d2ba5c064f08e3b6a526a651432f9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e4317e6c6a87bdf6f00c6c80866345fc

MD5 fa00f598036aff7c2e4728ff840efdd6
SHA1 7873ee7205e2817fc8fdcb3afdc275aab494ea91
SHA256 18fecafdfbf34c5b261f4acbd607c439e35177802c8002a0d88221258108abb8
SHA512 f72faa02c263ed200f7a296ed86ef5da614911c1cd212aedd12923ba551aabc44b33cbced8dac80aae67dc09988d53ee191755afe3d51383ce885750bb00a944

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6e62dea9b6f892b37a40251f84c9e0e3

MD5 f48177bf38c02c3a2cb322b77d627f23
SHA1 e207f206d2f707e7feddc32c02883bb71015d23d
SHA256 4a8a4eb5baa01e72889b67caa16b69a4c2e8a07aa12f84ade87376f344b2fbd9
SHA512 bb3c4ba048199ddd3cf5d554a90c279d7b868871f1a0eea4ce27c641556fb3e483cf839e3f9a27a092021783a25d604c952fb1ea34528d722db9930fe48e38a8

C:\Users\Admin\AppData\Local\Temp\Roblox\http\38b0d496d6e95d4a4e1f049ecb71b4d1

MD5 60dc54bc02627b188fbc37f3c81899b3
SHA1 7065242d6e88ff9ed0e0cb891a9a6f6db2be5334
SHA256 35fd7f2804d4edd74c14cb7bb1534edc993ab7ce9e2d64be997b12ffa8ee5b16
SHA512 2b43c5d1f2ee4621055d94f3e04cbfed24371eea9a7c719f8392a993464e7d05635f59bf230e294c60de5656f421f4661bd5b1b8f286c4c15e79bf9c57d686c5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7df53404f56c9f1787b277ba9d17049b

MD5 ecaba5cf9469daab7c05847af2da45d7
SHA1 78d9c8d289db9815482249769dea663f4999cac2
SHA256 23946e247fe3bb06503a06be2b8e154d724a8c2e86fa4f441fc09ba1e5781121
SHA512 4204260b2efe3b4c95584394b30ad7957b154229828f0ac90a04e5167c7eb78f254777fad0d4fce9c5675fccc390dfccae2ecbd8d17e0e73bb0a6933605df7d1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\05e6fbe7faeaf27e476e2247265bd7e2

MD5 774331951556eabf4930f06518bfe5f8
SHA1 79a7b332357aa2b18cf400033bfeeb5db7614627
SHA256 c4239a4d05bd3e427245f920cd4eba313e0af75c819f89553c7b6758da9b4d57
SHA512 bf67dd1c1d57779578524ee404de1648d9a4d8ed7f524fd49643ec49c3165b9321d64bda2216cfb8617c32cb500eacc2966263dc03841af51ee37facb2b1724e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ec9a7853aa53bb67f2099830ce97922a

MD5 0ab1d8c6659dc5952cb81416c8d9a85a
SHA1 16d889c645dd70901f87cc86f6db8a632b8518a0
SHA256 1ebc2f03253024917e0b562d101603c2f9e04aa70a05accc5e63eed9976ea0b4
SHA512 657a549264297c42e4783cdfc76baff2dab9b5b9c1f991b3aa8b16f2b8f87ccdb0c1a56edc23713ea7f34ffcc4cfc95b7fbba8d5fa06ea443610f06a00433f36

C:\Users\Admin\AppData\Local\Temp\Roblox\http\92ca8d0a36e9ce06a1c3537675677ffb

MD5 ae7d26697baf4e3c0a4f7e4fd800f89b
SHA1 4f2472e39c964861701d80139cdc33bb967b2c34
SHA256 58c1370bf264ecee15638ab670a0af85f8bc3b974670875c757751fd116f4833
SHA512 e93451a30c74751ebd6996efb038016e28370de37bfbfe2fafd1f3c3817f2e720bc3b7d96e1c0e346f08e3c581d13f77a535c30c07a487f2c4a13b4da9970a0f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1f571bce12b3689efa5586c78436d68a

MD5 aa1cb968768ba580f7e7d559906a49de
SHA1 1a6a0906ac3c68f859790103094a617e0439d77b
SHA256 b9e49fcb7d0be8aac8bf1d990f2277363077dbd34af7f5109a14bea85b9fd35b
SHA512 a72d7246405dea401b6e97963ea624772f65a7b20eacf2c358fdb73d7e5c2afac79b5cd39cd548ea8c43f14b5f03cc38deee8a495e9c7a1f264c1ca7de4f2411

C:\Users\Admin\AppData\Local\Temp\Roblox\http\234369d070cc483f7122fd415837b73a

MD5 51d45f80859fca2ea5720897d7f1612a
SHA1 2a7d736969502784b96328f4fd1fc7697a099273
SHA256 5bf07b195c3902c69653ca0294f2bdbf9124df501af426b14d6bcdbb87d70745
SHA512 059455bc829431130377e4c8cee87ed3652b712eb46afa6f666d9e4aff7401b59068da840b91f4914d0752880cb2ed8c64a90e79e37f45b4b90996e44f2932b5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7deb7c677f433c0b6c649020e88fe58a

MD5 d76037dbae4ae81158187aeced5816b1
SHA1 7858adc6bdb9f9b03fcb28746d7a0d08c297d058
SHA256 8113ac3b2c1f9a16f7c5a9be473b64abfa8c9689afcbcc30750aeb3077e3e27b
SHA512 e9e1b515c621e760968098b8e0a16e00cf1fc17b74065efd2f8793add04d5e506205df5d65be1db885fb958b9c5879ca728528963b4048bfe073d4249c0dc6eb

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5a479665357e877c36a8bc4ebab8ac84

MD5 f5366499a754da1e3317be61d63cc243
SHA1 8689a3cc6a2e1af5dbd2b6c23b488283362bab0a
SHA256 14873e016597bf69824fb29a219f6d81befb11b19fe2e505544115b33f030e6e
SHA512 6920f31ed14ef4621559e67c75a69ecdb7832aac639c40febd98dcf9b7c02402510e983b84cd309bdcd7b0438b394cd6b1d11bd4c32c58488d24a5d38db930c5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a116d80baa851750ec02ad98f6a28052

MD5 db41d22b9f9f4a43ff8916ff8d513da0
SHA1 00dee570785465bff97ec8a96ebfad3d21f1d248
SHA256 31e6f7d03515207ae87b2f9e9594fc94db77038fcc28ee3990689c6590b7547c
SHA512 df4e09d0f24ec1cf13ffa1a062f9d28a5d36d99b606f27f7ab757f82e4202e51ff4e033b6554b763e6f97c73bbe77b9d133b4b842469b96056654cc2f202124c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7209cd4fd5e4a48a4cabe7e3498368ec

MD5 643d56f3cc2d206fc1eeafd601a0e287
SHA1 0e55be4bc02d884a40a586b44d5728f9e8fefa6e
SHA256 637c7f57eea4b46821e968a691bc2181ac0ed00252691845fefd947a4c594f66
SHA512 10cb34ff5d98467c3de396ef4993a11c7db2545329ea473eb3ffe387f2663cfda6d21d31299f87aa3f298d2bfdb88d705b9236e9f71c48c22970713c2c3f75e6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b00de5dcbb5ba1d0d58ba82e9c2f97bc

MD5 9a3aa49a6c57739a171e507a3b0a90ff
SHA1 f3c154299bec91f215954c1df2b03f68fa08efa3
SHA256 6d61517c2a006e117a5d5032dc1be0f993f275b6d0c8a0fbef25bda8cfc12691
SHA512 0a02917b5eefba73d3420852a5c66719bae97bc3c8f9adfb2dcad89dee9caf5852f660a3e787d84e9b86e3793ae0605b2db10c0a1463e0f09a733b614d2f4c1c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6105c4318cc0c25a63a6c9b8db84bc28

MD5 6badf7314b5d440a6ec8dea899d7872e
SHA1 003170f75f86922af2aa5bc4b2c3c41f5f14106d
SHA256 c13071122b4ff111c8ee877e0d8bde8f34ab3569df48fa81f6f4f1b0b0ba855a
SHA512 5fd8098470eb97e06e62f6d8753d3dbef34d8db6b3ff463cdc964e61e765ab844168170a64c837fa5d60c029a79ac0fe7cc661b9bae07acbaa2400120037aa13

C:\Users\Admin\AppData\Local\Temp\Roblox\http\68119f28ce3eca78171a6a8c8822e1bd

MD5 35e84ac53c5b6ac5714c5589d7d79153
SHA1 cedd01f0263fc9e5718b8e77b3467c14a35a1b53
SHA256 47da60997e22feaa88bff58bd2db6320534331990a14e2b64b6d665df77b931c
SHA512 7cbdf8f0eaee0c4e00e3813d1e558cc5aa305d6e9861255d721bfb655cddbf08c70fe61f686e79154f1c36e7a4b5c29f2ecf2776fee9eb0b7ac1da8c87e75dff

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3acc8af1251b7ed321f9b36da661d9ed

MD5 808cb55c51b6fc55fa6cdb17892dc876
SHA1 4487b86a3a42ff05e109800b1827c100390245c0
SHA256 eed0725bdeac66a2e53e7daaa033f06c360314d751df70176a0af3f23eb08c7d
SHA512 0d2e6534792e7d417a6fa8403f22397f406352a38bfe1019d87e0308d041b3e69d7defae77e2bf6b87adb3b7d59718efea7d5fad340847c681eeb293beb0f24e

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F3BCDD3-2DC1-4EAC-806A-60986450DF3C}\EDGEMITMP_E8951.tmp\SETUP.EX_

MD5 5070a34dbada1aaa375cc572b5fc7d0c
SHA1 e74b7ef714755870976abe3d2b4a7db0b9cc21e5
SHA256 03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20
SHA512 fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 766067082e719fb6af7f4c00c448792c
SHA1 70ae28e3e4c4c6caf46b8c23c789aff22a8f5c2a
SHA256 dc4e9f755531a088d3a5411467f8a46407a9d00d356e40d669d9f136dcf03baf
SHA512 73da411f9f084ff8c4436933dfc0aa45e0ef4cc0f734aeacc61328c6b0774f89b7d3cb5e6da801eef7ae11c94ffed3f54b633a20363fc88d308076b01990d9da

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 28f5cf3c1d590016d7e5ecb1843571f5
SHA1 406f6637234211764c4e13753272caf704ffec2a
SHA256 a975a3a4ee010fbcc6a60c8c1798a19a1dd795655b4b629d20053bac9c5a3da2
SHA512 0e1fe3d1cbc9eb36c41a534b26ae95603bfad4e2f593fe1a8df9570209924772a0668d3c4a20006fdb700fed1decaffaebb189f34b8474eae0346ae924c6e938

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c81813ea34dbe699086525727806025a

MD5 a3f4cbd0c5257cd3cdc56958f24088ca
SHA1 a8d4f19639a66b850942bdc5c32ea658ec4e3535
SHA256 5bb9cef0aa68d278aceedddca92ade459231208fc91103e31ea0bc9fcff4867f
SHA512 138a73967c536c7c7170e1927b73c469ac848e69ec72c485b1432635f37caf69a31019b800f2a311e03230d6a799d6c0809a346fdacfc72a28a1abb14190e2a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1fa2d5ae0cb4ee2a3e182fe9857a65b8
SHA1 6e93f01bfff2cf4d051a1c71f322e0e6e8c3c6d5
SHA256 1940561c9c547845d5e44fb6dd6c2cc801b87a9357e147a4bb7932bba8e27ee2
SHA512 27a7cf77e610feb3e8b53379b17c4957c159ae6aa136d467494f959b57b88a98631d0770364a2f6f9a156e8403ba57186f994de44d650f456f27d4b02718720c

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1477s

Max time network

1508s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\new_shaders\Red Glass.dds"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\new_shaders\Red Glass.dds"

Network

Country Destination Domain Proto
NL 23.62.61.112:443 www.bing.com tcp
US 8.8.8.8:53 112.61.62.23.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:13

Platform

win11-20240426-en

Max time kernel

1483s

Max time network

1511s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass_diffuse.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\clearGlass_diffuse.dds

Network

Country Destination Domain Proto
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 17.83.221.88.in-addr.arpa udp
NL 23.62.61.112:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:12

Platform

win11-20240419-en

Max time kernel

1487s

Max time network

1496s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\default_normal.dds

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\new_shaders\default_normal.dds

Network

Country Destination Domain Proto
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 13.107.21.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-01 11:04

Reported

2024-05-01 20:19

Platform

win11-20240419-en

Max time kernel

1791s

Max time network

1498s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_idle.ogg

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3884 wrote to memory of 4156 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 3884 wrote to memory of 4156 N/A C:\Windows\system32\cmd.exe C:\Program Files\VideoLAN\VLC\vlc.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_idle.ogg

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\Duramax_idle.ogg"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.197.17.2.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/4156-5-0x00007FF667180000-0x00007FF667278000-memory.dmp

memory/4156-6-0x00007FFBB7D60000-0x00007FFBB7D94000-memory.dmp

memory/4156-11-0x00007FFBB7670000-0x00007FFBB7687000-memory.dmp

memory/4156-15-0x00007FFBA6140000-0x00007FFBA634B000-memory.dmp

memory/4156-23-0x00007FFBACC60000-0x00007FFBACC7B000-memory.dmp

memory/4156-27-0x00007FFBACB20000-0x00007FFBACB87000-memory.dmp

memory/4156-16-0x00007FFBA5090000-0x00007FFBA6140000-memory.dmp

memory/4156-30-0x00007FFBA4FB0000-0x00007FFBA500C000-memory.dmp

memory/4156-29-0x00007FFBABCA0000-0x00007FFBABCB1000-memory.dmp

memory/4156-28-0x00007FFBA5010000-0x00007FFBA508C000-memory.dmp

memory/4156-26-0x00007FFBACB90000-0x00007FFBACBC0000-memory.dmp

memory/4156-25-0x00007FFBACBC0000-0x00007FFBACBD8000-memory.dmp

memory/4156-24-0x00007FFBACC40000-0x00007FFBACC51000-memory.dmp

memory/4156-17-0x00007FFBB37B0000-0x00007FFBB37F1000-memory.dmp

memory/4156-22-0x00007FFBADD60000-0x00007FFBADD71000-memory.dmp

memory/4156-21-0x00007FFBADD80000-0x00007FFBADD91000-memory.dmp

memory/4156-20-0x00007FFBADDA0000-0x00007FFBADDB1000-memory.dmp

memory/4156-19-0x00007FFBB7100000-0x00007FFBB7118000-memory.dmp

memory/4156-18-0x00007FFBB7560000-0x00007FFBB7581000-memory.dmp

memory/4156-14-0x00007FFBB7590000-0x00007FFBB75A1000-memory.dmp

memory/4156-13-0x00007FFBB75B0000-0x00007FFBB75CD000-memory.dmp

memory/4156-12-0x00007FFBB75D0000-0x00007FFBB75E1000-memory.dmp

memory/4156-7-0x00007FFBA6580000-0x00007FFBA6836000-memory.dmp

memory/4156-10-0x00007FFBB78C0000-0x00007FFBB78D1000-memory.dmp

memory/4156-9-0x00007FFBB86C0000-0x00007FFBB86D7000-memory.dmp

memory/4156-8-0x00007FFBBB390000-0x00007FFBBB3A8000-memory.dmp