Malware Analysis Report

2025-01-18 22:11

Sample ID 240501-qgfnmsfe9t
Target https://create.roblox.com/landing
Tags
adware discovery evasion persistence stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://create.roblox.com/landing was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan

Modifies Installed Components in the registry

Sets file execution options in registry

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Drops desktop.ini file(s)

Checks installed software on the system

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Adds Run key to start application

Checks system information in the registry

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Modifies registry class

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-01 13:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 13:13

Reported

2024-05-01 13:58

Platform

win10-20240404-en

Max time kernel

2699s

Max time network

2309s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://create.roblox.com/landing"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dd0a196bc99bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2e9ee06fc99bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 67f8056bc99bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 108ed568dbb6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 305e527ec99bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 34f5436bc99bda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://create.roblox.com/landing"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 create.roblox.com udp
US 18.239.208.42:443 create.roblox.com tcp
US 18.239.208.42:443 create.roblox.com tcp
US 8.8.8.8:53 webblox.roblox.com udp
US 18.239.208.20:443 webblox.roblox.com tcp
US 18.239.208.20:443 webblox.roblox.com tcp
US 18.239.208.20:443 webblox.roblox.com tcp
US 8.8.8.8:53 42.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 62.215.239.18.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 20.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 18.239.210.27:80 ocsp.r2m03.amazontrust.com tcp
US 18.239.208.42:443 create.roblox.com tcp
US 18.239.208.42:443 create.roblox.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
NL 128.116.21.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 18.239.210.27:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.210.239.18.in-addr.arpa udp
US 8.8.8.8:53 4.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.186:443 www.bing.com tcp
NL 23.62.61.186:443 www.bing.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 186.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

memory/4108-0-0x00000198B0C20000-0x00000198B0C30000-memory.dmp

memory/4108-16-0x00000198B0D20000-0x00000198B0D30000-memory.dmp

memory/4108-35-0x00000198AE150000-0x00000198AE152000-memory.dmp

memory/704-45-0x000001CC75A00000-0x000001CC75B00000-memory.dmp

memory/1460-67-0x000002A374180000-0x000002A374182000-memory.dmp

memory/1460-69-0x000002A3741A0000-0x000002A3741A2000-memory.dmp

memory/1460-74-0x000002A3741E0000-0x000002A3741E2000-memory.dmp

memory/1460-71-0x000002A3741C0000-0x000002A3741C2000-memory.dmp

memory/1460-291-0x000002A375FD0000-0x000002A375FF0000-memory.dmp

memory/4108-337-0x00000198B74B0000-0x00000198B74B1000-memory.dmp

memory/4108-336-0x00000198B74A0000-0x00000198B74A1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S5Z0XI72\favicon[1].ico

MD5 51baaba5b11f9e1a6798da96345aa6b7
SHA1 a41c1af37c1df76ef786cb9286aa4d21548619bd
SHA256 85b4910dc42204ef1d982d1d3ba5791bed2d8059be28308ae327af991d694374
SHA512 8a822741110de7cd99842d8d60e2f92c52f77693c1712b99ceb742a2fc8be8832945150a5fdb8cd9591db00a1e838effc29b072675ed4965725c8d07b9179a2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3HONFD4R\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\REKAZLOT\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-01 13:13

Reported

2024-05-01 13:43

Platform

win10v2004-20240419-en

Max time kernel

1742s

Max time network

1746s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/landing

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/landing

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb3c346f8,0x7ffcb3c34708,0x7ffcb3c34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12180305211497363139,9096021833120765063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 g.bing.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 create.roblox.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1cbd0e9a14155b7f5d4f542d09a83153
SHA1 27a442a921921d69743a8e4b76ff0b66016c4b76
SHA256 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA512 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

\??\pipe\LOCAL\crashpad_4360_CCUHSALBQCDSUGGT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4e96ed67859d0bafd47d805a71041f49
SHA1 7806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256 bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5f44183973426e965edd26e2a485e62
SHA1 f453ba125608c2bf6a3829534b0f0fe3fd375f9f
SHA256 55b22ccc504e75399aecf926d080b8aeebd30e804af2ad46c744607c0b4772c0
SHA512 5b210dec581a1d3cac0073a33cda98bf0b7f20cfac059a32479104c8b24968c7251e296b23e7e19fccb4a83e4c1fd84c07ed66a236b0c475227c591a15791dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c6d11381bb3e2a0b10617b680e6f106
SHA1 e14115dd9a309d8d59d9bf1bd2037c88908ccc7c
SHA256 cdbfb729e1ed742fe75036928179b420fad984d0bbc275442b4b15f3ee00e3c8
SHA512 1ed6cb127d39f695cac90d4d13035c40fe7bf4a613e73554fdcd40380c889e0da8cafeac06d850f7816d773b515453d8c7f3301d568e1d818aa47464de8e5fc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f3710e7ef977ad15fbdb428ff8d5f7a
SHA1 1aab41ee39738f2c22ea95cf1e7fd350c1c90db0
SHA256 ac1b1b848fd7b8e9c87f4d5c61af3a4073dc67c8f7f17f4e536d07d23e03570d
SHA512 458f2c796cfd056210770534461edb1e488bc9fcb360f1520cdb2495e2a8f235356be7482e3c01c1978488d5087f47a21950419484871f7745924244fbea994e

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-01 13:13

Reported

2024-05-01 13:58

Platform

win11-20240426-en

Max time kernel

2699s

Max time network

2700s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/landing

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{353BA1EB-3405-4318-9405-29A0C816840A}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{68EAA7B5-A0BA-4A02-8170-6A0C3DDF134C}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=2FAF6D65FD804EE1883DAF177A03D8DC" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{68EAA7B5-A0BA-4A02-8170-6A0C3DDF134C}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\Qml\QtQuick\Controls.2\VerticalHeaderView.qml C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Lua\TerrainEditor\Dark\Large\Select.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\link\utils\createOperation.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppChatNetworking\Dev\JestGlobals.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\fonts\GrenzeGotisch-Bold.ttf C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Utils\meetsPrerequisites.spec.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\llama\llama\Dictionary\map.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_ne.dll C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\Network\ClientNetwork.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFFlagEnableInExpVoiceUpsell.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\Lumberyak.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\PlayerContextualMenu.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\Shared\Shared\console.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\GraphqlToolsMerge.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Lua\AvatarCompatibilityPreviewer\Dark\Large\attachments_tool.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Tile\Enum\ItemTileEnums.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_11.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\JestEach-edcba0e9-2.4.1\JestEach\table\array.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\qu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\Breakpoint.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\NetworkingPremiumFeatures\NetworkingPremiumFeatures\init.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation-5e891f46-2818f7fd\RoactNavigation\navigators\createRobloxStackNavigator.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\__tests__\RhodiumHelpers\countInstances.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\FormFactor.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\copilot_provider_msix\package_metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Lua\ActivityFeed\Light\Large\ThreeDots.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\JestTypes-edcba0e9-3.5.0\JestTypes\init.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NextDataExpirationTimeRodux\Rodux.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\OtpLogin\RoactServiceTags.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PlayerContextualMenu\Dev\JestGlobals.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\textures\ui\Settings\Help\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\SelectionSphere.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\Connection\FriendStatusConnector.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Flags\GetFIntFullscreenTitleBarTriggerDelayMillis.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameProductInfoRodux\GameProductInfoRodux\default.rbxp C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RobloxAppTestSuite\RobloxAppTestSuite\default.rbxp C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\Qml\QtQuick\Layouts\plugins.qmltypes C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Shared\Navigation\Light\Large\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\ItemDetails.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_pl.dll C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\textures\TagEditor\VisibilityOffLightTheme.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Actions\SetTryingOnInfo.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\JestReporters-edcba0e9-3.5.0\JestReporters\getResultHeader.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\BuyRobuxPageTestSuite\BuyRobuxPageTestSuite\default.rbxp C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\Qml\QtQuick\Controls.2\Material\Menu.qml C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\textures\ui\VoiceChat\SpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\PlatformContent\pc\textures\diamondplate\normal.dds C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\queries\placeholder-text.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\validation\__tests__\ValuesOfCorrectTypeRule.spec.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Array\from\init.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Lua\StyleEditor\Dark\Standard\[email protected] C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\content\studio_svg_textures\Shared\Debugger\Light\Standard\ConditionalBreakpoint.png C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-0c4b13ff\LuauPolyfill\Boolean\.robloxrc C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_proxy\win11\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\AvatarContextMenu\ContextMenuUtil.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\scripts\CoreScripts\Modules\EmotesMenu\Constants.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\luaUtils\encodeURIComponent.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DataLoader\DataLoader\default.rbxp C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTestHelpers\Localization.lua C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "39" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "47" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "22" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "40" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "38" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "93" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "105" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "10" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "68" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "90" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "70" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "91" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "109" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "49" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "111" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "15" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "19" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "60" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "14" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "21" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "63" C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "16" C:\Windows\System32\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "72" C:\Windows\System32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio-auth\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-e2728ac197f84660\\RobloxStudioBeta.exe" C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\AppUserModelId = "MSEdge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 245075.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1392 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 2228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1392 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/landing

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb336a3cb8,0x7ffb336a3cc8,0x7ffb336a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8

C:\Users\Admin\Downloads\RobloxStudioInstaller.exe

"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI3MTBERUUtMjZBMS00Njk4LUIxQ0UtOEY3RUY0REVEOENBfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1NThENkE5Qi01MkI5LTQ5N0EtQjJGOS05OTI1MzQ5MkVFMjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNTA5MTQzMzAiIGluc3RhbGxfdGltZV9tcz0iNTI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{22710DEE-26A1-4698-B1CE-8F7EF4DED8CA}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI3MTBERUUtMjZBMS00Njk4LUIxQ0UtOEY3RUY0REVEOENBfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBM0VENjJERi1GRTgyLTRENUEtOTBCRi0wQTIwOTQyM0Y3MTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNTQ1ODQyOTgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6585AC9-B5B7-4354-84C4-52CA32060ACB}\EDGEMITMP_AE62D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6a2e088c0,0x7ff6a2e088cc,0x7ff6a2e088d8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3476 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI3MTBERUUtMjZBMS00Njk4LUIxQ0UtOEY3RUY0REVEOENBfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1OTBCNjkzNS05MTgxLTQwNTUtOTNGQi0zMzA5MjU4MTMxMzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTY1NDU0MzAxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE2NTU2NDEzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNTkyOTUyMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTc0MTAwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVdUMlFOa25aeTJUdkhhb1klMmZwWHFsYU9QN3oyNUk3RlBYbUNTSUJWYWc2MWhPUiUyYnJJcnF0SjBLRSUyZkJHeHJNdlc1WXBMSmg5ZVM0NTFZZG9WaGg1amxnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBkb3dubG9hZF90aW1lX21zPSIxMzIyNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNTk0NTE0MTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzcyODg5MTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODA4OTIxNzc3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzIyIiBkb3dubG9hZF90aW1lX21zPSIxOTM3NyIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzU4NyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1896.2972.2954799267585158051

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x164,0x168,0x16c,0x13c,0x140,0x7ffb1b82ceb8,0x7ffb1b82cec4,0x7ffb1b82ced0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,16641725150912063529,16663170490134662744,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1704 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1976,i,16641725150912063529,16663170490134662744,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1988 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2024,i,16641725150912063529,16663170490134662744,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3432,i,16641725150912063529,16663170490134662744,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4016,i,16641725150912063529,16663170490134662744,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3444,i,16641725150912063529,16663170490134662744,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1714569452819+avatar+browsertrackerid:1714569347503004+robloxLocale:en-US+gameLocale:en-US+channel:+browser:edge+userId:4155035591+distributorType:Global+launchmode:edit+task:EditPlace+placeId:15350820071+universeId:5294748261

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{353BA1EB-3405-4318-9405-29A0C816840A}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{353BA1EB-3405-4318-9405-29A0C816840A}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{ECDD69D7-6178-47AD-9FFA-C0B495712BB0}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUNERDY5RDctNjE3OC00N0FELTlGRkEtQzBCNDk1NzEyQkIwfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGREQyMEE3NS0wMUM1LTQ2MkItOEE0MC05RDJENDVCNDZENTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyNDQ3OTEzMjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI0NDkzMTU3MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYwNzM5OTgxOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTc0NDA4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUwlMmZScjhwdkFCOUIyWGRnTWhMTzdZV2ZXRXIwZUZsVmVvJTJiJTJiSyUyZkVmaFRxRTQwUzBYTkdWTU1hQlB2WmhFNG1lNFByN01uMjhjd1ZjbzdQVDNqVVBnR1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjA3NDIwMDU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxNTE3NDQwOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1MJTJmUnI4cHZBQjlCMlhkZ01oTE83WVdmV0VyMGVGbFZlbyUyYiUyYkslMmZFZmhUcUU0MFMwWE5HVk1NYUJQdlpoRTRtZTRQcjdNbjI4Y3dWY283UFQzalVQZ0dRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjMxOTEzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MDc0ODk5MjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYxMjgwMzI3OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTkwNDI4MzQ2MTQyMjQwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTkwNDI5NzAwMDM3MTAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntCRTFFNkFCRi1FQTA0LTQwRjAtQjYzRS00MkNFNEI2ODA3Mzl9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU933A.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{ECDD69D7-6178-47AD-9FFA-C0B495712BB0}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUNERDY5RDctNjE3OC00N0FELTlGRkEtQzBCNDk1NzEyQkIwfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QjdDOTVCODktNEQ2RC00NjQ0LThFNzgtRTBBNkVBRjM5REQzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQ1NjkyOTgiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MjI1MTIzODUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1714569728183+avatar+browsertrackerid:1714569347503004+robloxLocale:en-US+gameLocale:en-US+channel:+browser:edge+userId:4155035591+distributorType:Global+launchmode:edit+task:EditPlace+placeId:15350820071+universeId:5294748261

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NENDRDE5NDEtMzJDMS00M0Q4LUFBMjEtMTg5M0UzNDBFMzNEfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzRERjZBRDQtRTYzQy00MEI5LTg5ODItQ0EyNkMwNUI1QUI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQiIGluc3RhbGxkYXRldGltZT0iMTcxNDE0NTU5MSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU4NjQzNTIwNDAzMzQ2NCIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNTkwNDI5NTg2NDY1MjQ4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMDY3NiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE2NTU4MTkzNzEiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{68EAA7B5-A0BA-4A02-8170-6A0C3DDF134C}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{68EAA7B5-A0BA-4A02-8170-6A0C3DDF134C}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NENDRDE5NDEtMzJDMS00M0Q4LUFBMjEtMTg5M0UzNDBFMzNEfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxQzkyOEQ4NC05NzQ0LTQxNzMtQjY0Ni0zRjQ4NUE2OUEzNDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNjc4OTY5MjAwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE2Nzg5ODkyMDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE3NjYwMjYyNTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE3NDc1MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aTTM5ejJ4RVJFTFd5TEYlMmZQVzRVanBHS3IxZWl5YXVpVkllZXR5RllRUEM4czROaUxNZiUyZkdLTTVLeURzMDNDZ20ya0JSNUtRbWFjdFZvR0ZRamNxJTJmUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIzNCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ1Mzg2Mzg1IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2NjM4NjI0OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUxNzQ3NTEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9Wk0zOXoyeEVSRUxXeUxGJTJmUFc0VWpwR0tyMWVpeWF1aVZJZWV0eUZZUVBDOHM0TmlMTWYlMmZHS001S3lEczAzQ2dtMmtCUjVLUW1hY3RWb0dGUWpjcSUyZlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iLTEiIGRvd25sb2FkX3RpbWVfbXM9IjgwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE3NjY0MDYyNTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1MTc0NzUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVpNMzl6MnhFUkVMV3lMRiUyZlBXNFVqcEdLcjFlaXlhdWlWSWVldHlGWVFQQzhzNE5pTE1mJTJmR0tNNUt5RHMwM0NnbTJrQlI1S1FtYWN0Vm9HRlFqY3ElMmZRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iODcuMjQ4LjIwNS4wIiBjZG5fY2lkPSI0IiBjZG5fY2NjPSJnYiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjI0ODEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2NjQyNjI1MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNzcyOTE3NjA1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4MDIxMDU1MTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMjk4IiBkb3dubG9hZF90aW1lX21zPSI4Njg3IiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIyOTE2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff745bf88c0,0x7ff745bf88cc,0x7ff745bf88d8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff745bf88c0,0x7ff745bf88cc,0x7ff745bf88d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEY2QTEyQzYtMUU0OC00OUE1LUI5RDUtQzI5QkY5NkU1NDRBfSIgdXNlcmlkPSJ7NEYyRDNGOTYtRENGNy00RDU2LUExREItNUZGMjQxQjJCMUU3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswRjQ4RkQzMC04RjBBLTRCODQtQkExNC1EMUFGN0FGRERCRDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjAxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0ie0RGQkY2RDAyLTI2RTAtNEFDNy1CNEFGLUMyMUE2REY2OTdCNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTA0MjgzNDYxNDIyNDAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDkxNTE1NjA2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDkxNzQ1NTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMTMyOTg1NzEyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMTUwNTk1NjI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjAxMDU2ODI4NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjExNTIiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzg1OTkzIi8-PHBpbmcgYWN0aXZlPSIxIiBhZD0iNjMzMCIgcmQ9IjYzMzAiIHBpbmdfZnJlc2huZXNzPSJ7MzM3NzBENjEtRjFBMy00QkJGLTk1MjAtODgyMDY4Rjg0QzExfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGNvaG9ydD0icnJmQDAuNTQiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU5MDQyOTcwMDAzNzEwMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0ie0RDRTAzRkMxLTQwMUUtNDU0MC1CNzBFLTJDRDNBQjJGMkVGNH0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6260226704107580910,8771730074263659527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 create.roblox.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 18.239.208.42:443 create.roblox.com tcp
US 8.8.8.8:53 22.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
US 34.120.195.249:443 o293668.ingest.sentry.io tcp
NL 128.116.21.4:443 develop.roblox.com udp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com udp
US 18.239.208.15:443 t4.rbxcdn.com tcp
US 18.239.208.15:443 t4.rbxcdn.com tcp
US 18.239.208.15:443 t4.rbxcdn.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 18.239.208.114:443 setup.rbxcdn.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:49987 tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
N/A 127.0.0.1:49991 tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
N/A 127.0.0.1:49994 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:49997 tcp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
GB 87.248.205.0:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
US 18.239.208.96:443 js.rbxcdn.com tcp
US 18.239.208.96:443 js.rbxcdn.com tcp
US 18.239.208.96:443 js.rbxcdn.com tcp
US 18.239.208.96:443 js.rbxcdn.com tcp
US 18.239.208.96:443 js.rbxcdn.com tcp
US 18.239.208.96:443 js.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com tcp
US 2.18.190.137:443 images.rbxcdn.com tcp
US 2.18.190.137:443 images.rbxcdn.com tcp
US 2.18.190.83:443 apis.rbxcdn.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com udp
US 34.120.195.249:443 o293668.ingest.sentry.io udp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com udp
GB 23.73.139.67:443 tr.rbxcdn.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.3:443 realtime-signalr.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:50710 tcp
N/A 127.0.0.1:50718 tcp
N/A 127.0.0.1:50721 tcp
N/A 127.0.0.1:50725 tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 18.239.208.25:443 images.rbxcdn.com tcp
US 18.239.208.104:443 js.rbxcdn.com tcp
US 18.239.208.104:443 js.rbxcdn.com tcp
US 18.239.208.104:443 js.rbxcdn.com tcp
US 18.239.208.104:443 js.rbxcdn.com tcp
US 18.239.208.104:443 js.rbxcdn.com tcp
US 18.239.208.104:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
DE 128.116.44.4:443 roblox.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com tcp
NL 128.116.21.4:443 metrics.roblox.com udp
NL 128.116.21.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 2.18.190.83:443 apis.rbxcdn.com tcp
NL 128.116.21.4:443 metrics.roblox.com udp
NL 128.116.21.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
NL 128.116.21.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
N/A 127.0.0.1:51152 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:51351 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:52585 tcp
N/A 127.0.0.1:52587 tcp
N/A 127.0.0.1:52589 tcp
N/A 127.0.0.1:52603 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:52606 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:52720 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 18.239.208.83:443 t7.rbxcdn.com tcp
US 18.239.208.15:443 t4.rbxcdn.com tcp
US 18.239.208.15:443 t4.rbxcdn.com tcp
US 18.239.208.31:443 c2.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
N/A 127.0.0.1:52762 tcp
N/A 127.0.0.1:52776 tcp
N/A 127.0.0.1:52780 tcp
N/A 127.0.0.1:52787 tcp
N/A 127.0.0.1:52802 tcp
N/A 127.0.0.1:52813 tcp
N/A 127.0.0.1:52828 tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:53073 tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 34.120.195.249:443 o293668.ingest.sentry.io udp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com udp
US 18.239.208.83:443 t7.rbxcdn.com tcp
US 2.18.190.133:443 ctldl.windowsupdate.com tcp
NL 128.116.21.4:443 auth.roblox.com udp
NL 128.116.21.4:443 auth.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:53249 tcp
N/A 127.0.0.1:53256 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:53259 tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:53262 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:53271 tcp
N/A 127.0.0.1:53274 tcp
N/A 127.0.0.1:54507 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
SG 128.116.50.33:49648 udp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
US 18.239.208.9:443 t4.rbxcdn.com tcp
US 18.239.208.9:443 t4.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
N/A 127.0.0.1:54520 tcp
N/A 127.0.0.1:54523 tcp
N/A 127.0.0.1:54526 tcp
N/A 127.0.0.1:54528 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 18.239.208.73:443 c6.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
N/A 127.0.0.1:54705 tcp
N/A 127.0.0.1:54708 tcp
N/A 127.0.0.1:54715 tcp
N/A 127.0.0.1:54730 tcp
N/A 127.0.0.1:54737 tcp
N/A 127.0.0.1:54780 tcp
N/A 127.0.0.1:54782 tcp
N/A 127.0.0.1:54784 tcp
N/A 127.0.0.1:54786 tcp
N/A 127.0.0.1:54965 tcp
N/A 127.0.0.1:54967 tcp
N/A 127.0.0.1:54969 tcp
N/A 127.0.0.1:54995 tcp
N/A 127.0.0.1:55025 tcp
N/A 127.0.0.1:55028 tcp
N/A 127.0.0.1:55036 tcp
N/A 127.0.0.1:55049 tcp
N/A 127.0.0.1:55061 tcp
N/A 127.0.0.1:55063 tcp
N/A 127.0.0.1:55073 tcp
N/A 127.0.0.1:55075 tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 2.18.190.134:443 static.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
US 18.239.208.87:443 c5.rbxcdn.com tcp
US 18.239.208.87:443 c5.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
US 18.239.208.32:443 static.rbxcdn.com tcp
N/A 127.0.0.1:55122 tcp
N/A 127.0.0.1:55130 tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 18.239.208.74:443 images.rbxcdn.com tcp
US 18.239.208.74:443 images.rbxcdn.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 8.8.8.8:53 74.208.239.18.in-addr.arpa udp
NL 128.116.21.4:443 auth.roblox.com tcp
N/A 127.0.0.1:55187 tcp
US 18.239.208.73:443 c6.rbxcdn.com tcp
US 18.239.208.73:443 c6.rbxcdn.com tcp
US 18.239.208.102:443 c0.rbxcdn.com tcp
US 18.239.208.102:443 c0.rbxcdn.com tcp
US 18.239.208.126:443 c2.rbxcdn.com tcp
US 18.239.208.126:443 c2.rbxcdn.com tcp
US 18.239.208.126:443 c2.rbxcdn.com tcp
N/A 127.0.0.1:55202 tcp
N/A 127.0.0.1:55218 tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 2.18.190.133:443 t6.rbxcdn.com tcp
US 8.8.8.8:53 t1.rbxcdn.com udp
N/A 127.0.0.1:55274 tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 18.239.208.6:443 t1.rbxcdn.com tcp
US 18.239.208.6:443 t1.rbxcdn.com tcp
US 18.239.208.6:443 t1.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 8.8.8.8:53 t3.rbxcdn.com udp
US 18.239.208.9:443 t4.rbxcdn.com tcp
US 18.239.208.6:443 t1.rbxcdn.com tcp
US 18.239.208.44:443 t3.rbxcdn.com tcp
US 18.239.208.9:443 t4.rbxcdn.com tcp
US 8.8.8.8:53 126.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 72.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 6.208.239.18.in-addr.arpa udp
US 2.18.190.133:443 t5.rbxcdn.com tcp
US 2.18.190.133:443 t5.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 2.18.190.133:443 t5.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 18.239.208.44:443 t3.rbxcdn.com tcp
US 18.239.208.44:443 t3.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
US 18.239.208.72:443 t0.rbxcdn.com tcp
US 2.18.190.133:443 t5.rbxcdn.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
US 2.18.190.133:443 t5.rbxcdn.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 18.239.208.84:443 t7.rbxcdn.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
NL 128.116.21.4:443 auth.roblox.com tcp
US 8.8.8.8:53 itemconfiguration.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:55390 tcp
N/A 127.0.0.1:55402 tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:55416 tcp
N/A 127.0.0.1:55468 tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:55470 tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
N/A 127.0.0.1:55577 tcp
N/A 127.0.0.1:55645 tcp
N/A 127.0.0.1:55669 tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:56517 tcp
N/A 127.0.0.1:56549 tcp
N/A 127.0.0.1:56551 tcp
N/A 127.0.0.1:56553 tcp
N/A 127.0.0.1:56555 tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
N/A 127.0.0.1:58003 tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
US 2.18.190.133:443 t0.rbxcdn.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
NL 104.109.143.13:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.4:443 clientsettings.roblox.com udp
NL 128.116.21.4:443 clientsettings.roblox.com tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 clientsettings.roblox.com udp
N/A 127.0.0.1:58208 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:58215 tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
N/A 127.0.0.1:58218 tcp
N/A 127.0.0.1:58221 tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
N/A 127.0.0.1:58229 tcp
N/A 127.0.0.1:58232 tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
N/A 127.0.0.1:58237 tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
SG 128.116.50.33:49648 udp
NL 128.116.21.4:443 assetdelivery.roblox.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
NL 104.109.143.29:443 tr.rbxcdn.com tcp
US 18.239.208.88:443 t0.rbxcdn.com tcp
US 8.8.8.8:53 t4.rbxcdn.com udp
US 18.239.208.108:443 t7.rbxcdn.com tcp
US 18.239.208.50:443 t4.rbxcdn.com tcp
N/A 127.0.0.1:59478 tcp
N/A 127.0.0.1:59481 tcp
N/A 127.0.0.1:59484 tcp
N/A 127.0.0.1:59486 tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
N/A 127.0.0.1:59650 tcp
N/A 127.0.0.1:59659 tcp
N/A 127.0.0.1:59718 tcp
N/A 127.0.0.1:59720 tcp
N/A 127.0.0.1:59722 tcp
N/A 127.0.0.1:59730 tcp
N/A 127.0.0.1:59732 tcp
N/A 127.0.0.1:59734 tcp
N/A 127.0.0.1:59736 tcp
N/A 127.0.0.1:59910 tcp
N/A 127.0.0.1:59914 tcp
N/A 127.0.0.1:59916 tcp
N/A 127.0.0.1:60028 tcp
N/A 127.0.0.1:60030 tcp
N/A 127.0.0.1:60032 tcp
N/A 127.0.0.1:60034 tcp
N/A 127.0.0.1:60036 tcp
N/A 127.0.0.1:60038 tcp
N/A 127.0.0.1:60040 tcp
N/A 127.0.0.1:60042 tcp
N/A 127.0.0.1:60069 tcp
N/A 127.0.0.1:60071 tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
N/A 127.0.0.1:60093 tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
N/A 127.0.0.1:60318 tcp
N/A 127.0.0.1:60469 tcp
N/A 127.0.0.1:60471 tcp
N/A 127.0.0.1:60473 tcp
N/A 127.0.0.1:60475 tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
NL 128.116.21.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:60701 tcp
N/A 127.0.0.1:61211 tcp
N/A 127.0.0.1:61213 tcp
N/A 127.0.0.1:61215 tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
N/A 127.0.0.1:61217 tcp
N/A 127.0.0.1:61219 tcp
N/A 127.0.0.1:61221 tcp
N/A 127.0.0.1:61223 tcp
N/A 127.0.0.1:61225 tcp
US 18.239.208.81:443 t0.rbxcdn.com tcp
US 2.18.190.136:443 t3.rbxcdn.com tcp
US 18.239.208.13:443 t1.rbxcdn.com tcp
NL 128.116.21.4:443 chat.roblox.com tcp
N/A 127.0.0.1:61507 tcp
N/A 127.0.0.1:61509 tcp
N/A 127.0.0.1:61707 tcp
N/A 127.0.0.1:61752 tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
GB 87.248.205.0:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
NL 128.116.21.4:443 assetgame.roblox.com tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:62144 tcp
N/A 127.0.0.1:62161 tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:63220 tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:64140 tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:50154 tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
N/A 127.0.0.1:51038 tcp
N/A 127.0.0.1:52453 tcp
N/A 127.0.0.1:52769 tcp
N/A 127.0.0.1:53862 tcp
NL 128.116.21.4:443 assetgame.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
NL 128.116.21.4:443 apis.roblox.com tcp
US 8.8.8.8:53 t0.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 18.239.208.72:443 t0.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
US 18.239.208.108:443 t7.rbxcdn.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
NL 104.109.143.10:443 tr.rbxcdn.com tcp
US 18.239.208.50:443 t4.rbxcdn.com tcp
N/A 127.0.0.1:58028 tcp
N/A 127.0.0.1:58033 tcp
N/A 127.0.0.1:59112 tcp
N/A 127.0.0.1:59132 tcp
N/A 127.0.0.1:59138 tcp
N/A 127.0.0.1:59141 tcp
N/A 127.0.0.1:59216 tcp
N/A 127.0.0.1:59379 tcp
N/A 127.0.0.1:59381 tcp
N/A 127.0.0.1:59383 tcp
N/A 127.0.0.1:59385 tcp
N/A 127.0.0.1:59387 tcp
N/A 127.0.0.1:59389 tcp
N/A 127.0.0.1:59526 tcp
N/A 127.0.0.1:59737 tcp
N/A 127.0.0.1:59805 tcp
NL 128.116.21.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:59842 tcp
NL 128.116.21.4:443 develop.roblox.com tcp
NL 128.116.21.4:443 develop.roblox.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8ff8bdd04a2da5ef5d4b6a687da23156
SHA1 247873c114f3cc780c3adb0f844fc0bb2b440b6d
SHA256 09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae
SHA512 5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

\??\pipe\LOCAL\crashpad_1392_CAIYBSPBAOCMDJYZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e4ed4a50489e7fc6c3ce17686a7cd94
SHA1 eac4e98e46efc880605a23a632e68e2c778613e7
SHA256 fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a
SHA512 5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb1ab315668e5fee818f62576befdb20
SHA1 6ce8d2165838ecdecf6619f25f04a900aacfbca6
SHA256 04e0911d325498513da7721be7993eac2d8c3e8d984911a9097a16cc55624b0b
SHA512 beac622bbb6a07e64b5f3fca8c393b7e7b45a7ecb77ab56d4a51197262e8d2ce87b920250ad37140bc297eccb908bfd11a57886f4dc2f684cb572633b3778ced

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc5963933b079cee554c63bb4feb050e
SHA1 5b1a4cd70e638dede7e76bf932619898b9819815
SHA256 31432f92d30d336bc4b27150fc905cc69dd274fbee03a628db1bd6b3cf569e3e
SHA512 94501053c6718452409ab4d1d9dce0918717624d5e81c005f6772602975257ddc369797886480c788786752e42208ddb11ad88ee8b8b5086812d2099c119a858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f117c4426770aecba731d615ba4c4118
SHA1 9eb4a598c6da5a9d2b418509df2905a59e50cf0e
SHA256 e5a72dbd7d47ffd99c7811c31f00c9d214ab8987d5929aeecd1fb26dd98589a6
SHA512 8a8d61a01716d294275dce8337cb5a97165130e6342ee9aabf6c0b5f59f1be3d8e1233ce99b72576a199fb9d40594bd3ff5351e853e34929e9c426533fadcccf

C:\Users\Admin\Downloads\Unconfirmed 245075.crdownload

MD5 911c020a364b10fe1de664c01de4534c
SHA1 8731aee51722d2e1604864eb8f03abe3e6d35441
SHA256 cb84418aa6ff71e927125f05cd74b10cef07b40fe19a17f9ba5c3bd57f2d9591
SHA512 7e2c2259dde1fcb1a10a3864b1e24f892fb28d1c0a9a8b1b32d6b512d9f49b031cf6119f55dad008f0b2a5dc87ae606ee0c2918fdc44fc307d56bc933537db7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f9d0f2c286b682f145307ff33700c44a
SHA1 4c95777856863b975c7f2d66653893f888387a36
SHA256 9dca3b968af78604bf95be11029a0823f046d4cd07a47499b8a4fccbb16d057e
SHA512 5f8147970f1d26f4888958634c6fe496fc30d145ad37a698f6e9e96f71f8f4f8b4584b8c470dae5415698854870ceef43e5cd0f221b846e4c3ce670a2c9e6903

C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9bb02dbf4fe35b28e71c39b445fcd142
SHA1 e7d908feb1652ac0c1e891679ca7b9745a225b07
SHA256 a3b1941a57a1e9380e96fe87712cb382156d12f8c16124b726d2802f731662c2
SHA512 8b441f69a2e8b0c3ad9f9e69ebd61ed662ac80fb1f5dae571695fa6dacbb38e7a1d606cb3c9aa4a7118d90ae4f5e9e16264ba83083ac4b26393a4c658161f9d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b268.TMP

MD5 2e4f7af51353ae349915b4b0104b1609
SHA1 168df05129e26537dc9dda659afc0fe87937f1a0
SHA256 81ed007be49b0d2c95bf41ef827a6b674674914039e935520ec720242d23127b
SHA512 dd1a5e5dbd01d1d105a11cc8e4bb23582b308891cddfca4e4fce6995a3a0546fb067fba968edde1d9e9d2062ec55adf3119443ae8065dd6c219667e7ce8e78da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ba9e7450a7a8d392f0d2dbbc7360c8d
SHA1 9bf5469d2f0fd6edd84f60cac4a7b63820a87f21
SHA256 20eb7de76cbe5b7978fdea9bc5348c849da0494aa97a42f510115b8ae9dc67a4
SHA512 9fd5db28913182c1de82a36ddf10d65455125ea7bd1f5b92b369828abf2758c99d0d5f54b81331d46e3f001a7c11a49ecd389d2108acf716d5c79eae16857854

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e0c6ab5abd9f0c7f46d3841b8714b0b7
SHA1 699ba50f98b976bdfa134d1eaea656cc25addc89
SHA256 92bd5e034e1083dd4a87cde756847d9751c357f1e896df1c474491f44b23de10
SHA512 d9dcfe72870745bca6c671b2fb4b062e45a79edd854326278581ec319f07606f3b35d767e576e99f2dcca849492f16aa73933064ff00760f0557b32042cefa5c

C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_it.dll

MD5 497ca0a8950ae5c8c31c46eb91819f58
SHA1 01e7e61c04de64d2df73322c22208a87d6331fc8
SHA256 abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7
SHA512 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_is.dll

MD5 5664c7a059ceb096d4cdaae6e2b96b8f
SHA1 bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec
SHA256 a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e
SHA512 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_id.dll

MD5 03d4c35b188204f62fc1c46320e80802
SHA1 07efb737c8b072f71b3892b807df8c895b20868c
SHA256 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95
SHA512 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_hu.dll

MD5 f4976c580ba37fc9079693ebf5234fea
SHA1 7326d2aa8f6109084728323d44a7fb975fc1ed3f
SHA256 b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791
SHA512 e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_hr.dll

MD5 0b475965c311203bf3a592be2f5d5e00
SHA1 b5ff1957c0903a93737666dee0920b1043ddaf70
SHA256 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0
SHA512 bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_hi.dll

MD5 34cbaeb5ec7984362a3dabe5c14a08ec
SHA1 d88ec7ac1997b7355e81226444ec4740b69670d7
SHA256 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9
SHA512 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_gu.dll

MD5 f9646357cf6ce93d7ba9cfb3fa362928
SHA1 a072cc350ea8ea6d8a01af335691057132b04025
SHA256 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150
SHA512 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_gl.dll

MD5 84a1cea9a31be831155aa1e12518e446
SHA1 670f4edd4dc8df97af8925f56241375757afb3da
SHA256 e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57
SHA512 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU4707.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 03505761a27e99d2d07d96f67467cf2a
SHA1 8016b87cd45c4698734a0e007a213554a1212f43
SHA256 b0ca2c7ff91f1e6257e04476ada7bd5d9392a14b4c892132db21dec4f68aa76b
SHA512 b81f26d693a320d4cb1bb096f0853f1f4328afe1bf422264e0ef63c1ee584bf92de88cf03f0379cea82d3db0488efb14c6ada890c700919ca15e5e2773c07cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e5bbed4fa330c3b1e3a27a68c7e51558
SHA1 57bfb370899ed90ee8897f3253472b7a30e5396c
SHA256 80ed83c6cf16f10c32952376d792a561e997ac239b3f46b51d7b3dabe8dcefd3
SHA512 b2107b1a4136f741ee799ef1d633c05611942982b000869ca13cb82eedcd5f1f5486fabea84f827bab31f29e255ec87e8433f68fa8c2810ec6a29af9470106d7

memory/4736-523-0x0000000000780000-0x00000000007B5000-memory.dmp

memory/4736-524-0x0000000073200000-0x0000000073410000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\124.0.2478.67\MicrosoftEdge_X64_124.0.2478.67.exe

MD5 dabc3160a804b9fadd89ceb0fcecf388
SHA1 b52f15e866a18637683bdf0ea4eaa326b787396f
SHA256 53eb39a92ee0d2eb94f6d33c015097bddd9cfe5c4129d3ac9a9facbfb5087bfe
SHA512 74fc0f21d7cf99e07c079224e2af8a4a51bff98a97bc471cfedfbd3a28d3ee681fbd63fa7239948c3c0bf4f9af56dc582dd128f8c08b54cb73389e85f949f431

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 077076d5eb4c66670eac7b8363c7dbd7
SHA1 a728342ab002ab9ce806f774abdff044b19708d0
SHA256 b2d800cef89df46911621deff3e3bee4e8fd86f1a4180100249f4bb3aa5f9ecd
SHA512 ca0079cfd46c413f79e523db5ef714c73ce09d274a7adf53d11b10c55d77918ee8eebb3507da828d6b6bddb29358ce8092f91ca4ace853ecb438934b99a17cce

memory/4736-551-0x0000000073200000-0x0000000073410000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cbff35bc08dfd6dae202b4ee6a9369a4
SHA1 e0f71c03902a8d199fd9c443cd840aaf5d972425
SHA256 e6c35a95e8875b80caf6b1050deb2655ecf927b5809e4974e11f04f3b1b31d63
SHA512 49da2b2024c785c79100ad78e15df950f029c3305d3fd20cd5e8ba23af18e581f3b1b5c17a1affa95caf3070a95684c751bbaac7b7e90b21f7e740d82b39dd05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6853a6fa8be01a139fcecf7409fea0ca
SHA1 93c69721dd8c2cca76197c4173b21fa46445aed2
SHA256 f677ce4335724c4a18b27d5f07f9e3fe38080ae3b1fa04c230ae66df15b892ef
SHA512 630716c01306a64d4524ff11b7720f7575dc4e7f74423d0e6a11d18202e63e1398695a1357cf8b5fd4518396d38b0ffa6ee125c46811e22e26d942e07705c85a

memory/4736-882-0x0000000000780000-0x00000000007B5000-memory.dmp

memory/1896-887-0x00007FFB1DE50000-0x00007FFB1E39C000-memory.dmp

memory/1896-889-0x00007FFB1EA40000-0x00007FFB1EE42000-memory.dmp

memory/1896-888-0x00007FF7487B0000-0x00007FF7497B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07f64473f350bc102a00d7d3abb23aab
SHA1 9e07637a4537c770338b31e5cb818c4ceb2b548a
SHA256 2cb8e29d18c631aa718495972f15a1c5c61e4b490cc919645ed0fb3b2f7c99bf
SHA512 0681dab242a5b883313674bca66d99f3b09631a5615a006a6f7faea105181c3cdf3c2831438bf8df2e916a46fb83b68dc3054b5167ea1ccf4d558bde96edadbe

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

MD5 9e5909e29fac9cfc23fcdf3bcdba757b
SHA1 9f6d03a428b84cd734b483d180ff62c09b53c08c
SHA256 fa68a1a94e3df7e33362b3c77fa0f2dd35d9044a4a9797467cea16e3c7989ad6
SHA512 16e8e26cb3a4c799d0551bb80cac1f6fa4b2f8eb63068308c20ead059ea41b8aed3ee44a15968a6668318d727564768da1a339a2bb0727f637bc560694ca4d85

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe596373.TMP

MD5 9b15c88111c41accdcffb4b02ff05e6d
SHA1 c273a3e745366ffb920cd3566406860b50531e8b
SHA256 689b123523b69a5c8c28f8677e27499df3ec5572790e7e1b4a56a7eb318ca805
SHA512 f88b33eb7b0ac9352c6d9f897fcef942e5b51a5ba98774db1f466916fc09b3eec57183100bccbe760230f312b658863e2f84cbb197509960c4a83021db305a81

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 b137d3dbba72f9da6a7260ff8915204d
SHA1 ca4cd8d0cd0a81a718153c7bfbcaa511362d704f
SHA256 3af29a75a232d318e278fdbda72da79c59ac941fc79feeb9b61a67614396864e
SHA512 238d795db14028b5197ee117a298e3cdc53be9e5907e7918ffc2f274fa11360bd37e62bc535b6c0a6f1ebf6e97353e35a941da241d763d6551bcddfaca1d5ba9

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 fe39bd34fb0b7cd4365549b6e5ffe190
SHA1 2249fc05dfc20a55fb6d603557d85b91f495cec3
SHA256 c49dd275bb2caa2635b5d706b34429fbcf381f1cb53889cb6e76641122f36c60
SHA512 4939f23deee1fc229f45c4f88ab2d56518ddf1b37286d286fec94efc84f60cfe46c937e6a6d4702cc9ffeeb4db33a87df872f48c4dc643b40d7b2e1721899681

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/3688-938-0x00007FFB41DF0000-0x00007FFB41DF1000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

memory/3132-1027-0x00007FFB41DF0000-0x00007FFB41DF1000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 92a1c8ccdc6d343f017b80ec6734349b
SHA1 83c3c51627ebbe35a061c2e125378e8a104d6cfd
SHA256 56f0bff279e5a2093baee5eadcb1ccd9ccf976ffe060b8f4c87e1784dc107ca7
SHA512 91c2a106d491c81b0aabd9b84a31da51b2467f0ae08d1d6a7d161dabb3859db7226d67ab47cae627a017aef8c7cf193851fcd51b8a9a3387daa8ac6e8fb3cda2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 807ddc922036edd5e44ccf57c90317f1
SHA1 4873aae882541f267bae6330f70194939d6e8f65
SHA256 0a6ea3524ee286fdc251899b7b6ee73c34c71d94f74e6f80109658e3351164a5
SHA512 c11cdd10ce7a674f6e9f8d48fb6d173cb035757ca516ba8092ae32f3a3db92e8066f900f02a83078788564d2c7c32d7f6f58fd77101fa95fb64346ffd31e09c6

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 6bb1fe9952379533efc9c73b436066ab
SHA1 11d4c78d10689f89993318a6e31de4db2221a641
SHA256 2be9651586806d52a4041abb2f4d2fdb9c25a77b521383d6d9e95ba96f52586f
SHA512 d3a330a5335ce0d2ef070b5703f302479f61018d9624244be995f47e83d62ca2ef6e75e2ef94956b7d1672f58f5898d82f2ce20d18a5fb38b95db7011c573edb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d14c93df4f3a73c0ff8f0ce9cb0be819
SHA1 c5b4854f7aecab4ac9c384da9381ebb248e8e859
SHA256 89d6f4ac0fcc52946e9fa3d66385e26252046297a878acce79680347270eb394
SHA512 c87ffc55b74d8cee1fe9739c5f631ed6fc58a4bfa0692ed31279ca1d60d9a6fe8049e362bc9c45768defe31df1d41f76109a545b6c7abb8864333c03b671c3b1

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 f868b489cb54b73a4adc61f7c766cbb9
SHA1 6e5324e7f1458b26794cddebd5a6dee5f3eb427d
SHA256 30609d6f29a8129cac5439b63feee765931e2d2ae6710729018e56a88cb41cac
SHA512 5a209261f14840c7f6a117d95fc4493100c1257174ca8244a03102b8477cd24337b486420e77f6119db79da3d53a120a00d4392b85cb5b7e551e5bd01e8f06bf

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe599d50.TMP

MD5 90e20dd523aae0c682c5944af1c6e410
SHA1 f0c164ac4cc4ecfd01ba969e3bb4bb8f92db3610
SHA256 eb94e29d03b95b42eada99bcdcbd64799decaca051ae01cfed811f612284c747
SHA512 153ddfeb68b52931bd67ca7f939db07e7dd68f1fc9ca8ef596215e583ac10f9f0140e0b1ffdc850ffafa33eb86b68f06eb0631f6820a4ca91eee180f74685f62

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 a127fc042a037941b5055260180b0907
SHA1 35cbb897b98736692ad066f29154a0d74ff920d5
SHA256 234c13251768095c3baa51d0eca8728f4e85b3b59c29bb96d3a0b2ef3f868d8e
SHA512 32b0da0fbb1207c8947a1a21738af4830882d7e7f5d4d6a09ce37602411cd717caf03922839a44b325b52aa103837656c5f719e4dfc8e3c71bc243c4af82e69c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 16e6448ce1acd87f44c10ded89406a21
SHA1 69b386d53bdf392b592a2e43b20fa01e8a0a6215
SHA256 2c090beb9ff13ad0baf33fe1bf7d66dfe28c2af1f232d47bef4c3c1d441fa36e
SHA512 70b075c09850cad8e50797efd8f646f54bda2982821f98d54e58ccec42260daf140b3747dea783eb7f082e0ed9ccbe9a12c1b677ec9f26dce2db26f62d17bb7d

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe599d50.TMP

MD5 05e42c94dbcbff0be27f8811cc9b9543
SHA1 41c6f0f723c12759b67b719b6d282f6a8a89d653
SHA256 7d58044db452168c8ccc0e7b1cb32875cf7d09bde5cda657e09b8c85707a1ca9
SHA512 983ae49ff71234e6d8a4d159a1b28f27612c9a51ce878b819043e313a8490f8576d0d23d94033d9cdfcc6b6b796548744cbd23b8e026a13bcfeedb966ba90714

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 81cc36c6205028411012769e56553b8e
SHA1 d30811ed8ae928b8cafafed0ac92624cd66a9899
SHA256 7ce91276c13668bd2c00761bb9a302f587eb39daf41e6d4bd7de6c7683f7677b
SHA512 938a5a92a1b802a0554e07187f122e86333988d06743a98b3b9021a55b1c02580a677e06f034491ab6a8ed0d7d7ebd04602613425a1f9cc4766872243091545b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe599d5f.TMP

MD5 2b69ca88e03f27aa322d24fb0e6ced52
SHA1 b9245ad8bdfe6e52df266683e6c557bd5a416f13
SHA256 66b57d06cb1b277a4554f076030e8571747dd6a322f5d0cd016511bfd9d1bf76
SHA512 3d5c9c9ea17e52bdb0a2db5d262baa8a41eb78c0e46d93db014946122487ccaeb32ea5a48ff56dcabbed0b4f0865ae511eb41a16d5859c588ef8be7b239b8c05

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe599d6f.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

MD5 90f3dcc7388bd4c7b3ce05bf62cd68b7
SHA1 e8d99cab42ad43d724ce7f9050fc294008becd05
SHA256 e063a6aacabd9e3c5a0f0970f9019a3bf077d59007c6f99862e27e467737f800
SHA512 ee9f207b735a25c0a4d2b2d77e582511ff681e7599b2654bdb7b972f78c94fe74ce0a496b19f17c77f99397fcaa2456f9a827e811a3a3c6921dbf7295c43f92e

memory/1896-1488-0x000002174FDB0000-0x000002174FFB0000-memory.dmp

memory/1896-1486-0x00000217626D0000-0x0000021762B10000-memory.dmp

memory/1896-1490-0x0000021750010000-0x0000021750011000-memory.dmp

memory/1896-1493-0x0000021750020000-0x0000021750021000-memory.dmp

memory/1896-1491-0x0000021750010000-0x0000021750011000-memory.dmp

memory/1896-1494-0x0000021750010000-0x0000021750011000-memory.dmp

memory/1896-1495-0x0000021750020000-0x0000021750021000-memory.dmp

memory/1896-1497-0x0000021750020000-0x0000021750021000-memory.dmp

memory/1896-1496-0x0000021750020000-0x0000021750021000-memory.dmp

memory/1896-1499-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1500-0x0000021750020000-0x0000021750021000-memory.dmp

memory/1896-1503-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1504-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1502-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1501-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1505-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1506-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1507-0x0000021760E50000-0x0000021760E51000-memory.dmp

memory/1896-1529-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1528-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1527-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1526-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1525-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1524-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1523-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1522-0x0000021760E70000-0x0000021760E71000-memory.dmp

memory/1896-1520-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1519-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1518-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1517-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1516-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1515-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1514-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1513-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1512-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1511-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1510-0x0000021760E60000-0x0000021760E61000-memory.dmp

memory/1896-1509-0x0000021760E60000-0x0000021760E61000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e1f1d96b68e3261cf312b541611c5539

MD5 3adb865c801399c412bc73840d3d8241
SHA1 267f8332eb7486bccd7a6730cfb4f5c2152b11c0
SHA256 10fb505b7ce30ce4bf5582248b17dd47f6a39635007bb77dc5d16b963baf9905
SHA512 609793331ce25c6667067b3616791f3ece470500f797343178948e4b7af18f275fdde226f542610d957b397651e12191aed58dbb88bc1c59eff4625e550160a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 110473149cda48621466c8ab2734a62b
SHA1 1a80f67e458a55c19889ea8f1208235fbedf5b36
SHA256 2cab8ae7034047889dd9d367c8c8e8ccab1358d6913b776527dbffbd654ce5a9
SHA512 159f5cbd8261c903904ad934370c8e045eede928329e4205a0fe0c96ce4f026c8ce24005407e11e85dfbea8646d1a410e756042eec4b4b1f2403c66afd185450

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 30c7b2bdc35c650d2b65150241646816
SHA1 94d466a5f5159784155b6adcc9555bfdae4710c6
SHA256 0784d39379f0a4f971777844ba07550aff31a3d5e32ce1d1eff6f4c7d49b90b1
SHA512 8d51ef924b6c8f46a7ced69f188f2ea583ef3feb7fd84f51a8af8810c51e5099052e2c1513f15ac6fb83fecbef8c984fb4e124ff524c2b20a437943dc127465d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 6e7bf9035eaaae5f057845d6b8fa4b2d
SHA1 7775aa7bae943575cc0a184eae3ba8e0e546ea34
SHA256 7303550849459e1400449b37964214ed3685377091622e5b75b304e5a1aceca3
SHA512 37f8f152d0ba77c4931538b49b37e3b3d2966917e3eb0951d8f156684ab932abf6808ff4cd17c46486d6294d1f49d3486d37454c575af2a8d90ee4e97c832993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 5c49ac3d826e0e4839139947f02f7aed
SHA1 816a36c2cd15f904cda828a9e71d1326ace154b9
SHA256 04b933ad2b6a5a1f6a0b836b23aacfddf539d18dffcd436011ad6552fd80b461
SHA512 f7b7631c7dc261a937dd15e8f4e25015d01c630c0f8162a6e8bd66931b9d7c43868879569896d2d7a8c975b100797ddeba0188d2280ea672baf9e6371c08dd77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 483d766bc09267e1e64f8018bdd02cf4
SHA1 e9151ebc9eeeef3e4eac46936ad35d90047ef930
SHA256 516a9cd869bcb25d5487b4daadecbadf610a725aacf5bf495916f51a0129c9ad
SHA512 42a0ab143a4a906cc27ea1dcaa11819139ec74475fc89ac621ca2441d1c1919b5d91f51606b5b597c5f803878e614f3420009a175168d6a5a07d574e0f7b87d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 405c76672a356c8daf4930996fa83b60
SHA1 656ad50a8b6aadfd8fcde438642b6d06bdca977a
SHA256 a66ccd9a21e4c4635cfd2e1626f3b28c53c85ff3082998110fa51245d08a50a1
SHA512 6ca35cb7c7094d077f6ddcd160f094ef7fcedc3702b3e45c69ef587e3b99ad1b112652704bef7681d2d3397d4acc73679272aa87fb494e9eedeb6fa15eb2cf2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5560cf6b21489bf2ea4d33531427501a
SHA1 aab753040506b451f0bff3f69b375a5af9042d3b
SHA256 4effffecde5c67a69584f8a7af58ba64587d47fc62c8e863be3f122c1a933324
SHA512 08d82b2a5eecc6a964a0e48fda6d9f725bc54114f7a41a77b39e24aaecc5cf458c0ed0a5a3d4660ce7cee9107f970e742dda1f0a6c05c7fa52d28f59b253cf4c

C:\Users\Admin\AppData\Local\Roblox\OTAPlugins\Downloaded\OTAData.json

MD5 7a39cae24c1d13e38fd10bcef98c80ce
SHA1 58d8a40b4d16215399749b563ba610c5cd3e4159
SHA256 72de5cd3124d642aafeb64a4562c31204bb506a5c4fe37de302849aef41f0d40
SHA512 8f51f5fe9890099039ef275e5148299a87bcbbc1a9aab5c279105b96efd795ef445803b4422060964b3b010c180c9b4526c82f84433669e4e365812f9642c80e

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3155fcef089dc24083f907e3b23f33e8
SHA1 09081e12e61590fe79585aadff3e2718b05835d2
SHA256 335625f1c34877d548a1ae2d3f36385b410ada9ad7dd5f51b950b1ab75bc719e
SHA512 50522787d26266debc761a5d476ecbcb70083cac21bc5f2ed2a53f54b80f23e97929a9f15687a6f4e1218cf4975648c3ebdd6602e5672768de0b578ff1207dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74fecd3c1e115d8cb11ab93c79d815eb
SHA1 2aaa2541f7878c95cad6932ad691d257e715dce1
SHA256 0f440d4c5ff8a6c792c26cf00348092a7fdb286c8c1e013982a67f890ffab2e0
SHA512 724093b8d1e5d854588aa8d6ce713197be3d3eef850a6b73fe4d3e24a893424333a67cfd1d1a2e829602897eb2aa0c1a366dd5a441d117791a06193ce3596b0f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\cb8fba4e9657d6e329679fc1567cc392

MD5 f07fcd8f4db43a141d6c7b4c868a3d97
SHA1 e7327f8406ef8fe848923396cb9fbe6516e20f82
SHA256 53bb403a8c5f9e5dda3b932b8ea7961ad09751f3503504f2f6091bce985395b8
SHA512 70893c11c98e6ae2f0a40a823a07aaf76153a4c2c661888d22f9103ee0717e38e8a604d4d15c92989167186b37f0c78e248656ad10a95b20a810c06dd953175a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b01f32110936f0d8a0fbbc05bf3b5492

MD5 bb92b49d952fbe205eff23e0862b6d3b
SHA1 dd86609cc868e092ee0d0b537ac990cc388e5823
SHA256 785f0b44b6118f044f1327b9b42b49073d7b2dee1799322c4eeba552348be096
SHA512 175c4e7683832d038327738f1e8c006edd7c15d5b618d499728156d8479e3e6192fd465b59b707f4ed498c3d16bb482ef4f779d2a05ba09e563eecdb7cdc1e93

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f39a0f61ca8f2f20d249feb275a32105

MD5 e2e8f111665b69532f5fdad44d8669b0
SHA1 cfb392dd24f5ad7dacf4d93ef5a92077f6ed94b9
SHA256 5309bad5dff7f55df19d727026ada45e6e6aff6478f03ca700f5757a5294121f
SHA512 7587f0d0f33dc82cca3ca0b8e489baf634b292907a034f446c8451deefbf73a5bbd0820d8be7bbb55f32ea15ad07342bae11d81bffe825ce38d11867cb59afc0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b38e35e646bba71cacd43fa8bb486cf8

MD5 59d65ab2495aebccd5a621dfeab29cd2
SHA1 f2702666d72ab4b845619e1b6765dd46894d633a
SHA256 536f2707e8cd5cef569df8ca2d4b212050eef3029b260732660455614a829c13
SHA512 15e0ba9636b1be9c4b2bf906f75ca59838d6230b530a445154c60fe5afca92a95e9be69d0931526dc77cc9d1a454702f0c6ac5d9f7f52e338e82e02ad40a90f6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\66c03ffc9119d29c7ac8e4fa477859b6

MD5 87e8ddcfe5f7bb816b669481926b7780
SHA1 d11e806e8db2429a7d27161eca36a9e0e34d6bcd
SHA256 d202503fdfc066b42d837b0136d720660ff2f122454ef3c1e85094f2b830fcc7
SHA512 ff36cf562ffe524a37aa180c8136862af29a63fbe7847abdd65892ecf0382b8a5d2702c7179d399c6e903bac25b4f8035461ffb5d7a74d5169a9461bf878ade3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\36052137bbe8b1d19433205053524dc2

MD5 565d0bc7242317ac09116b4fc04a14d8
SHA1 a42a5d8af87388d522d14dcae20e8d5cfc0e2e93
SHA256 fda5c747fd7f6a69c442445f62ca88f42b11da8e947d83385598ae248fafa2a6
SHA512 bbd904d252b437856c3c801682ec5b7da0885d3ff49c0a0b850054af02871af5d8899246155c9ae39b54fe387f3df5b116c99c5f5cf4b51421c17d82c9aede2d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e92e4b7d7335f99667bf2449493adc15

MD5 2dd7ee784457789b4a09e0076da2cb34
SHA1 12a11b0c25a8be1aaf0e46a1d67be6cb90d1dc1b
SHA256 1e93d6e80d314266b1bb439895e3dac60152022bad02825bbae6c65c3ad858ee
SHA512 8b5e4a15e64c94fdfa621cb1b6b43d1db173b3ed23f18b545290a7706afa613da2320549b9872340848feeb8dc1481450a1682afbdb84a941a7f07170b16fb9d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c9899dcdd3b4e5073e8b00e90d86d3fe

MD5 608db2474694ff7f2ee732a066117227
SHA1 2af4a7c525ae8a821992fc3c508e104213939671
SHA256 dbd520a70c2d8036cd85f64fa7aac7176adb1039ea93879f3a12016747df9e4e
SHA512 1989bce9ff4cd0b3c8a3dbc978bc6bf6ac5c2fd75791e66636dc7e4da3d44de061e600b6f1c4fdcc1968efe447f517bea48bf7a68388beb0568e445dcef11a57

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c4dcea6adc2d64199be5f53174d6bc48

MD5 982c34a596d7b81aa5b0ebda280017ed
SHA1 3687379859242833ecf94776518da8927d4d8f6a
SHA256 cca65a0bd60c3f95a523d5e1d7bdb0e795dd3861a9ec254d0799aa56976cd305
SHA512 64bc9251f233e6f4e84ea00d36a6e344acb04ae45638e8cbd0218a7097f267dbbe08328433f543196262d3f3e6953fb6f394eae9f04be3a08ea52f37eeac1319

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c2424e703460b288a2955eb1cfb50ec8

MD5 86fcc3575436ff1d50baca944424ba86
SHA1 3c1a0e0da8fd2b82b93e7c8a0f129ac9a5605a41
SHA256 bbb0b0046aa16f2e0c6689ed70a5d50c0478f2a1435c9cd5bc1b77466df14cf6
SHA512 fa1be2d8a9ae6357b76c7a463739add8c117107a8c6981da71d8ee256a093974e4bd596956a0081c86a74b24354caf17f4f108d70b9fd0b16269099accfe111a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c925669c89001005ac0cfb67724482b7

MD5 48902f1150062377977c38afa22fcf9c
SHA1 83085ec091bb09eb5d8c005dc689d7023c2360dc
SHA256 f34b68091154f88a88356af92130cd2ad55f73ccced20452a080dae5346292f3
SHA512 2014aaa86a24e5e47626a9a0fad498fafa6ed7a07cf76b49234af14eda73ffafe335ec45f8ae90ce1bd2eeec372dc47cded67a026a451df8e30a037360b93c91

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bacd222ace3b66f119fcd6a4094c6746

MD5 93bf5a6f9d7125ac6455d74910670b0f
SHA1 8853d265d83d0221efa73bbd9758449c7a34f3fc
SHA256 50e06ddf27673886802dec3a8bf5ecc5e50d12778b21ad7ae4bf550cdce1f869
SHA512 6d0d624be2afd73593fa6cf38f9a8e0d672365f5884132e503295a6201b8771af6ead8cf7a4840e29cae27b9e8548ad985c29380ff424920d1b3e292305c8660

C:\Users\Admin\AppData\Local\Temp\Roblox\http\06ecc9947fec57a4be8274dfe9bf48a4

MD5 9a2117d00c1443cdc86b8e41c530c142
SHA1 d647bc21d9163c372a0d684a714bb708fe2a78ce
SHA256 67b324fc3dd7b4b867a6b1ca915b1f918b322abbbb350e3e1fb6bcf1b9f88543
SHA512 b4731684e690542329026528d42c9dffd0ae1d80cae6b76325d645e5acf8f6ccf3903861e2cbc970f661f1aa8514317ca1d54c706a074709874281d5c51d8fc3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ea796ae07c2cee6b954489b3a8c5a219

MD5 86cc0070d5054393c504530a5837ccf8
SHA1 94ab7a2dd545fbcb27af1db3e5344472ed1726d0
SHA256 921415373b6011c6776dfa377eee450d25526f08fed0b0f485ce1aa0155d96d5
SHA512 fb1926f9d57aa8632f6f53df32dd9ff908faf8caedd15431a87e811391138593c607c0b12749b638c4d247549e270caeca02f6c08768b1a1e2aa7c1aab618401

C:\Users\Admin\AppData\Local\Temp\Roblox\http\73399ff06b663f125d2397f374991fbb

MD5 73fefb5983d57bf809d5999889ef0e9f
SHA1 e7a2e78914ca0d927b7af2019cf7bcb117e9557e
SHA256 b4c8ebb32e7af0a9544b67c131c757bb8d0cb13d6b5fab05df28d2a11e59472b
SHA512 ff17a845d26bf8ced95af80d90e432beafb1bb3fb94e746829e2b45f393cd96cbb1538baddeca7ac27089c9393a9a0fd393fa4ac64720a4a718ff6bffc1eec6c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1b3eefe06351575cd29b3b86f3e22ecc

MD5 26bd5eb069147ddf0ee868f46a4c0286
SHA1 b0102128b038f02c4cb68da95c398482b759a19d
SHA256 450e2e6e3bfda624d6769c7f5061228528abf1c6262062b68dd977cb24356d69
SHA512 49183e01e4e20243fd36a88070db0c8d97682086c6c59cf9cbbb36610382454ea31d5f4de2b46d148ca9479c5fd2476a85c107549c340753fb1b9697624f5b5d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c972ebe9920e97bdff4b52c237c90f32

MD5 fa188f7a62f323c3132f2e063dd34b47
SHA1 d241cacc2a33a5eb966bf79a1dc3c75e62ae61ed
SHA256 5274df506942140ff7dbc6c99976ac21cc8a6c4456faa252f0fee97ef0d7215a
SHA512 8ff5744e80538eadefdc8cfd13f950ec881a89eb37d7c75499997d094700c613957217bb06063184333faecefc1db999b0938b3ff49165395e3b48ec4f84b987

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4563cfb0e3cc7ac81fa9e1430a798c97

MD5 8289993517864bec0bc6833291375b80
SHA1 3ca4cd4efdb86792d4d8c9c3c53139c437a51642
SHA256 207f707b15311f20acf9f579109942788e7c8239de61bf37243a6dd49f70554b
SHA512 658d1e7ddbebba31aa8c5a81964e6a6cb01fbb384d6a6916b1edd6fa9fab4954d780ff87c16fb8e3f51f1a2ecaf34b45cf462e5da3bcbb75dd7ae050451751e2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\82a93330ef6fa233bcac702f588e403a

MD5 3b96c14c2c48dc0d70cf7b71998e7be2
SHA1 1b12fc646a55754f347d8aa300cf3cdeb013cc3f
SHA256 f4cf4f2110a54ccf1c7a9dfdd9a99f533793eeb4b0585cb4cd6f811550ca1717
SHA512 6c70ed773630bf51a8d983dd6030d718d88b0d531b22aaf11f21abc597c3b4cc6431b14c7f9562e3f4eda4c2b04c0cedc3fdaf250cea7132d1f261d9a071e52a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\aaa39c5f3ff965de07f7a5e770ac084d

MD5 4b6d67d7bbfae04c725d3c4557d039d1
SHA1 e701495ef58dbe92669ab88a440713697d4214bd
SHA256 55f1afe7970321562315838b3cd89dafa2362e5959a28178bc0d15d9922c4654
SHA512 c99a0f0ba4586617658432e299afd96e436c9ba403e7847bb0267de1933568c4771280325b121afa4d5957d0babd3c4d5bf9a5de3c1b96f1a01f3f4eb7e9e407

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5ce80fa948bc10d8dc2ca7cce0f9b930

MD5 571dee447dcc14c29a7e08767bd6b5c1
SHA1 f1941a993ab867b4fad22541ab26e1465a755123
SHA256 8d1c95f5d55977063fcf247356b592f97f1f16243abce7b4687af10ae3effe08
SHA512 5b200a1c1bbb43d34cc90455d30d4405f5381dee5af240904ceb0138fa22677646532498d8814195b2563f5778e6d95c8be6d910cbc695fc685a8b25545f8dd6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c6a71e7ebee12ad7e88e765f90c13254

MD5 a11cdcb6f2d5bcf5ee9d400fa0e37462
SHA1 6633f46089b8936970770ade3b533ddf8fcc2f50
SHA256 00abc6a4d115d2068edfe89379f70014804253227006d085edee03320eae9976
SHA512 4dad239e30ce8a4b777b2cf9f326eb5166930b39f396761bccf23e6b32df1d670ce779179d7cd0a3a61b56b9e6200e0f5593b9a564572827b8d33c169e2a2f47

C:\Users\Admin\AppData\Local\Temp\Roblox\http\14219a7b96e38fee831e9c4c8de6ee1d

MD5 0796d0fa911d5bcc43ab5dd93b1e537e
SHA1 fc72cf87bb2b508a4ac62ab9993086d4391877cd
SHA256 5bba985d1ecd0026d224c189de9607171866b540f10fa9c40c9e3411e579999e
SHA512 92436963c975517cb18acdcf12ec039c244e7d8690fb32f9a8d369ed1033b768f449b70329b849cfc7ebd1c2b76e5113a600a814d39b6ffa32dde61276f0cc2f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\186c73fde9923acf466630a51ea37b1a

MD5 24ed23e60b056f5d334e00088ae33836
SHA1 75a42ae94a263bad5bbc482bdcc0844d82ad8206
SHA256 366e81a80b5a1771169ef20531574e838fbc0d61a72ba8b21719cd38055b266b
SHA512 2b55c9b67248b5baa5db374ac59ff227c0753412f19c1ac6e9e51aa011b429ff2fb62e109bce576aac18c9b892d37487e2fff8057c1be6cb67fa662c8b8bdeab

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ae6f6da72d44994a0506f3c4e01409b7

MD5 62935375a28b84784243e28c1a40b6bd
SHA1 f43b81f8baa8eba79883d6f2109abe50e01397ae
SHA256 6cdfce5ad3e99eb76326b0acbf8cfff62cf461cc32750d4beb18d3875536aef4
SHA512 a2709de53cc2a4d88a59852e5519886e5f53b6603b974c3c0e74b2679020feb3e2a3da9807b01ebe0b4278a471f59a1d6e9b8e8181db7c98b5db896fd77b044b

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8105c44d3796161f1a3c919e0332c219

MD5 3d7dad3e669918c636eb3e9504fc36d1
SHA1 3ac8f47efc3fc71eaac2b6e494ef48070d2e6cb1
SHA256 baabb2d55fa437958ca20265ca1d93a615d1b67f97e6319a53f91f08c54e1f3c
SHA512 27c54c74de5528cb7829a96be8b6ddbeec99a14dadbf1bba19221a428997d2270cae1a1101f879bef1bbb6b87b26ef47ff8429ba3b37e8d09b3e022ba94688c6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7eb9c2ada496c1f585e5b7b62ef7f10d

MD5 b247f71c66420a3ee186c782dc9989b0
SHA1 5ecbf9e6fdcdc627bc80600350fe08eb70716c19
SHA256 ead4058cb5b7ed21ab7c3de643a9855c4df21c15affbc4e928c77d6a4546d418
SHA512 652dcffd2cf9a721ff3034c9a79129ab4479b51252fbc4aaeab7e94efdf57469ebd4e6b03e482504cfbc40144607b02b8016c4aa33ae215ed8de7a3023030a88

C:\Users\Admin\AppData\Local\Temp\Roblox\http\cc7ba4b03084890121f90573c08fe802

MD5 c519f35acb2b906a14843671b30c4dca
SHA1 4ca1f63a314e6f5fa8dfcfb3c65eb600140c0070
SHA256 78b8f7a7bda9c66b90dbb716b639a800e1be42941743b145e0e91ed471dd8a54
SHA512 97963fecfd7edf26f2211b8144ce9c71e494d29583a9fb07c98d0e76c01a2929d6556072f71eb2e4e8693af9361c2445d67d16bb2f1fc844140d122880cd3208

C:\Users\Admin\AppData\Local\Temp\Roblox\http\9476ac03bba4cf1df5ab53d02fe192dc

MD5 f3d82ea0933bb0bc73d520d65068047f
SHA1 be4e1869b91842a748ac8b5b46dbc79e5cf65d37
SHA256 05df0644a0efee34a5a0b5d494430ed6b82b49cd53ca72d938d7fb01c0003302
SHA512 11b0077972690b5816ee16597e62408c7317e8bc1c091aad9e502abda4008cf7c10afe95ef20d33c90c6c50140a356721f6ae62e1ba268979ee1aa4dba6f5bfc

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 7435e0e40e0c368a413e2da84acc4091
SHA1 88ca15c10cfdcc12e112cf8d233d53aa549cc45b
SHA256 d1bbc6f6d5c5b48415ce26f23f387d0e1c18bc4f228e408be84da87461067b1c
SHA512 6bf504cd2a065a5074b5212b72c8243eaba820f08b4d9232a9614ea8430eef2bb576d34b6cbbf782ae58100d27677ac030890c034f18537c9e4af74d96e7dad6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8bc8142bf8cc1cf9651c8a362da64449

MD5 19163b66086bbfdfbb675d3e29a8aa33
SHA1 67131ed92b40233c14475a7829cee371eec3a323
SHA256 1d4ba4bfd8dd8a532562d2c8bcfb23d9a82c8e7957e54a909e65f88242ef70c9
SHA512 10f4a5a0aff7cb4e260b26fc313ee5d75a438c6ad4ae51327f6b9c8c20bdc1b3ab9a45b37314c03d148ec7629d580e895cb7938adac0cd219aab6ce184468a39

C:\Users\Admin\AppData\Local\Temp\Roblox\http\9a1dede260c89ae126078ce683ec6e03

MD5 9fa3b4ffe5e6abe8adefe470d2e429da
SHA1 2241d57ed79a933b55d08d61c6ba3be22b368e12
SHA256 f4d7262424ccb5efe80dca733cdc9bb5f715ce24be58977cf21b53d2856e97d2
SHA512 5bbf910b26436dfe75dc39fcc2df1f26e3416ff5cd3f0487ad1ecc6cd59ad463dbe2714540e6cab98b40e3e02fa35713dc9a8705cbf8e1b3d922e78a0577e705

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6dd68cb0200a2861cb23469d7520c837

MD5 8f26da95fdf19254cf1520d4f2152923
SHA1 f095fc770579e744504718c46bf741893719528b
SHA256 9d1db83d9c0d686d3282252526c5c89a078bcb2fd93f6cb0d524d0659427c86a
SHA512 7c547d463c09d067be0376f8c10d51b3463d419f0f1420fdb195ec9667210e6f4d4742283cbd4a493a7a68f33ec1d244395bd8c4d2f3be63c7c76caa17e05af9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2eb9ab36829994d11c65e82f546b5241

MD5 6aa8bc268a75a675bc4c37a3b8bd48b9
SHA1 7d5fdbb6c0f6e0b25dbade748580c564c893bd01
SHA256 5da5a04d315061907bb274627ecc359d57414ac63698d2ac2404b4506368c397
SHA512 4100afd1428ed410c6afe47306b8e98bdf302fc183afad9a52b575debf248443cd391ad5523ad1bdb69e5df82536dcdff246182b4e2f6aa7844a4d81ab9181b4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\460c2f8a4b941819d81ee5e0aa43f732

MD5 3927ee3a62d4fed5a032e0f676459ee8
SHA1 3188b1c83d225bcaa1d8cb1c80e52f02589fe0d3
SHA256 d06e927d723cb60580af0eba10332f1d9bc7c05e94d24cfffe2be40c6b46c4ae
SHA512 29e82b44ac9bc632fc64f089464f392038a852dac563cee3c55845a963ed6b2f7fd4c85d264bbec6779088a273e8692f9889638ac50d901213187ce8b7760e43

C:\Users\Admin\AppData\Local\Temp\Roblox\http\57a437a949f544a7386f526a1842f575

MD5 f81591de8e72ab5b993dc2472647db45
SHA1 2c1833ee49a4fd978defd8d5e8fbc6afbb707133
SHA256 01a03faaca492b1928af51f90f66b15df39121ecf45827240c8626e5e1caf8e2
SHA512 20ff6be7400093b43c56c7c75d1d13e32bd1c189884f221e2634b269b912b5bd2fdb6779522f7e6cd9ebed1e905c79e477c75de022a06be813dff00d2603630f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\de1727bbb67bb10e4d8fc8c8e70a74dd

MD5 75a45862d9e8e194322255811faeeb41
SHA1 6923b97a72360e0b89377a9e40961df085054a96
SHA256 b49ff3cfa67f108b147cbeb1c4f7db09d6961d2719a0e1f95e5c20211e1127f8
SHA512 4706ea88aef0f13d0c4824a2b0fe407730628060146cc70205db2004243aa74e5f88c466bc364309a4e75da9744435b23a7e7dd63db4417ff863a13280fcb876

C:\Users\Admin\AppData\Local\Temp\Roblox\http\47e7d9939131d2cb0a1aa91a12479b5f

MD5 7babc95f784344e564d847f50a280b31
SHA1 51cb312c97fef3332625347d2bbb2c9df562ee9f
SHA256 4b6bc9a7fbb33b3b02959252eb1ba1db0d44ec9013b372efc5cf26c0d8b2b900
SHA512 b0cb78d3c5a293e5cf11b34cce0d7bdd2445f0506c0f4d8d663d11538f3ef96c630d7a5d293b98c147617f21f3088847d8561668dfe2582ab13dcf54ba45e953

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6065cef3aff6a794a79ac1f5f8ec1f8b

MD5 e3aa58ac75025794d5bfb2ef174756e5
SHA1 3df99816f122bc150e7548f35f29659df5af185a
SHA256 d3173d85cd51ede0be1d8437f004438228e2a3055ed9d3db8e4aac172e53ebf4
SHA512 013219c05928d044dd565195b95dba9196d7dae60305a525df04d8939eff5b565312d4ab14e843867fe73df919377eefa86d0867a0fa76f20bb3b28b6be4da6b

C:\Users\Admin\AppData\Local\Temp\Roblox\http\95457b2929903a933e4cc45938033f63

MD5 8b756fc55285bedd98b4c98078c19bd5
SHA1 07fc27d725a0b71c054e6dcfda65b1dc2297f467
SHA256 9b224ced9de5d8227caf55fdc501c92eb2c17dfe35c3a2f3409202f1b47fe55c
SHA512 f0d52b5ac7fd0358cda17b24f0109137ec5f83bb62e4683f23db678cfe7c02d9dd2b4ccad7de9236e0d7605d4731ff5f4aadcff9648f6572f309c19816af1c56

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ea6f59021686cede699d07835f65500d

MD5 9f22d882e3a35777bb5d36be76559936
SHA1 cc0bf64eb12737775dab46468e86555e2ae0ed8d
SHA256 c93658046315c5f16ceca083c7d0dce62b2fa90e5d16bbe3f78cf0fdae39bb97
SHA512 a74da33ecb290849b34576c3bcd64a5be3329159e9e177ed0c771183f359b2e3b6dc6ad432ed83326947b28b01c2d09ec1d89f01822d093044e43b4c9d2aeb96

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1ec71f7125d68ae6f5ab150c0360343d

MD5 e315ef29281c5963bac7f7608e741094
SHA1 76bd3a2824e573b653418c8a8d5a114780f93b99
SHA256 f73adce7fb87ed64e42451a13086484ef9472cc3bea8c5343bd517bd82ab0d11
SHA512 c271a41c2901cd1f09d4c5eefc94aeb67cec7c8816c346b0807564bfd02d9274b681d266271b9d6e45c844a55f7597743c863f6e6d16f304fd91d0a754dafc10

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 29fb1e363229e22758ce5c9a86a8608f
SHA1 ba355ade5e80281162f038139ed23558406b4835
SHA256 43572a69048d664614a898b6688e1d0de116b693aca2a3add8fbcbf0e339e5ba
SHA512 6535bf7fd001ba524c6ebd498dd26ea5ce529bab0d696a300d76db9dc41994220082dfdfcd1267ed5a58dbb8d8606ef7d621879ae0b1277f4c254ee7ec559c38

C:\Users\Admin\AppData\Local\Temp\Roblox\http\73823bf90b85dac1c278975a69be9c35

MD5 69dd7fb70689f08cc4b4a99d93a8ff70
SHA1 35e645f3cfdc2f1b93df1baffd34eb701feebea9
SHA256 121cb9f4343a3a41a478547a8ff6ce14d6fd95f46b5d2f419af9cb6916e218a3
SHA512 5f5a870eaddc99c059ef1232b9b669f9de3abf9f72d8131b8ca0dd745cbee45a4fe18e104d453ae32d7f97c2795cf195ddf3a3a17171e388155354dd11d6f692

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c2aa7eef08c7572d85328d108b651376

MD5 7f86c7c679806aff4813098707a7ec2e
SHA1 bbc0c4b71d6ecb86d236e820b27f25b3c1c51f95
SHA256 139d32b70aca3fd6d43b0cbbb302f6e54e0b43ea99cea7d851e53d8efa6c136e
SHA512 fbb72e7dfdc2aa7d1da459dea7704c9fa2b06c539693c5299df6d97f49c24c5f39a8d25a46a5bcefeac1d649ff7ad0692d1fe79aa92de7c07978a11816ea388a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77e8ec28f68cfe939d74cf1d00b4e59c

MD5 ec5877068cd32a18e9cb5ffce0a7c83a
SHA1 980ed7a819044732db17a767214a7135f06e5db2
SHA256 b23aebdfb69a1e97e17db3e85a975c0cdc7f78a2cbb08d4fae15f3edcfdc0784
SHA512 a4794087dcd4a5b71334d53db615d4484ff6618750fca96d1af60067a610b976d79e8a155340209ba302603ad304ba3ab12d1b6cdeb004e77c5b79b0b2036171

C:\Users\Admin\AppData\Local\Temp\Roblox\http\875f8c2f523757b41149655e4795e9f3

MD5 d7b140febc2a85c2733b4e70a896637c
SHA1 87c9e160c934492284d08f25b862cbef9de56c8e
SHA256 02089c0d1709ce9937d39aa6423611a4723e2d44cd433df4ae12bc52e2b9dc91
SHA512 c88213c51639d5460d9aa2cac66d701bdf1acf06f5a7d682a525c8a3fececa8d86328f0a7eb6996601d233f40d238d0818a3b3a3018b76ed2fafe72a2c79b271

C:\Users\Admin\AppData\Local\Temp\Roblox\http\66438c5a0826746d40e1fc7ba0fa37d6

MD5 63500f48e36cd186a4a561351a50521f
SHA1 7c5af580c6231e87af4c5dff729b96d9ce6df68d
SHA256 de2593455ce018fefddcd45a202d7be2fdc416a24619426f477c47f9a982a825
SHA512 86d4fceb9bfe87a76b5c31a4620022b594bddc1b14b435e2f60f011466f5efcf342b44ad386792985d2baa9cbc7829b1bfae57fab943a482f9e1bdba5c69bcc9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5436e7fb7ab04ff817584dfebd2e1141

MD5 9e3a5b969162347cecc9c0436c5d95db
SHA1 9b3c2eab321045826317d4e7ad4c1eac1afd8616
SHA256 78afa8838e7e821fe53a2f6197704aa575ff64926db3d58ff535aabc99a9ae6d
SHA512 b30b4d38e5a012b420ff0a831948a8cbc467e7a4a1be80b7ae381d6354e712cc965dcf194998b5747fc8c4abe2ffeac80a355552231290604b4312fcfe129799

C:\Users\Admin\AppData\Local\Temp\Roblox\http\9c0591bc7cbfe213b5ce5c42f071cce9

MD5 aebe68d9b69aaa1f8ee91fb3c7da9c95
SHA1 1f4c1e39dc366d791e57d13fc291a791e92e401a
SHA256 e0f9a3e8172375d5ed6b2505ddb676b0efb7708f58b78fcc6874f04a3cf892c6
SHA512 61fd4d936eedb49f4d4c6908c68aa3e7795cbb99dc9387ed6de9ba69324c21c9781b9a55098c82af70d90895d6af03b410a6cdbf86fa29b1600bca610f28c43e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5d34a1f5416fdc978c6e0c7edc7d67a2

MD5 c76ac26f80988d0fcf03874d625b86af
SHA1 b04a5e95018f8eca571daa4077e66626b9ba0de6
SHA256 3dca66141315cdee30f7604013deab2fcc1dd74af93f9630fb700b7606f531ab
SHA512 23ba1357212eb135ad87fcbb81bf73fcf2e189da34f08ca1cccd40d763a856e9ca8ce5514af395caeefca2b0dd3a6fe3b8d43e060c5baf5139fb357fedb90a59

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0f10b6865c21c904e29f52a54a31f37a

MD5 38b25c1089062288a7a9a8876138e465
SHA1 d7dc1955cdabe9a50ef4f6b345c9012e3efeb56c
SHA256 e39aceee4952e730f1a101894520b046ff21156ebc79c0f8e070e87af20fdd29
SHA512 198469bc9aa03de2c29b322cee7714a67b1b421a8fb0b6ade7148f54fb5ea0a37f6afe5e80f052f41815174363ca2b2dc8395534c624f0f87d2f7a0e9d773dd5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b39250833fce2d9f0655b124db089d4e

MD5 639a9c5f588be3e48a6bf5601215f027
SHA1 1ab7c1d3d5df21a05324853fb235b848945c351f
SHA256 4fd48841bac69eaaeaa9c936347395f5eab6fd4f5549d65cf6fc541884a4b2d7
SHA512 c3aced88385dbd9b10841f72c422b17cabeca80ad11af01222f8901b950be3b42467851d5ef61fa3a1d92f7977724926f765b8bc594655e93e116d04223497dc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ceea000e430b7c9714bd62a61ef5eb0d

MD5 e6bf3b994b7bd85aa47c17406d367d2b
SHA1 b18be2803acd9576aaa72bb19116b09680f0cbd0
SHA256 92638ea5cef2b20242923fd21757df86c8c434ff12243d480250364b8480f2fa
SHA512 3e207bfe1b30c981fb533971769a4051c0c87ffbfcabc012606ec939c5b66f2bf59cefeb85c2b903856d6396584b2c96472965c11d90d6a1ac9f59b29cf3d664

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1aac6bdbb2642f3f23fbed64d042c3f

MD5 2c65a49f36fbe81aed88d7626a0112e3
SHA1 832fc429cd021f288f5ef9531e7dad6c9c6507fc
SHA256 eb8f138e67962a5c7db64722b78454da2e3c3d656ec8d72c9bec566f10a942de
SHA512 4fe7c7a7e439f6b43bc13af9291994ff913fa65ab1d77f162c97b18ae505b1c46ffb2c9236b7c9010580b095526a58204bf182aa5d476e3d0a006b2ca450d181

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0cbacc9a3c6aa07deb13db83f658936d

MD5 e3690a37568ee9fe7f191a17a47e2146
SHA1 476c939e0ca065001820946509e36ac2842fb1fa
SHA256 b8da756d34febd98745815e7ee643c49dfdf1adeece7fbdeda22487c06472f28
SHA512 c7b777cb3616fbe210b58c1e2395ffb378ffb36c2fed3af8c634e7d39667b9b433386d1a284f936a1d4e10e76c7a678e97216fe801cf95a0fc3fb313fc4514a3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\069186f04ff2c9d5e64ea0321293e0f0

MD5 e19d9cfc790b42c71d61fdb2490ad3d8
SHA1 cde29358941e96f695c606beb7e22aafb5d0bb28
SHA256 f4ae18ac5302629dfa9afb88ff7111748c657c4fa11fe6bb999da96f4639acfe
SHA512 401c6554d514ba35b01b4ff8265cf668fc162f8bcc7e4d0effda45640d449a7d6cf238c62a4358ba262eb548f61a9d1ed5f6fcc2d2098d23323dbb95af566aae

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6dcaacfff972e8a2877a2eb571c2768f

MD5 718ade42294d138b3678aadd6bda17d7
SHA1 e429e95eeef2f7cdd148cb8940433f27012be417
SHA256 46de07992bd00b96ac02fe8e1b59575e71ccb7049bf051a61b05408c2c274446
SHA512 b8e269c6e1821e0a49df92806ba1d1779806f5b15780b8e8e1f728f654b0e84f4db623fd41ad561cc66a11387069cea84cd393924535e3428f0b1cbf6711df39

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bdf75fa5b444ae85766111ef3bfbdc9a

MD5 9bb7d22eb06b53486a0eb7d5e951170b
SHA1 e980c919116cd26bf48da068b2c5df9e369413b4
SHA256 ff07c705a4558f19dfcb053596133f37e9c777a5d096e0c42f80c22138b30359
SHA512 adb705c7c7995e45d477290f7d8f99f55be49f3a7818979eda1891472e3cc3d2f78a6ab7294c8e8b5c2893ec950a0379cb64bac1a1d33413eaf25399b34992d1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2940155cd4ff8f39e442370a10007608

MD5 f275a3e704d71990a16c1143302fbb3f
SHA1 f69a3382a7b5007e42ead2bd00ced9ee033c6d63
SHA256 4356955d3153c853539848ed12d70504672290967dccec7e4e1ecef4c652b994
SHA512 d567c1179214617c5e300744fc4faec9bc3171fdd585e5dd512c66fe85502b78219202c7539ee1294433668bdad850644e015fd532f0e9d10a4c873e2637d603

C:\Users\Admin\AppData\Local\Temp\Roblox\http\db70620020bdec6da1181a33eabe4b3c

MD5 8e9dadc5e3ec22067b9610d2ea70b5b0
SHA1 faab29111acf7ac0b4c69aaaf1ce872d639d4eaa
SHA256 d2348f6866694e790e4f07f9d26a47b4c01dc9d6a01601f38d06786c62519a4c
SHA512 5c81ed1df4b53d3bbc11a149a200e97fa777189fd4582ea90c51b8ba282049b21f2a6ee63d0044cf005eb39c310c842688d304e5b84d75d26dc87616404bffcc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\edcf05be110fdcbc67b6358082d5307a

MD5 3878ad7a323ae7f9f1115501e346b04a
SHA1 b7b4a5f1b136abbea5dca282da57c19dee63d958
SHA256 5be91dbb73f02ac3b73c83dccdcc27bd722f72a608d44b8b889624937e90ca50
SHA512 8427beacaae3d1f1bb8b173036fb16240826525b38f4be2c5188ea9453b230cf9fee652f96072e7f86941c9b11804eca39520eabda33d6f47196689e1e541592

C:\Users\Admin\AppData\Local\Temp\Roblox\http\dbd61a11fcfb26392338fd2b1ff6a849

MD5 7342a963fbe8b3a5bce98391f7c91497
SHA1 d937946afb025eb344dac220aa2d8d3494c759af
SHA256 3306f048a000d6a897405f05abfd4c6ea181af54c1b77f6db995e8e00a7a17cd
SHA512 fbf1bc5dd2e4dd9a4bda60309ad0a9d891b60f5666d003af712028b28e740f060d6d745f1d33fbd8db95f0d6d8b4f1ba18a8c9622bf52fba1d14f2299ddc4053

C:\Users\Admin\AppData\Local\Temp\Roblox\http\dda2476ba9af66b2f9a790a72addd9d0

MD5 6c7034e33bb41a165e98abe92c6fce9e
SHA1 241f27967adb18bb86ba1b8a6b803b6e8fbde9c0
SHA256 db45704804de0d9a4a61dc645c7b6a88ad0c8c06f3c3a2bc759b8cbd6fe76875
SHA512 109cc7ff679fc4ea85581fc8c51f73af2dc293157d449fb90646ee806cd77edb2f7f3d559e25f0a42ee6881f9336e8a668e059fdb13a7b6434306bac19b9a9f8

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3acc8af1251b7ed321f9b36da661d9ed

MD5 808cb55c51b6fc55fa6cdb17892dc876
SHA1 4487b86a3a42ff05e109800b1827c100390245c0
SHA256 eed0725bdeac66a2e53e7daaa033f06c360314d751df70176a0af3f23eb08c7d
SHA512 0d2e6534792e7d417a6fa8403f22397f406352a38bfe1019d87e0308d041b3e69d7defae77e2bf6b87adb3b7d59718efea7d5fad340847c681eeb293beb0f24e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\cb8a45c1430998ec1304e4c79176816a

MD5 933b1f5dc544d9868d257d80e517c112
SHA1 a8d55f9cd5f79ef7f6fa1ffb229d8bcfb30ce348
SHA256 51a66f59fb6018efd308234879746581b50566d967cf1fbf63fd3fb6917f1295
SHA512 6e03ebecd629ec937171a7a2d11a88c83c0267c0f153b86194683fc967f0e1c827e6393a39af735813a1cb3fe2297cd6582d2f7578355e797a5152dd92d6e600

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3e2504bf31b5aa0ab48a8ae5f1dc5f1e

MD5 6abaefefcacaf36071c43e9dc51f1bda
SHA1 a562a7fc46cec9c90e86fa570267864ef2249a20
SHA256 55941590b6aff4d570b3531c493c14c46eb687ed9e4de19200de1681987f75ae
SHA512 5fc4b6db68c03630673789ec5f5d017709e5a9011f25575c0e428f4a21c30e1f6664faa9e4ed456ae79c7ea0fc45db30b8d45ad9b4e2e94f49b27c50237872c3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8fbe2ad68bce1f4933b291c365e04e75

MD5 d6a9f27b18ba6c1cd064cfee32420a8a
SHA1 3eb4fe70132f76c96bf7f951070f437ba176fc40
SHA256 612baaa3a5eeebe00562f3ecd4490073f3313811613ead2948c1626128191506
SHA512 1126e9b53315742eedcb4e28bec6330c03cbeff2d311c9bca1e8280720ded31b6ad7f4f4b6899aaf23656ec46b19fc2ea6566226c1fbb1ded1c3790832d9fc1a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXF8431E90C53B4ADBA8D0C229B062FBE6

MD5 5bff0b6da657e8e4ed652a4a5faf57f6
SHA1 ad49b5a7c4734d26061b0eea4496fc41949bc5b2
SHA256 c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f
SHA512 146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1a1d7a8fb35b007494a82bd5304ba1e9

MD5 2414d644ab2dc0d3c58d8546b4cd7ea0
SHA1 77a854549c69f719657f5d404ae9391c705d88f6
SHA256 28be75fd24c5225fe212cbece08722d92c4d2816e5c3a0051294826a5fe79458
SHA512 02bc18971dd372438e6f93b0db0e29a2b647b7e1acc5e8d8321f73857b746c5523e7c720ddadb96363664fd5652c30d5e396f7128813dfc0c30fe7ea4086a229

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0d8b0fd3715ff57ba968ae5740d39a12

MD5 a3366bed53be5f4fed574fc819a07072
SHA1 a79b59561cf06c8a209fb701567a67376d83924d
SHA256 ec5c1697be4eba9851b9a413c13e1a94f9846f6dba1d8d0fa33e1ca7292e8030
SHA512 f8424133bac79bbf7547bf7076cbaf0bd0767f220778275c36878bb982bb69bfe64aede42d67c9db009047e66bcf5eb9604205f6b0aa9a801f6827e2034399fa

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b80d47fd48f8d137ca2aca87e1d00059

MD5 7dae317d3e65c483f462a48cee3002cd
SHA1 330c91065d277740b721b723ffae4e5511e8da2c
SHA256 ad244e68f3ae289677897bd171703b8ab65bb03b17621b3c8f61594b906f8b78
SHA512 966a981204a7979932981d8870704fbe3d4afc2a0306cf149117eeb30a54debf852c8ef04fda90fb2d1d1261daec60db390a4c9b9fa77740d14171335384ecc9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e0fce80600a43748c6cbc0ac23f6cfa2

MD5 3bf49259291542dfee0f89d587c177f1
SHA1 22328c74fce75f7918f6c4b3ca5ad9e1921db437
SHA256 971101824fc41a26f9b1386d72750a69298f4725f266edb3c93b21f9600d2916
SHA512 20366e5775f42da8e313d67ace54bed3b2a010a84d9b3422276a8b544186345683c00663ce4f541c9890f906344ca3400015bef988d4ffa7dd4bf1c38161e271

C:\Users\Admin\AppData\Local\Temp\Roblox\http\31e8a63e8fa08c8135be1c5384c3e0a2

MD5 1221a85cb03fd45c001ef47af9935e7e
SHA1 f209b998e8972ecf158f58270244b831d107ace1
SHA256 e7c79bc6240600fc94d67a9c0e9c1f563a3f30698d7cae3d19b1735865835d4e
SHA512 2e6846a2ea3bcf0892703f3f2024a0acdf277251c55ad9c65e61fb5a8780c67ec707d42818b3d98103504dda9984c109ec0f8e393fc063f734bbc7bce168ad90

C:\Users\Admin\AppData\Local\Temp\Roblox\http\175af5595dfe9780b5b7b10ecb943336

MD5 0c9078c249c45630688d2af7e0574c25
SHA1 8fae18c0c69cf3a58abddcc9a55fba6d81aca2b2
SHA256 b0e7f0945d5de86014379ede1d9a9528a8c944534ab33e58c7b3be1b5706500e
SHA512 24e0cfdac58bc3714541bd39f6992bf0a4bd4c47e492edc40b72d045b4f06573d582d9f4e50e0c23f964ec678d857752caeec6a65ef89b70e2ecbefe749b21f0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcbcf8ab7914469e06c8fa6ee80f2201

MD5 958ad6c1423022b1905d452d8772d16b
SHA1 a1c5aef3f0d7550f8a9ac31ac1e295696477c02f
SHA256 8965deb3f4a35faba9f087defdbc2fb071e006f283ee7e6b1ce250c6ec12a49f
SHA512 5185a342c83ca7770ecb1103d95d061cc17c80526f755ebfac53305947b09765515221ba65b43a98eff3860e47bfc7a15f51e67d0636de7596a6859ff20804e5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1daaef2a5ce0ea927443fd099437bb55

MD5 e4a239995837749223ed2039a40a3a21
SHA1 b1cc97f9ffc3a367dd3a55a1a3342d59cb610403
SHA256 36ef28d0243f78f746ddc7abb74563980829c81dcfb91abcdaf6459bc7d374af
SHA512 ad81fe4cbaed589da0a3b97c20e7e5fc0deabf5910b1c41dc7d6e6e8b8f22486f71c9577886689739bdb87e34b330ce43cb60fb2e3c1305d77984ec78cc0879b

C:\Users\Admin\AppData\Local\Temp\Roblox\http\32c38bb4f4a560d621ab93aeb6ca5d7a

MD5 f7b60787135cc235066319d2412e77e0
SHA1 ff9e626cfeeb124bc95d830d20e13b15c6427c77
SHA256 e815d7145b898343e81a796bee29e8a71a678c9c3475a7b1107cdbefeefb6152
SHA512 bb21ace97ed300299a276844630c2b30aa0aab87a3a8684391bbe37a0ce7761c82011035f741cc1f596136043f1871d16b0238249d3b943b2c08fdaab8c0d762

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d8b4554062d011287069393d07af8706

MD5 a0c28b8252eda35f15ff0931e1817ac9
SHA1 3fa429b9d0b8926907abc63b81a301bad2442eef
SHA256 ee880812bbf7cc1f00cb363632e9746e7342cb5048765c483d56f4284e555a0d
SHA512 e49af44a8fa6e0c0fe4a5f55df2910ff43a6a9360d6e0ba507375487526fa4fae8c974763e4bb757e0907036141123920024adfb312f9d53703bf6d45a83956f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4dd9b09ac0d9a7bb380a273db7cac4ac

MD5 d97f6e22eba42d95c89cfd439f36c1d4
SHA1 3a439aff0b80708f6510643f70997b897500d2bd
SHA256 25f91091126b2855bcb9c2daa26fec21fe7cc6d25319925a95a55a37cc840b6e
SHA512 52ca405f845e8313b0a04657eaa9a22d1c4fbcf758d5796d2deaf41c7ed6abc28e3597dc1f5d803c009360a63db4e686e6622fac669c252b09d2a3d8dc451e72

C:\Users\Admin\AppData\Local\Temp\Roblox\http\9fd0b17a3402934b24f3b349c8d753a2

MD5 59e7e73fef4a9df2680ff8fe1722014f
SHA1 2b9d42140ad6207b1e3f5cf8d66b345109cb1098
SHA256 05f280e512673a8f1358b88e8706bf5a763727dc16e8c43abe1be6129a820b57
SHA512 49edc88448345ee5bbb1093bbb62bb49b0ac3c1c0a29d4a862be76845fbbacff0347ea457d66e40f721dccb8071c18e4ca7f41cbce88d57a64a02ed400f4f783

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc27c501541df155b6fb12496e5bac70

MD5 f635924f866829484247044f991b14ec
SHA1 39c6f43e94e4b0d0ce9c30da5b78aab7fa5086f5
SHA256 30b18b2546442b630f0fb8c6a7c26419a9a73988e8e1a118dae5b7241e98074b
SHA512 ca145397fe454c2623651c9ccaf86fd15212fe83d758fab2f8de35e4ea00f8eb8f58aeecb2fc95a4ceda07c9bfa960ccc29b1a56c2bb317c94297c24a366be68

C:\Users\Admin\AppData\Local\Temp\Roblox\http\706b550a2be783fb6e220ca8181485e5

MD5 be4a508de308b15bf9c711a769ed61a9
SHA1 2b980f20a1466d2f1508bfaf8dc2a2558450c1d9
SHA256 0ac514138710cda19cc114cafa8a3fce046654dda1cce0915f525c6f5ed0b812
SHA512 dc71cf06e2466f17b843b96fdbec856b3b67df95105895597e73fad455340d4237f1b7cf91ac2906efb9efeac89515deb79a045859a0651420edecabfef8cf8c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7948b73360f27446739cb67376a2d7bf

MD5 6c261f23c63795849eba5b1ef6f17cf3
SHA1 464f91ce49db8b5546722bd62c4f59aae33dfc20
SHA256 e4274c467ca592398736e990eaa97a937f209768239400cd90ea59f9e58a27fa
SHA512 ab6f671b1939df79ee60a873148a1763c06fa880e2f17a23c9e09c5401120873167905e49be3abaf546b9fee33096b76a5573a473b72de3806c38a128ab91ab9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\78e2b6ce1224c7617a6a8c90174aa783

MD5 22b25a819c414b6c626e5306888142d6
SHA1 e7d68968d0848af0e5203409227a1980dfeb4a0f
SHA256 275eacbd4554f5b0e4a4266514243c661edb1e4eea694a2fa01ac20a531dfcea
SHA512 bd04fe05aedb2cf10fef09648566834b019d40a6ec8532b19edcbb2348059984dbd5c04d6fd9579dac55f99a6b4de820cda159256d236450b0d0a51594e3b15d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77b3cd784a40d8349719b23b5c0e414b

MD5 05c43f778ddcf81fb06a2fdfb4f7624b
SHA1 616dade772feb66bb1b8dee218c7a5a39d43de06
SHA256 f4a00d60cb52477dfdb2eb264470e5daffd44139c118b73c80e8fdef16f9dd45
SHA512 a2443c678bc019dcc50fd7a49d5c19dfa0c45a7c43fffa24ca225f0f24b6839865288b2fe843bb233752fe59c712c54bff8d9b5c4e8ef5ff4ad8ef20b053feed

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5b794cd8b1447c984ba301aa73a6625d

MD5 2740a9a1a4020c08f3ae9fce5509416d
SHA1 371eb56fa91013a45a38486d5d77ccc12ad03990
SHA256 239bce8cdaa04b7e91497dc8fad14e5af36ebf244712d7a04e37c2be5a0e0a38
SHA512 fbbad878010bb317d5ddc6de48c87d838db393fc52c564555883d07e62b77cd37a3584414566977fbaef792ce0d2a00cf851ce871e880d1cda34357d2fd4682a

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f469136d50a09240f313e4f48b35b40a

MD5 81927a5a1612202db2ce511c62ced773
SHA1 4414e92b078a515ca699a82cc3bc64a1e264e4bb
SHA256 a8a2313bedad3d93a06ce01ca1abb579013d083e2fec866cc22342713b7b6b2e
SHA512 33918119fc071674aac79062c0e4bab978d04cc957189cffdb8c1bb1c7add1bf7d9a0ab03b08d9e997bd8734266bcbc7a312b316f8303347e2aba876022e7cad

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5477b96b8c7694aaab08397c539323cd

MD5 74efd118f986358ad4cde9a57e61dc32
SHA1 0cfe0335bb35298456edc9ed791e019b70266c31
SHA256 b973558fa71e5b3a07fe6ca6180c5bd0cffdb343af3a0d2e4e4e89b40b194ee5
SHA512 357ad98fcdea45563ac733ff39aae16b103a1327a063445b6febb89616a61fbcd140c2148eeef122965cae78c2158bb39bd3eacac6d6c70a58546489687dd733

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcece68795e396ad03d6e2608d740126

MD5 0ba72ed050100e6779ea0f1c713ac441
SHA1 ff585cbb4b671bd3a04f3bdb2512a896ff07883b
SHA256 0949d1f525ea9da560f02a0447eb12a33ac6db673e89754b8f3d230e24ccfd06
SHA512 22c09e80f4af164d94ef40999572d2ce35bfb1dfacbd1762b380c9685889d515ed9aa064db4f8ab6746c8a26ea4ecffef9337014293905abb2f0cece7344b851

C:\Users\Admin\AppData\Local\Temp\Roblox\http\848d350916ab0af9758cff8167a2aea2

MD5 0042d3425d57e55a4e8c899aa911012b
SHA1 f260334951b11b4ace9af45974e365ecbc6cb9cf
SHA256 f312918dae9b5ebf3028f14575ac8bdb78e7f152061fc59d0885ab7acb3e9581
SHA512 cbab405431b5a95ae3c9d3816b4a1c4d4a07cdc4dfcf64d0977ec80533a6029329db101ac36361114288fa18c769c85a3f238b13f63d2e1e83ef4ef64ae45521

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c36700f9b5f405f69b210d702f6087c

MD5 94b44243d9e420ff19ff04f4e434b83f
SHA1 04687ed0f779c6873da97da0f16f042b2b459b69
SHA256 f76c45b8c4831588b971b25431b7b85f529a7214f99103ed82b4c2e97d9919e8
SHA512 b7778206ef730254f469214ace61b13f7031d0c4c751b2988decee93dd5a6c8336c40974af74b0aca6d42874d54e23dfcdfc743f5d633610aab2f05e948bea6e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\09f04b99b82b262e105a232e97395311

MD5 e3a0c050904f457b02b36bfebb1c0b6e
SHA1 a611605082957d8eb5dcb83939e1b6bd3d870bf7
SHA256 02c51e5a41d473f8e0befe8e5fb49073f0dec0ca88ee83e0e6a3c0ba3e18d399
SHA512 f2b6b3a7c193a951feaa1d5abeaf52316773d7895284e806f7267708672f6a7baf37191a244d2c044c785fe967d416353ab83517b28932b9e521172b89e22275

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d132016b6bd0b89da2690c24749f6ff7

MD5 2e2350147bec3587e3bc14b7a1e32c2a
SHA1 c275f45e728f71d24ac6d8b496865c218f972b41
SHA256 7ddec5794d779b1ad88ffec41f00c793f21046d18c930328d662a3c2d1c27d84
SHA512 670d3893ab1503dea9437b61b2b1488238d84d3703f94b74b5c20bb7bd26eaa0479e6d3d91319219bae1c1c357c6807101c5960ee2f29ff48475c0e6d9ac3adc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b39eb4053e10b7ff21430e80432eed8

MD5 be1dacdbf4fea39b16e7c11e286b7205
SHA1 28ae9237170d6fa225c54e7a36e35549d191d450
SHA256 3a6d14f833f7da8ddf3139d42e41b2b83d1ea0d4570db39d9c10dd98e33da800
SHA512 72cef9e399c0652a340cb12dd239cc0dfa14a2c832fa63f76dc442308ee9f91b41ddff62fb70331895716b61fdccd332f75c0ba2003f818900e3e6f260303176

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0af1ae578b1c58a0e785712d31028c1e

MD5 4ffc139d6996c3eba2d40053423d07fa
SHA1 6da7d02805c626596d055c20cf084aafed9b9768
SHA256 0445b87f48bfd12bf0dae91d8dd7c20ee924212b4cc8be782c0a54193546f43c
SHA512 5af3417cdb0d099add05b22090b5aea9ba39069c4704d000aa323b859e47ea67328f616ab03b7b878ef8cce0d528ac0ff5c0f8fe305175b952e840368e0d4a81

C:\Users\Admin\AppData\Local\Temp\Roblox\http\571e70bdfa73e0cdaa28fdbd2ca19ddd

MD5 bd289aae66f24d373fe9d4388f8ba9b2
SHA1 4d248d4f9aeffef2fdd953bffbacf81ff3ac8554
SHA256 78561a946c48755de0fce9695d30ab82d9e5dfce2eeb0ef6a0824282bc88a0d0
SHA512 50666175b0955dbdf933302016675f035df38deeef6b4a0e8d0cf40b6e3d2c3e4a089a5b78d75015e0048b2e7f91d81b69857004d55436437d3fa0754d1ef8a0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\be241f3cbd5449b0c30c651c4834e3da

MD5 2866f1aa81a7f9c354d34be6a58aa88e
SHA1 c470d8ad431f9876d7966796a503c15440a35345
SHA256 38baca61b0de1abef8c3a97557b6e246fbf9091d1193e3732f6011508e5f0a27
SHA512 1af43841070856ee4c509080c286285ef4850d9dd8507381a5045ed748ffdd09fc32843c0d18aaac70621a8ec88064f0a3b74036cbdfe91be207594f55b24ef3

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e385854d0ae9ba50e28a7a5629fa28be

MD5 0c889bbbf77ec231120674d4843ee0b4
SHA1 fd29658b2fa416059cb30a6729030b6a6b125e92
SHA256 5006fa1587ba1da5b7696daea22929c490049bc0f10661d9c79322b0a647efc6
SHA512 504d43f9104b8c56ba12ae9533ad3554858ebfb4f5b4b8b1692ba339deed831a66f5441a1e4706015cc59f4de4729c0128fe7da2c8c3d095b2993e92eec378f6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\73b0a5d180fa4202c3e9365c3d577fd4

MD5 2c2e29b04e1f7144017730d5b5ed8b87
SHA1 8a36310825cfb7d8ea6fd487afa46dde29147199
SHA256 6026fca2672513a7a42dc67687850d630434b2260621f77ef5b2634486048d5a
SHA512 bbd5097d544d3bea8b5e97f3262a4f7765b13d5c742c9df8fd07e6a56e7c021a41de575dc1c24749631eb1003db0b9548c634eba7d6d2701fe4035f0a5880615

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e526d6628fea4b1243fbb953bdf85ac9

MD5 3964c0c8b23c560175f4b299e1a9605e
SHA1 6c155c8a5ece5d5d7340ee4ff0fcb730e4d2b0fe
SHA256 20dc4a3272ebc6ff5edf0494d9e6e2d06c690bb079a36bd04e074818f16a2dbf
SHA512 c6f53903aa3a14f3187bcec1afba4b5b07c10ebef6dd10a710f400996f2214703d29d58abff6e7e0025ea91a78ed2f799f69c542bea006dace570464acf90d64

C:\Users\Admin\AppData\Local\Temp\Roblox\http\be58ec8ab04ff195247b1536cdfb3d44

MD5 d1d2f476fd075d55fa0e77b3c507cb0d
SHA1 5976cdae821737161f6debcba500a2842f988f8c
SHA256 650bcfb9e1c7855d2b72865695c2f4d4212ccedb53584f089c26e2087cc65d41
SHA512 958c07812ae7e89143874ce4effb112eed3bec3436fc0b71ee70de38298130d08d89f6bce42d2b0696839f67be260791d121e81f46a4935f3985e241aec7b0df

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e665da7061b12f952145852fc21ef7ec

MD5 4cfd979bf14b07dfed01ef9a3b1279a7
SHA1 2e7aad8b8909d3117bb151bf4d34b608e3ab9c56
SHA256 589b00b0a2fbada62af8b7daa8755ce68420a009bf6ce7a53e0865fcf262f94f
SHA512 79a25e0af653d6ecb5fd1908c3652c6fc8ad3d0cf1e00510801bb369728dcbe3c5e1e66f73d058c511320badca3c8ea82f2baaa5e0682f304235b68f622685cf

C:\Users\Admin\AppData\Local\Temp\Roblox\http\90d821a0b7efe2541659a0ff6b31b88b

MD5 6f0ea4b31f2f55764db79b43833bf83d
SHA1 2522c29622377d611419babb3eba2e8cb13fe0e6
SHA256 08f380d19a3cf8307b098cdb5e9992ed1d29e5d15226340758a1af3cb4300c64
SHA512 6a5437574ce2db6feac98928a22c7002ce526501335ac00444190febe302dcab5f18ba33a5ae00bcd83f469b5f1cd356474c8cfd31d9992d186fdd0846db5641

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f9cfb35c8f272d46d504f99d9c00054a

MD5 5a67e8e85c0ad7280e9f1ca86f138b77
SHA1 b9fc6b3311df7710e1251114946b93a72dd5d5d0
SHA256 09e7111ea12f1236be9b1da699f8c93eb68127d0a98f2ceebfc5c2d7b25f0ed2
SHA512 ac5e400ce21e5e2503a11642cf401ab5ad4e625a01ac87f1711a02a415fc924556d0d3e50386d17e29ec20bb99b5d3a2d0496dc2ac1fc1381b29774b826cd9ad

C:\Users\Admin\AppData\Local\Temp\Roblox\http\697aeac1e8e025f05cf4b76086fb70df

MD5 749deb1ff197b5082e2b07aa55a33d31
SHA1 08b4d7441ffa13b8dc3610d74a56d8eb11d8acb0
SHA256 e593f31edc529b51f9b253994d8aa93d8ab0bc8faf433e737b0a09e80cf2784a
SHA512 eff256220d72675ba4b23344191b963f7acdce9743af8be81020e2a74662d2f3f1b2735e686806b73198463c550b2d18921840271d515dca0b2d4ce226954d0d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d5ee01099db60480061c57d9831c261

MD5 839f812fb19680ae8e62c2ebe0355e4d
SHA1 a256751297a9f82a082bc4d5ef08d5d9d89a2c17
SHA256 b414e1186136cb1f46c6cdc69dc5b637ac5de6a390d67cf25907907c61b364a4
SHA512 f2209d8bbb8f7ce1e6b675cdd2da3a10bb450d50b4f73a596fc0639f201999f32d3c1a2418e0b92c918c0a667a5750ef122e4331361e0022b66a2fc5e489e5ed

C:\Users\Admin\AppData\Local\Temp\Roblox\http\fcf8e7398be5b1007fef514afffffa6c

MD5 864c04942289c1dee2c1aa18ea77f1c0
SHA1 1be7f1b6c2f1472adb9b34fb6f7a51d3d1ba161d
SHA256 9855931b8e0500c6753d77200447963d1981fa7f7b4fb34067bfedbdec0db442
SHA512 6f3934ea3ca2317756e45bcf065abae6cf34ab7c24e1847023ecee8e404294420f5cc978af2afcea986bf160eda88c020fa1b799f5ad75a5e3991e7268192dbe

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c677a51b0924e108a9b1485dbdf883da

MD5 e1e4307ebd3e7f8280c75be0ccd3b5bd
SHA1 3f2a56ac3ee57082ebcf4a1ca21001821286e77e
SHA256 10dcbda8315ffe2e7215b8d61dbd26b0553b438fe94b1bdf005758b1b96d9f94
SHA512 7f3ef600e2ecca826fc163d9092bfc10fcca9a9e6206ef29fe5d61902e3e9625bb2bcc07a58ab480ad19354bd0a1c56dd9f13c4e62aed22d87da146252144ef4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\4130cf898fa8b448f1568bfb61305e94

MD5 86df60a0980b57864a2e2d68f857e0d8
SHA1 60c24af81c8406f05ee1721b374ab8a466d878a2
SHA256 ccdedffa29231d609157ccf22019e03a721e9ca248eabf12be511b76f795c247
SHA512 c025bcd3d21ec036712ad8e40afa7da973db770bf5b9b019c73ca8b99202c8e37999e6daaeab3f1c2190f84434a5e4657a8593e8a59066e0feaf38fcd8bc41e1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6443205f8638cd85aaa1caed016b8ac4

MD5 20db412bf509b564fa765bbc0b917fbd
SHA1 938513617f173454649543b7c014ecc762ba5b5a
SHA256 8b7281d0d0576ed2b73ab842080238d7e006e1524ed48f423f61a86cecf3ad40
SHA512 f6c54fb0478c2df40776125a920621a1789d02239a78cdd3de8eb83a27a00464b2aaf8714776897a4b3ae5488da664befa604ec836fe12010a046d48eaa519a1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d4f8d4ffe8696350702fd146346140ac

MD5 084a09f4a178b2533a56610f28f252d4
SHA1 70c343a804ea4674a214d5ca8e24bce33cf662f5
SHA256 91b1a39172d8f6f0c98a2a3aaf8c137b29dcc4ed4c1bb4a3bd449dc16fb45e97
SHA512 fd8205ea2edc70743247666bf8ff414ef6038f6ec03bfc7590dc037024ca66eface1f3cc559511919058754a5dfc2224ca04368ed31df8aa942a7d9022b93e5f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\c9d72083ee0b41e11170f5a9845c3060

MD5 92e9669fc7c748554c057eccb11a97e0
SHA1 d3fd8c1e136a2ebed238d95bfbfbf3ce61a385b7
SHA256 b29195912662d71be85e0db741dec5ef005d744d3aa0913dad8ad1e51c3aeff2
SHA512 cdc3a1b4c596fd3c9621e53887a9d503205a0d5f8663e1ee3366129ddbfa83f2b15bedef155eda2949f24d1df615ead664114310e3d3dd03f9fb2d95df2e29b2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\d27efcc314894472628caf798daafe01

MD5 bdec8723e953241ac3edc46458a6ed7e
SHA1 783605b1587b096807a81e32c488be272e0ad581
SHA256 c31b000a001faa6e08026a24043899ee4941371ce464146a9c78befc2a796e4d
SHA512 221cf258c9c88c857e34fda1da4290c67c3a34459f86b828ab968f5e57b2be53eb4f7aaced83151576fb843a7f1166c267de0efb116740ab2ac2b37ca0cd4d93

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8aad44a486e1e94cb992a6a0e230f735

MD5 451b527070f0cfb1431ff5052642059b
SHA1 6021d49e6b87b9ae8fa64c3cfd0180d625c7d761
SHA256 b9391062d160f5bd861cf7e5ecda919954e84a87eeb3b000bf9b93c068057c9c
SHA512 3ec22e77061670685a576d96cc3897473d11c45c24e581688da54d8700b186d3583ffc23cc2c3395fd93af36afc45083058a2bad9cffb1362be8bf4edb20cef5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\74f7241d43fd3efbef367cddf2de0712

MD5 1e996f012273818bd88129d26108d8f9
SHA1 c193db2eca6d190e929375e617f45790cae442bb
SHA256 c7c8ee23804c70ae96b1399c2f6730543f10f7678f5e3ee36fcbce97245aa8c8
SHA512 40ea7f36824cb96dace8ff41b1e92a03e0f7e61cac33a3a81c81cba12714812504554eaa0f4344d30061ce1d89f231ab21cab164a008e1f68d18ccfcf5525173

C:\Users\Admin\AppData\Local\Temp\Roblox\http\aa3db4232d83f97f5e078c526e25a6e2

MD5 3e1ba08877dd32fe4178a730b0ea5e19
SHA1 c020afb22c7cde0c77a9d1d6be18ac8f1e62973a
SHA256 1a6447007e90d27fc71fa7bedef2219bda30eebc33447c2929e4488315e19641
SHA512 bad57ec1a48f686fbc5842a291c95f01db413600828b198b55615857bb1e50e4b3b6031d5896c8d7b9d6753c290c0253ddb83482f89c7fc348b8b80194a07286

C:\Users\Admin\AppData\Local\Temp\Roblox\http\afa231f024ffddec5f9d2963d20c450b

MD5 64c05df26d12845b64880218a48e1b3f
SHA1 6ae26e09d6c23ea9ba5ad92d3d40790948b36141
SHA256 e41beb094c8bcc0d8825e031ec9ca5b13e45b94f3c93601c31c10955cfdd8da8
SHA512 d6925cf4d6eeb5275a7c008723410edfe1dd24b9097656e8573f749864f8fc7c61dac61b05230de13a7b9b7b866528c04adca85ad83e8e2831c43b46a70d4c27

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5105c207d9317b50c40470887ccfd3aa

MD5 481555658adb9b672941de82171b343c
SHA1 7937e7bac46ac99e1897c00285fd23059828dc12
SHA256 5069797f8a4b926fcc5bcdb668c1f67ece5d5e8f05d6f19a260c55c9a67f289b
SHA512 aa9aae6ac82a3e320ce9c1b83883263d547a82369d8f31d3db0ce6d6bc5cd07ef96157ebf234d6e31b40b32e276c233f7c2c0856394a70d183bd64e03720737d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\251c7269a8dc64cf406e8c2d5f5cc688

MD5 7e7342c1c2e3602906a1fd64acde7735
SHA1 357de58a6c39a0fe4d7e4c13c16d8c1d25f9e649
SHA256 24a5a23ded1de17bc3170afbe5eb7debbb47f0ed7b2a4b5303bc899e927a99e9
SHA512 c6313b65687a5ce03772ff6f1edf761aa91f07a29f8b61db7edebf1beb5c548fbc53aba721ede32d4c4bbdd31361dc724c676d41c06278904291579d25d93202

C:\Users\Admin\AppData\Local\Temp\Roblox\http\77fad0fb4662c6b81630ee443153aceb

MD5 183fe999017d5e5654364c0d8fd895b8
SHA1 64cbdd4bfac3c60803acfb2871a9fc8da27d318c
SHA256 3622ef17da158e25761124720a642153fb6eee615b54da286e731ca2920216ed
SHA512 d5026e42d343185e14360a292c6d13131dbdf081ba44960598e12652d99d999b4f5c70c5c02335596d18302b1cf64128a8bd06273237a48e2cc4eb0267d12307

C:\Users\Admin\AppData\Local\Temp\Roblox\http\2da892c80dea8811c616fe5e0e6c010e

MD5 0dbe0b49a06c4093d004ec7d44303fd5
SHA1 2bac861a6075854f8dc8db470558936c36201aee
SHA256 b136004ec10d66b813386e21fc6c5f86d37071e01e8a82437676902eb3e63e8a
SHA512 1d306115aa97102b5d68552b591f5faeade373ff3a718d9f39dbeade32892e47fd921cd78e5dd71e91072476e5ad933ff9659ee5ea1d07133b55745f00c22828

C:\Users\Admin\AppData\Local\Temp\Roblox\http\83eeeca932186715a9107df83747a179

MD5 e7ee77fadd485e9a35a1bfb4be99691c
SHA1 bf1aacc9fe769fd1dd111a1009473db1dcac7399
SHA256 d98e995f0160e551443de0eba015bf29192aea408469c2fc2d9c93a5c1c82cd9
SHA512 3ae849a12cabc409e435da98308db2ec0b86f8fa8624a23632ab0ea836a0aed001853eef600bb99f67f8f907dbb641c9c6bc37bbf959dd12c1bf2ad9c8147460

C:\Users\Admin\AppData\Local\Temp\Roblox\http\993f844b48dbb84a0eece0b1d1aad326

MD5 c05764b76e6db0114c1d6200b56a3588
SHA1 5f96252b5a83e5c0810e4ba604dfc433ee449639
SHA256 427939d6cefb89facb6e71e082e42ed184f0883db715e0bd8ca832a316150430
SHA512 4c6c06afb99e99d6a7466ba40146b7fd02f83de16e5c89acbe64179860547f42dad0562b2a281706cfc6acdc5558e8fba5647874ff15d2778f3f6d8c1cd983a7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\584bbf8c27b2f156742be22b280cc8d6

MD5 7c0764a501b7f8f1eab14fa7f9337a4f
SHA1 2e17a9b6d5bd740c4dc91af9311e4a6e77bd55ce
SHA256 dc0524c0d7f9f637466570c86adad7021f9316e42e69745bf8d27081a98f09d2
SHA512 dba17c07bc4310c556ef62f157dfd3a0ea1a617ffbbc4324f9a046bf47be9a2bd500921bf02bb79d9ac2df1aeca3745ee1cbd7f33bbdb80fe67e1adaa0bd82bc

C:\Users\Admin\AppData\Local\Temp\Roblox\http\477a618fe08d138e560e0c8eab9f3583

MD5 4f9c826223fb8d7fb603bac0b294a706
SHA1 44a185bf8edbfee521dc92ae012e6ed18cfae3a0
SHA256 e12f126277c8b35c48dc15cb2f37850ff5ab0816e5982eaeceb571c99bd17502
SHA512 ecf987dc0d416a7fb1779289a0bd9ba55625abff41491ec3731fd77950e91d5b454b17573be388766b20fc630ee3f125d37feda44e068d2ed0cd2a87be021fda

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ecc495a0b2b0470e25d688a9077fd977

MD5 741a45f09ceaf9cba7f0ee5b8aac236a
SHA1 aa6b59bba687981191db42af8a8b17dc0fc9150a
SHA256 92ee9b175404bf4aa4e346ebe4948ae5c0ee7edf5693778a5e6a4a1bed508eac
SHA512 97cb36fc2281753eb7a42f762c8ad5cdef7c14665214a71f33518f88cff24ec5e91267f834a6ea5ab0206457c7e9c730dcfb4f7a2ec527e3ce48877e2f34be6d

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5ba3b6fc7c95f933bacb9db38c93e80

MD5 0de2eda8831ddddda130102597e758bc
SHA1 0fa49f0691a4ae61e422a22b07fd4e5def0ae5b2
SHA256 2d60885d3492996ffe223ec6dfddb240eba00a9e03ac0506d3489edc4822e1ee
SHA512 f466e1ea3867fae7618b76a2895cccabb0f646f54bf8c4cb6cf6a5c2eaf4b8e31eb4f8b42971ee53c929241d9f40af6a684647cc09395cfd709774503f274b75

C:\Users\Admin\AppData\Local\Temp\Roblox\http\388a60aa5e51ff44455d359825078031

MD5 eb62ee1626b44f54b2c444a487ef84fa
SHA1 d3d918dae048e4ee9c9626608693d69c4c4ae55c
SHA256 bf2f079ca21684f382d094af52836d83862c93800e8e054c2f6bc0838c442d86
SHA512 68022f2ac538c51acc24065480cd23670efff68d56a4b5dec2c28316726ab82c81b48fbfe76c44f32dc32b0af75fe3e203aeb40610f34e2e5d75bc684f712381

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8ead55fcc97d21deacf012df5c33fdff

MD5 16e22cfdc829405af27279c364ba2f8e
SHA1 0c75b97959d7df1586db85cd1166f99c65603c68
SHA256 aa2f6c8bba8aec6b84f7ef8a7d8c30022097b784236806e63da1f0417124a3d7
SHA512 d1f6695e255f5b7ad498ce177a16591757d5570a4ea45d396f3fa159f5658bddcb7d524c102efdd982fd9ccfa557d984280c27e57484b8f61be512ce994d7964

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc86756c9d8f409a887054cf26a854b3

MD5 70461ebd3bf0f7a0beafcba1d52417ab
SHA1 53dd7894e76f0fe7c02f378d7c67107ed4a03d45
SHA256 e3ef21dd9efd05fd1260691d6dd47f76155bd0b5ef1ccb62ef1e588dca161fd7
SHA512 ccc18b368873c76fb25c97009bfd17e4456d488b16da511e61fe1dee031cce48bb25d507d7fb1237345bdc2191085bd384ce45ca98a5864d10b65b28650e553e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\23f316746f014ce443f0b0adb0d9d90d

MD5 4843f2fc4404a016a8a7b7f5c352f877
SHA1 1446153b0498dd65dbb53b417d5ce5db49f0dec5
SHA256 46ec4647b950351b091ab0bb34d1964bf24b0eb58760175def7a4a1d7a4e09b2
SHA512 8d5198bd48be46a6aec5cb5d9eb6e75828f88742f12102a1f5091f9c8b51167fd6db13981fb875b032795b9407fa64cf3aa54224a64008262084dbfd3d98dc27

C:\Users\Admin\AppData\Local\Temp\Roblox\http\28c39719e7218d9c2d686d4daccb1b72

MD5 25a0b3d9ce5e6e1cc4cc7f4cdb328273
SHA1 4d2dddbe9502a5373e6ea99771bb1de6e828b95e
SHA256 013275e837c61c631932167d47d5d9b838ba8b9863915d39f06d8ba4914df147
SHA512 20df5153edab7085594382f80b5d7c6afa5f2a84741efb46961e36331c94369a7c7302c9799676e18aab171cf398dae8f314395c22238de6f8450726c4c992c7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6d1b0fd2905f7655bf0108dd4e655991

MD5 efe7165d72ce56eef26da49dbefa586c
SHA1 b2441c50e501f7121277d205876ec6a5811c4e67
SHA256 4e12e3ed0da10924a1dbc49e464b0b07c017970c839f1c1cb4ecf5a8019d3ae5
SHA512 195b3d7954627b571226a4d5293b19dd0b7b565d4b295b494361ed81f3d9e1c193533dd0e53b2ededa326278294694286669095147d769c5de343aa611ab0238

C:\Users\Admin\AppData\Local\Temp\Roblox\http\252921e7f19d826cf6778747e86132fd

MD5 e06fafb3ee051c215c7118dcb4a75354
SHA1 c72b3e0f2bb1139344053256bcc3ac48f590174c
SHA256 ea771a4652058a4110a95a6fa24c847e7a50cdfdd711f57e02f9c7caedda7908
SHA512 83008fcb8a91bb42f76568773c98e5dcf6658b0d7972d595eb7059b5a598faf80fcc8492351e9e98a6d3a9ddfc17fca742f07ffe4af644d99c087062ed7b14b0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5c288ffb1fe759d2618c218fa0d2bee8

MD5 c914fc7a80c8ebee4ddd7216cb8e63e3
SHA1 2e4bbbe23167be5f26e5f3e9f1e1b2409b38e7ef
SHA256 c718cff1df66ac36549451bc6de0535c3f2f9e74b4fcdcea38af9eeecc42a674
SHA512 7564812cd051e0970b3d06aa1bb839c8fae5d1e95e23615eea42d2f12b6284d06f2936cedd947e9d4d33c4656fec00494121d58cd38ddaf1ce2ad8be8685d0fd

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f1c2eede7a115f0fd9ddcfae03372516

MD5 08ba91e62331009631f755289dcf7324
SHA1 03786d766cac0b39437b98cb61e65c25d16325bd
SHA256 c50ad1d35d0b3e81ef6780da13361923d7525a39db5c9cbc6c5344a0bf5e1380
SHA512 3fe207322d4249f92893d0eb7a93f455374849ca583dd0fd00c79790ab7bc7f0699fe16de332b767689e0a104fb272992ddc37e002b6962cdb6c66a63618e3d5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc70073e6562a1a0cb99b092be4629f8

MD5 acc9db15cdf0932e73bfd20b9857b80e
SHA1 cb6455b641cdaa693de88e9b0d1f422744faa35e
SHA256 f0e15f7608b3829d33eb8e057f31f21e931d9d2ab4814891b11ecf47494c141c
SHA512 7ca5152691d595acc0f0398e26f82c4cf491bea98f2c81e7a972af8fe763ef5926a716ea44112c2fa257ba0109b8848f8611f071b88902901bdee1d32a315913

C:\Users\Admin\AppData\Local\Temp\Roblox\http\bbd52b35df5f543d23b7f35ae9e845be

MD5 2de5aeee01688c41f23b2ddc07c0b442
SHA1 68bd21cd4284ff390c1f4f5f4b61c9ff3b8f2268
SHA256 3ceb6af768ce708d114195ea3521c71370ee69172d4d0cdaeb1efff406571d73
SHA512 ce845ebebe20efbfb1a0565e69cea69e3a4f3e71289ec68379565052a2e8a3e5ac873b52e74ea26f2afae7ff64c789c348b4b9d4426ac0c0d6547d9f12290090

C:\Users\Admin\AppData\Local\Temp\Roblox\http\16f7441682caf62a1789b9d3e75ec170

MD5 cb94125a0b01b9335f3c3c9a9c6cd60f
SHA1 85ae6cca4c661270b389c00299bf7f5d81fc3943
SHA256 afd92a2c0ea64515200f7dd1c6237f18b6d1bd2065296939697d34a3d4e1b0d4
SHA512 649155baa2d26fc6afd0496d11f37d9dcb588726806eec89be58faa54fcf3b90d1becf114c4e2f3964c98e93399b87bf5bb87709a7bd9a3540c7ddb56e2da555

C:\Users\Admin\AppData\Local\Temp\Roblox\http\3ca8206460663e9e944ccfb414623b40

MD5 816be237e27ddb79f9fe0c46efa0119c
SHA1 fe0af06e1155ba784ed6ce8b97849eb3fffb5f9c
SHA256 ec6063b82a1adc4187ee0e01f413d4b5ed10277605f741295658acd3f0ceabcc
SHA512 5ca3c5bca3f5559a500de1262c133a972e776dba7192e6cade152245c0e1118fac41c48a79dd0f15c78ef177294867f041bccd3eece6a388eadcc32da8efaf00

C:\Users\Admin\AppData\Local\Temp\Roblox\http\98c582bbf5493f077bd8f59567067f24

MD5 ed3f4356a5aa9295ec58f77ab387582f
SHA1 99f94109e03097ddf835c06292ecb6142c93fdea
SHA256 60e6db5121cddd5bc13b1019c85b5d962599e2548c347ee3c7d944cb20ff01b7
SHA512 cc7869759564fe9d5e1580be978727c4b0da340c052db74f677bf7cc24d93da0b837d01ae0199c6404e02b49d08fe47a2fec7165cfad841f1b6fbb1d7e8d7fc4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\0407c8d6df198f6864381d3e595ae971

MD5 703dee4351832fd18ef5b85c6e1bf992
SHA1 bdea9dbbdae401cd68814d9815a17bab6f3870c2
SHA256 8fb57fee0d1c996a828a3147fdd9a38e8d1624163dad101e4bc1d44894bc3d68
SHA512 d43b5dc41be38f5fbe30a51c1abcbbc5c606c9d911dd164b5106fe2bcf0310ae8b641299c5491bbd5ba66433d87ebd17dc8a487d88d56d0ee8e81309533ef0b7

C:\Users\Admin\AppData\Local\Temp\Roblox\http\852240b4203e72d7bfa66fcea2e589eb

MD5 547ffe689cd0af21ec616bd935f78b14
SHA1 36e70f429bea53fc2c8dd76eaad82f7bf9f3742c
SHA256 abf9ebe04321f9b8926304bc16041965dd79405783b7d3ea56d5fc802863bd9c
SHA512 3683baf37d3da8ac536ae4d2d852acfb49039b3c9d4ab42d972c23e2df6dbfd178a552ef023f48c43c6887161313d516914d26b7cca0c022e2741875d62e38d2

C:\Users\Admin\AppData\Local\Temp\Roblox\http\06bf3774b39be975c53ba2193da7f90d

MD5 29abb94b78b9a73db28b7ba825833346
SHA1 fd6da6bc273d4a44067d8c2b625980ab8cc52aca
SHA256 d929c9d2ba98883044b81894da3e921de179d5915e1f92ca9d4df9cc89f1424f
SHA512 d5069ac2996929a5d1622f65ab450bd152130978b049f672b1a9f28cadcf724e317024bd95a11109e0ae488834ab184f5e4b10f6a21ba3329cf056a0b7139613

C:\Users\Admin\AppData\Local\Temp\Roblox\http\e4317e6c6a87bdf6f00c6c80866345fc

MD5 fa00f598036aff7c2e4728ff840efdd6
SHA1 7873ee7205e2817fc8fdcb3afdc275aab494ea91
SHA256 18fecafdfbf34c5b261f4acbd607c439e35177802c8002a0d88221258108abb8
SHA512 f72faa02c263ed200f7a296ed86ef5da614911c1cd212aedd12923ba551aabc44b33cbced8dac80aae67dc09988d53ee191755afe3d51383ce885750bb00a944

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b597c88ce139f36dee5c4afd7d80a2c1

MD5 f195c3e8ddb6711a2feaad4aec69b8b0
SHA1 20b1011f280842fe6aaa58117a05f57cc17b6c69
SHA256 9c263d2a5db10ebc2d543bbd0c125bcc5da6c2245ed133fe0abb1b308f343a71
SHA512 52ed2e19a2b991880336b6b1694016f4c8e5a5e92a9dc989ab317f7f743f38dddaeba8fb5764826bfd9aa145028a1b3f9fa34a02f39c1e5162aef7ad282b0632

C:\Users\Admin\AppData\Local\Temp\Roblox\http\f40c00885cbd0588eebf8bd59a345579

MD5 9c0241f7306bbf3cd085509dd7840c99
SHA1 21c2a9c916d0e537c5662db2acb565615ef79962
SHA256 e2afaf1d969e104e2ffc22494e2f7e2ec4a0bda49b9de0dcb3bbaa3da9bc8655
SHA512 afdf2c9a29559645e08604b15f023475e8610f41f650f3527a4c2199fc4bda9c291bb24e2f337e00cfac6a5347fae125d8055f0af6eaca38b92ec408343cb9b0

C:\Users\Admin\AppData\Local\Temp\Roblox\http\05e6fbe7faeaf27e476e2247265bd7e2

MD5 774331951556eabf4930f06518bfe5f8
SHA1 79a7b332357aa2b18cf400033bfeeb5db7614627
SHA256 c4239a4d05bd3e427245f920cd4eba313e0af75c819f89553c7b6758da9b4d57
SHA512 bf67dd1c1d57779578524ee404de1648d9a4d8ed7f524fd49643ec49c3165b9321d64bda2216cfb8617c32cb500eacc2966263dc03841af51ee37facb2b1724e

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6c536340229d1bb052a390124806163e

MD5 8dda220de3bfd073f993acca9cce3f19
SHA1 c78e343e500f592bfc59de89dcf8548cd6fa1f71
SHA256 21710259e1dbf800de1bd2dd8e19f33cf70dcf6ad306f7738a23300e40d385e3
SHA512 d21115712737f5d51c7fc887a14bb7b9dda4b9db295ecf429623a20eee02b2868956e6d66907997f100395625c42464218c36e750224e02fe0245c0292fc9e1c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1489d1b06ae2d917aae075e6fa9b8f7

MD5 5420558b929446bbd89f3d35e72b5836
SHA1 da46e5c797831b47c4d62fb9321c420c6b0ba50c
SHA256 12d1d581ac394291754c5b042baec0904c2f3b3be6a17e0a8761b32b6e53d507
SHA512 e125c8d668b2c73d583c528f6d35bf8a1c9558c594cb3aee98e25eda051f621a6924626d845f200442da65034dd77aa4a51dd1668c07b26611909f76cf9174b4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6e62dea9b6f892b37a40251f84c9e0e3

MD5 f48177bf38c02c3a2cb322b77d627f23
SHA1 e207f206d2f707e7feddc32c02883bb71015d23d
SHA256 4a8a4eb5baa01e72889b67caa16b69a4c2e8a07aa12f84ade87376f344b2fbd9
SHA512 bb3c4ba048199ddd3cf5d554a90c279d7b868871f1a0eea4ce27c641556fb3e483cf839e3f9a27a092021783a25d604c952fb1ea34528d722db9930fe48e38a8

C:\Users\Admin\AppData\Local\Temp\Roblox\http\8550d05ebb82e2c3691bc35b7c166899

MD5 f3e7b2683bee3c3628f500d157a7184c
SHA1 17aa34cf9e45a2a10cc370ef0047d6ec844053dd
SHA256 66d177f97d367d8181feedc6db9f92f71dbabf58cef1355439559005be6a24ac
SHA512 48994f038f0cca5a1ad783d05490ccc209ac4ff2a9fc3b508d5225348d2202f9760ac6c0334d12f74ab8227eab5a412370459ab328f44177729f8fb6b8911088

C:\Users\Admin\AppData\Local\Temp\Roblox\http\92ca8d0a36e9ce06a1c3537675677ffb

MD5 ae7d26697baf4e3c0a4f7e4fd800f89b
SHA1 4f2472e39c964861701d80139cdc33bb967b2c34
SHA256 58c1370bf264ecee15638ab670a0af85f8bc3b974670875c757751fd116f4833
SHA512 e93451a30c74751ebd6996efb038016e28370de37bfbfe2fafd1f3c3817f2e720bc3b7d96e1c0e346f08e3c581d13f77a535c30c07a487f2c4a13b4da9970a0f

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7df53404f56c9f1787b277ba9d17049b

MD5 ecaba5cf9469daab7c05847af2da45d7
SHA1 78d9c8d289db9815482249769dea663f4999cac2
SHA256 23946e247fe3bb06503a06be2b8e154d724a8c2e86fa4f441fc09ba1e5781121
SHA512 4204260b2efe3b4c95584394b30ad7957b154229828f0ac90a04e5167c7eb78f254777fad0d4fce9c5675fccc390dfccae2ecbd8d17e0e73bb0a6933605df7d1

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1f571bce12b3689efa5586c78436d68a

MD5 aa1cb968768ba580f7e7d559906a49de
SHA1 1a6a0906ac3c68f859790103094a617e0439d77b
SHA256 b9e49fcb7d0be8aac8bf1d990f2277363077dbd34af7f5109a14bea85b9fd35b
SHA512 a72d7246405dea401b6e97963ea624772f65a7b20eacf2c358fdb73d7e5c2afac79b5cd39cd548ea8c43f14b5f03cc38deee8a495e9c7a1f264c1ca7de4f2411

C:\Users\Admin\AppData\Local\Temp\Roblox\http\ec9a7853aa53bb67f2099830ce97922a

MD5 0ab1d8c6659dc5952cb81416c8d9a85a
SHA1 16d889c645dd70901f87cc86f6db8a632b8518a0
SHA256 1ebc2f03253024917e0b562d101603c2f9e04aa70a05accc5e63eed9976ea0b4
SHA512 657a549264297c42e4783cdfc76baff2dab9b5b9c1f991b3aa8b16f2b8f87ccdb0c1a56edc23713ea7f34ffcc4cfc95b7fbba8d5fa06ea443610f06a00433f36

C:\Users\Admin\AppData\Local\Temp\Roblox\http\68119f28ce3eca78171a6a8c8822e1bd

MD5 35e84ac53c5b6ac5714c5589d7d79153
SHA1 cedd01f0263fc9e5718b8e77b3467c14a35a1b53
SHA256 47da60997e22feaa88bff58bd2db6320534331990a14e2b64b6d665df77b931c
SHA512 7cbdf8f0eaee0c4e00e3813d1e558cc5aa305d6e9861255d721bfb655cddbf08c70fe61f686e79154f1c36e7a4b5c29f2ecf2776fee9eb0b7ac1da8c87e75dff

C:\Users\Admin\AppData\Local\Temp\Roblox\http\b00de5dcbb5ba1d0d58ba82e9c2f97bc

MD5 9a3aa49a6c57739a171e507a3b0a90ff
SHA1 f3c154299bec91f215954c1df2b03f68fa08efa3
SHA256 6d61517c2a006e117a5d5032dc1be0f993f275b6d0c8a0fbef25bda8cfc12691
SHA512 0a02917b5eefba73d3420852a5c66719bae97bc3c8f9adfb2dcad89dee9caf5852f660a3e787d84e9b86e3793ae0605b2db10c0a1463e0f09a733b614d2f4c1c

C:\Users\Admin\AppData\Local\Temp\Roblox\http\6105c4318cc0c25a63a6c9b8db84bc28

MD5 6badf7314b5d440a6ec8dea899d7872e
SHA1 003170f75f86922af2aa5bc4b2c3c41f5f14106d
SHA256 c13071122b4ff111c8ee877e0d8bde8f34ab3569df48fa81f6f4f1b0b0ba855a
SHA512 5fd8098470eb97e06e62f6d8753d3dbef34d8db6b3ff463cdc964e61e765ab844168170a64c837fa5d60c029a79ac0fe7cc661b9bae07acbaa2400120037aa13

C:\Users\Admin\AppData\Local\Temp\Roblox\http\1cb6044427da36923148711b8796b750

MD5 ccdd89dadb2a17edd97a48f05de218ab
SHA1 c8829afdfda3e414304f09f588a9e00cd43de4d0
SHA256 8ebad66a66dec464ea8f6a70c240e6fac36d2155ef5460b2f1cc80451e9949ec
SHA512 79976e6623479c42c3b9babb2bbec208a8f13b580dc19419df33639e3922ab973e740fcf33c94841e833ef3ca8209b5b149d2ba5c064f08e3b6a526a651432f9

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7deb7c677f433c0b6c649020e88fe58a

MD5 d76037dbae4ae81158187aeced5816b1
SHA1 7858adc6bdb9f9b03fcb28746d7a0d08c297d058
SHA256 8113ac3b2c1f9a16f7c5a9be473b64abfa8c9689afcbcc30750aeb3077e3e27b
SHA512 e9e1b515c621e760968098b8e0a16e00cf1fc17b74065efd2f8793add04d5e506205df5d65be1db885fb958b9c5879ca728528963b4048bfe073d4249c0dc6eb

C:\Users\Admin\AppData\Local\Temp\Roblox\http\234369d070cc483f7122fd415837b73a

MD5 51d45f80859fca2ea5720897d7f1612a
SHA1 2a7d736969502784b96328f4fd1fc7697a099273
SHA256 5bf07b195c3902c69653ca0294f2bdbf9124df501af426b14d6bcdbb87d70745
SHA512 059455bc829431130377e4c8cee87ed3652b712eb46afa6f666d9e4aff7401b59068da840b91f4914d0752880cb2ed8c64a90e79e37f45b4b90996e44f2932b5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\38b0d496d6e95d4a4e1f049ecb71b4d1

MD5 60dc54bc02627b188fbc37f3c81899b3
SHA1 7065242d6e88ff9ed0e0cb891a9a6f6db2be5334
SHA256 35fd7f2804d4edd74c14cb7bb1534edc993ab7ce9e2d64be997b12ffa8ee5b16
SHA512 2b43c5d1f2ee4621055d94f3e04cbfed24371eea9a7c719f8392a993464e7d05635f59bf230e294c60de5656f421f4661bd5b1b8f286c4c15e79bf9c57d686c5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\5a479665357e877c36a8bc4ebab8ac84

MD5 f5366499a754da1e3317be61d63cc243
SHA1 8689a3cc6a2e1af5dbd2b6c23b488283362bab0a
SHA256 14873e016597bf69824fb29a219f6d81befb11b19fe2e505544115b33f030e6e
SHA512 6920f31ed14ef4621559e67c75a69ecdb7832aac639c40febd98dcf9b7c02402510e983b84cd309bdcd7b0438b394cd6b1d11bd4c32c58488d24a5d38db930c5

C:\Users\Admin\AppData\Local\Temp\Roblox\http\7209cd4fd5e4a48a4cabe7e3498368ec

MD5 643d56f3cc2d206fc1eeafd601a0e287
SHA1 0e55be4bc02d884a40a586b44d5728f9e8fefa6e
SHA256 637c7f57eea4b46821e968a691bc2181ac0ed00252691845fefd947a4c594f66
SHA512 10cb34ff5d98467c3de396ef4993a11c7db2545329ea473eb3ffe387f2663cfda6d21d31299f87aa3f298d2bfdb88d705b9236e9f71c48c22970713c2c3f75e6

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a116d80baa851750ec02ad98f6a28052

MD5 db41d22b9f9f4a43ff8916ff8d513da0
SHA1 00dee570785465bff97ec8a96ebfad3d21f1d248
SHA256 31e6f7d03515207ae87b2f9e9594fc94db77038fcc28ee3990689c6590b7547c
SHA512 df4e09d0f24ec1cf13ffa1a062f9d28a5d36d99b606f27f7ab757f82e4202e51ff4e033b6554b763e6f97c73bbe77b9d133b4b842469b96056654cc2f202124c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a2f724d408e75cf8b916a5540044de4e
SHA1 468883188f526573ce0c384da7a46837fed1d4ef
SHA256 78239bf450244bfe4c257df86bf7c7918b0cfc107e13272cbfcb99c406206d42
SHA512 38681d30ef4ae9d16eb1ee8866eaaecf391e16ba9cb3a1f863fba8e8754d97fced62b52730bda9d852933e56320a26d695e9c5c91013b55d2ecbfdadcb058139

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3960c9cb-23a3-4334-9d71-5403af2a7e5b.tmp

MD5 204e531f33a5eda31b271cae752081fa
SHA1 387c3c3b451c3fadde844765947bde29b7ac4348
SHA256 cddbc8f9c07f2bfc701bb173dcd0d140bfe22d1d30171abf1e6b8ad27e05a75a
SHA512 63931a8989a8408b6052e82c4e71439f22d27685dca631fa169020eed07ff08c96a81afd5e621b1b15493eef61386303f54e4e0d61b220c82e2b5e311260f3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20d738be3e36720fff073efa01c3f2f3
SHA1 9149ac74343a808681134b335dd667bb2f5ed1c8
SHA256 c23625dfa2525d4b12adad1f6bc43f77be43337dea18dd6e6b6aa34cb09522fa
SHA512 751ff4cf8ca94e805e95a8eca8aa3c417c84624cb6a99b0461ee9182d36dd5e2337fef57fd37f6390d6000586938357c6f4cf7e30b550547a3ea09e040d50d94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2908faa5c91e251f885873611bee4cb7
SHA1 a7dc6e5f0a60e60e51d82c0e1004a594c1c7f415
SHA256 043588d9e3ef401649965cb99921add2c2b9d93b0c11c9bb69de0f6d44a3018e
SHA512 82f5dd72a2dd0b033a4a5a9015725734ffd6046d8cf38b41883087bc2ca9ab524a46f79ff7bf4473a1a608c4bf8da3f506d2c272e8e5195a6548fd4ffc47dcb0

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc0e501dc25d0e4ac191e5ad4aeb67b4
SHA1 c10c83479506f1855dca593416c09640951b4b1b
SHA256 d8e87655853831a3a8e0fafc3f9f5395c08aa8137af0d5cd5e85dad3fce1d7ad
SHA512 4302a827815a9ac61166c67a7f9467ab27528014d23ddd4e4cb91f00938093aad08b753cf44ff457dfdd98d3d55c36bfa220ce185936af0ad7982d313a022801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 70aaaf736769e4a90cdd36b88b9fd97a
SHA1 a698112feefdde7018505f9aabf106df7029d3bb
SHA256 52d6e7540c790ef65fd662fe2d440d77a7ba4c40bf47a38ce9624fe1038cf23c
SHA512 9d42cfc115a964764f0231ae0ddbd40129b237a1ed203a757c721549a66fea5904e9d807cdce17717b677e959e2bd80f4742489d3928ae7c72b33350ea8f0b17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21b1d269e0bb27ac39f9592d356acd18
SHA1 ca79ca13f33019a3f34f6eafb1260744694414b0
SHA256 355aa58460a8c18c45171348e2264216ac6245627f7eb62288f5dca26f4213fa
SHA512 66989e9d5a75ad5eb8303aae997e9e71a31fdf9329f355cb456b9999e1544517e56d4696b9ca726bb0018520f93f50f4630cedb41ce8662d54fca4e5b1148ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84036394d0704f96d0335d07e54e75d5
SHA1 cbc9a11f6963cd9b71749f44cb8ef2b29c4a1af5
SHA256 e87b2dd981ab5b91d09537dc3ecac6fc5b86895c35fe0062c2093face9e701c2
SHA512 08ac956043718bdd19287725557e6e1d328a73c995b84073086fe25a51c3c53c37c40ea8a98915892519c6f37e3749ef8223fc85c709f7182cd3bbc08d0f485d

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 b5a1ccf87b6633ef924a7421d5aa3e68
SHA1 9ed684a22833bc7a75fb20423d6ad0a20b816efd
SHA256 dfecd0ab3581ea27fa6df2de16065925b62d4b45e96f9fc570a330bdf76474fd
SHA512 afdba763906a7545501128c09e46dcb28bb21a93d05f0f6a4bfced73d3aa4702ed50b6d3039fb2539b92f7db8e6838b9b536493180f5481168dbe109fff7dcf5

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 a64ebdb15be7a42462ce1616b5c6104e
SHA1 19d021734c8842bdbed9aa689f55804c21f640c1
SHA256 f6715c942c033fef7ec29bcc98821b2f96daf1348b52357569c1b10e2bc6bfa7
SHA512 2cc85592f11ec4262d5f8e1f78dbf02c31f86105c9229c51ab5ade8ea16f8ee37e14b2c82f1518e71d1fee3773021f407ab3425328a990ceddbf79d0a0c34b31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 45bf8a3396f6abc259353564da33421b
SHA1 528c6dbc49f597ba32c1a3b1c91d6e9863684563
SHA256 05246afebdd34b4df6fce622eb821fcd5262dd8e76e445830407c9562d0516c7
SHA512 bf441f818ae7de3d3df6f34d065858759db63ba83f6b995682cbe1a13d0bde8b3b1e031536d5b95a084886629c94b36d1b31d9fc68a8b94eb6c2729e2e382166

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 3eca398827d83dbd784c34d3cc11d433
SHA1 00c97ef2000968d8f0e3a0421750db78adbfdcf6
SHA256 f7a8a24b89bc3fcd0fea41f9ff0a3559ff408a6e2a333660bdd9b503a7601e14
SHA512 d105314064715b404687ca7b2b400ed3327b43173e55ab99a6b7294b5ec182c0571fad8e757325a36a9dd3042d9cb07cab888d0301df305e323facd7c83eb845

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 e0578f553d5bd064d08d0d16c2e671e4
SHA1 5c125029edfd3ad4bd46f2fd1e8abc1bb71b238a
SHA256 fa126cedca38680979a3f4665e1e1e68df634ae36aecb392a0e0246497a210c9
SHA512 e73c2492f43e94a2e713ea2995cc721cd03594658cfd2d81fde7330c679db575c5d2e94300913b2dad7db21d643b783249b38775de78d4c2d025aef3c3bd35d0

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 3c46ddec8a85c655c9c6cbc38e7d558a
SHA1 86a9869af366567527d9e45131fc19cd00c20530
SHA256 96684d3eee12dfd602799186dacd3ebec960effc51cc7ee676aa7adda9f78e54
SHA512 391af0666ab76f294a2d3a70239358cab58b436394db0ae44b9803b3721cf7c4ffcda7f63c1eee137f401bb0dbdd1fb6d13b21e23338983d4614b09d3b70cde2

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 0b27f578051e2f3b974661c25f686038
SHA1 7413b950272d926af9d088297bef9ac0f89b50e3
SHA256 b7a8f951d6bbbc2519215ab6218f94b232549e1ade8d18ccf8a010ac314b30e2
SHA512 03daec09bb917bed9c3e29f7d14d452498231a3dc9aeff9c72de7e370a3cd8d0a8d4a49c7ba459a5c3abd8d666a6414067744da63c76ad33a9d82ba5f98f3325

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 2a8ec06a98002850ab57e7cea7507618
SHA1 533fbc7494b20d2596288268ce0d43ea9d743cfe
SHA256 3c91af35be4fd46b2bdd37b3bf955a4e0bba90f2a806052abf5d93212fa4087d
SHA512 acdba0bd1c4632771ea246dbcebfb2743fd8077c2fdab6c568008558d145e8df52dfc9d1888d6c3682ff7f102e842a3b42cfb00491fb1a14e8db3c1b1c3749e2

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 73c119893713bd8e24c320eb56cbcbb1
SHA1 8f6bade4b67b33b24e9a95915275bf170ff50b52
SHA256 14963ffd082d050dfe366845a12d87ea4fb2050490b11565ca4fa06fc6814c40
SHA512 facf30dddefda0ec17f80b0a7805b35292596aed407c2ef9b044dec416400b1ffb9353a0e2c4d2755d06df1ed3a88cd916528db98a98e06e10b1e86a0cd125c8

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 0c76e556fbb2f41f1d2196bf76c916b3
SHA1 09afd1d8a82cdd123be69232926dc5ad9d835284
SHA256 54d674d88ac5bdbc18e82b75d761712502f967311c0ab7da35bcf27f8eaffb08
SHA512 9d5fdeb0b9563079e18fa7c97b8a3527dff0a9e54bbe03e72f85d993ef7468062e675355e46be5c57df2d5b6cb5bccf81b8d7818acfe9b9f8616b8b0836250b7

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 d0ec0c24ffbe95c4bb3fbaf30eac37f2
SHA1 d2958945dae295da6337b884bd432bbfdb942fa7
SHA256 1279d18f769f2804abe4ff7962b26323e5f2bf8e5306f1c4209ad70ebeb83052
SHA512 ed1346ff0553ac4899f6c1fb2bc5034c30b9e76afe5f44e7bf8aeee4e704408d31c3cf0fe826462a5cbe31bb1be46317e3b68190c967fea3b32710a215c7f57c

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 ed60073efb8c399319addab873bdab27
SHA1 f3f01b03e8d0657d1fdc7f73af7416e836d9e78e
SHA256 5f72213916b700ea4029dbe7b4950e3efeca1d745cb560957e8419a5745432e3
SHA512 4d27f25e84fca0b9995c4d4148ac274b3dc8e1cb8138de329f4096a866b8c2fa5f568427aee4c583a8d37332a3193bff11dbb05a83a57dc1bf0f18a43cbc0e09

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 c5f41dad53e175eb420f8cad3a33d2d4
SHA1 8c332b038063fa7f1daac64697f57af2970a5869
SHA256 092a35cc46ccb20edfc22c557048cdbf1cff74735a24d233b00fe27217a2a29a
SHA512 995e2cc4794b26b0109c0609e1c939036ae60c18d4558616d0a4f8c45236ebded22479cd0c778760b075dc562e8333678ddc1d72ab3306b4f516fcd3b76de9eb

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 656ebab206a135b482ce97e6432c6627
SHA1 702e4f3fa94c95e7658259ee62832900697af4a3
SHA256 e7c4d4577de9140fe4ba09095edb69601b1ab308b4b1acef710450198b9e223d
SHA512 9742575ad3d3e7c229829bf74affd222bb835695f6a75ad4b82f52ee4e69ff97750b296c21cb3a5208a85c82a8d345cb65f41578118938f75ceb9e2d44bcab4b

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 3ce403ca9514838f1de6ba04ad5f0160
SHA1 24364a08457fa498185f47ba1bd238a054459305
SHA256 898205065d7a643cdc8b39c045726ab019710d65445aa56abd262223ffb3e6be
SHA512 072ad9ebf88c77a1daca78b894a6db28f502e4bde311ffe166187f1d3a7ad8dcc671888a455666a0960c322b802cc77efbbb93b2d8f3be84a3ed2daa4a2ece8d

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 e298eb99d772ac9e946ce47359673bd3
SHA1 4d53bdd5e933580cbd57e67d7dcd1373a5afb32c
SHA256 a901dd70aa31d69b9b57f18c798f38d0a6f3a3ae23d2aaca5fcf4d56c2dfdbd8
SHA512 c85a104be653f6c4b6f34a4b804ffc618d0fab3562aa965955882eeb6cc5804e83a9eb567390a5852c0d692de84e6d94ad9c8364ab8dd121908607340bcdf7b8

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 f7658f363fb82d7612ffaa1a4bcb8e46
SHA1 1b2f0ebcc12e22fdd25c5ce6bc0b716bcfb006e0
SHA256 511cc7a9b7a84a23c2a0909cd3899190d87d2a6e5d6be614d5d50c62a3e4980c
SHA512 18a764bbeca7ed80e5acb431e87cf3174d5a739ae973bbd81d0a2c04247aab76ca82d58bf12282a661a14b51a658d92855d60911e6539a0fd5c36b47214ddfca

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 3967d7c8b1ff60af651120b56ba8812b
SHA1 1a54d412aa5a5f2016447adb7ce25ee22936363e
SHA256 ca5c96fa8ce7cf3b0ea2eb2eebae2d01c4b74154bdcd02adaf69e1730243e9f0
SHA512 73f8c4de192ff0a8329f1f4420209bb95d44c828e1206dfc40bd9970fa57a529be5520beb6e01f7b6ad4d3283142172257ed7bc92b307854dfc71b553de49879

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 ecabd623c1db411650abb1df9fcf468c
SHA1 3245c3e6753d56d8f3ec1a3d4bce863278096fde
SHA256 2556bb5237716aef2d5c0479e4f4a834c94ce5a59c7521ca8fcae8332840b4d9
SHA512 774a6261ba6296ff787f1752adff9c79da36ed3c486d3262b8b35758b2317768d91fa735b18ce6977ff6a0a69096a40a8139e3c5bf9d08a63d5ae30cd7edeea4

C:\Users\Admin\AppData\Local\Temp\Roblox\http\a42bc9c5238f0822e1029a99290fd823

MD5 84b483ff88f6bf94ff7a863ee5dcad89
SHA1 337896be3e52a3396298abe593e69f1a5b405ebc
SHA256 aaec8e09bff9b39e388fe40583bcbc52ef86605dfabf54507ae3d4d902822c42
SHA512 cc7d6bbd9b806b52e6feab6294fe3ec108bf80e058a82fe4d8f20b897b83c8004e918db4b3e792c7051455e41d4dc324155fb6685cb59f6dac16ddbf0b9c5807

C:\Users\Admin\AppData\Local\Temp\Roblox\http\41264952abd3c8ac032cd24c6231a1d1

MD5 51321fbe54bfb29828bc708d23457753
SHA1 d6d9fc4b43418624532956dacbe8c08bbc47ca89
SHA256 96274575ad50b7c1e83fef8d0b5121da1295f3007b54f141b815c91d6b81da5f
SHA512 06a8e9eeb15728eb54511c7b25445a3e9ba89eef2435cab4a079a00e7e9f93f72a6646a9510c456aa9a32e6c4a1e93dfd06da42d6d7c2009748292ed275a828b

C:\Users\Admin\AppData\Local\Temp\Roblox\http\38dd5bd0f390efe4ab5e5015056ab9b1

MD5 650252936c062e6a1997bbd690a566ac
SHA1 519167c5ff3017cb0ff6ef709cab7a1a953dc482
SHA256 4b3600e900840d6eb912b854565f606b50d8251b09760d98a04d7b2b2fce86d2
SHA512 4eb0606f3be517c915cd98d0ccd9e8dec2ba837eee78105b908ae3d3c8e75a09795ebaa8be2b46f4e608c3f7b6803bc26d1443fd98c84d9e51536b725326b54d

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 13582a547388d7f06ba72b0347ec793f
SHA1 5e641f8de654b68d827fb150aa511878f85403d9
SHA256 e63e60c9d2f17e31cc1657965f73d85b917e64d32dc20097b0ee68ae018660d4
SHA512 28a62e6c8680689494c592a8acc8e5cce19c0854c011afe4c4c9feb3be4d4f55a80122a4f303d1880a819e33ac5db634b6c6b52cabaf0dd4681239cd72c3860e

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 777f0b73ef62def42bd32e5f218076b0
SHA1 a6a2eba449f812985368e9181a640fdff1c96fef
SHA256 11834b0b0a1a3b4d927adb4b730711f3b32c62026547e55ddce6d0b8090cb25b
SHA512 bdc2ac75e98645a12c76b0575a40376c86bc1d676198ca3bbf2f4afbd72a5a90b1578d9f83442d922c77d957d0a883c68cac35acdf282ca4dc6222f5740759d2

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 252dbe8a1c7e3345b597527a9d973390
SHA1 b2b7178a3cb44d88bf9a110375030a9ea158a689
SHA256 3086c5a9fc2689622e47964802e0039d4a3a67ad39fae9f11fd7657c1fccdb91
SHA512 6670faa70a0c2c2766526e369c79c40d4f3fed0aee5c96ad393782e22968f269b8b3148879d6ae1d81ea598aef39fdcfb0bd73be674908aa94b754f108020e3b

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 82836258ef358cb2c148f1c96ac0ec14
SHA1 8a387261f2591cac21c9e9a8a32c9a2c0fecb167
SHA256 1f1dbb03f26c0ccad5a70a162036092a168cb94249eec1011ded3de18f9f84ad
SHA512 e2089c7ebaf6230d5eb3878e8c7817b013b1ea4f4f89328e387d3036136bc285f396e07513210157eb3ea938edcc9deb5200df4f3854d6cec019a883bdb2d24c

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 35e36af8c58df2b7fed6cd7b41fd1a19
SHA1 2408b92436d8b6ccfb8beceeafe2936df0e5e3c9
SHA256 015cddfa51a7ab5e580a77b2f4b47504aa1725c7cdcd53bc42d43fd0e4d7c635
SHA512 b809999379216305ab806c7f2e8a12299158406aaad693074321414938701f482476f55d2b0e3b3c4d0b171d3a7f036024d3701bb36fd6a83db89bf6034d35af

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 0adef642648e7f157f35cb97a31a2cef
SHA1 ac87a6f9e6fff53adfd0e8eabbdede5d86ca0fe2
SHA256 90326df2412cbbba96869f35cfc44c222d5ec156894577734234bf25276d067f
SHA512 4157816b059211a12130793ff1097f73b260a5e9eb79ea3b00ce8256266a82034085f50c874d88b2cf1de437545a4c53c1bfecd08543d7e39b648a24562338b4

C:\Users\Admin\AppData\Local\Temp\{9B7CE80C-B131-4197-B742-F4FA9A15861B}-BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{64DED3BF-4836-476D-BC9A-7602E921769D}\EDGEMITMP_2F167.tmp\SETUP.EX_

MD5 5070a34dbada1aaa375cc572b5fc7d0c
SHA1 e74b7ef714755870976abe3d2b4a7db0b9cc21e5
SHA256 03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20
SHA512 fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 dca8c2ba59afa5201a646374b4a6bfc4
SHA1 1d0e318184ffc0f9acac0ee63e0705548c53453a
SHA256 4ba4f01859cc5a7da19bbb6a7721c6439fee92eb16250704abb90d481b79418e
SHA512 072f086839bbeaf98953e3e856a7f648b86b7edbb2f8910c98db543be90cf51ad81ddaa66c3a6ddfcc0a275cd6c12144b062f5bdd4a28f56e6e09d83f085d50f

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 b0d34eeebcd921cbfeae8eaa66d5e517
SHA1 e4ce9e6935c9ffe88a8c09ee31b862dbcf0827e2
SHA256 736f1c9102e4426470e458bba7e41b8c093082509af4bbb71fdca86eaed9da91
SHA512 84c4fe4d2540e9a93f212674bdfde5c44fcdb6caeec1349bf3b76f67ff00f0b15db93778dfed12068d2cbf7c340116cf28d4003d3d0ee98a03ceacbe7240b7cf

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 2653dda48fa0c32511b62d1b5215a638
SHA1 4eac09c1d5c717a0395caa3c93efe14ec5ec0ec4
SHA256 4761bd70fd869332e7b5b2a8ee65181ff1d260372d8620023240b0df76337273
SHA512 47eade1b8d78a205a149ffbb221d34473637ae955af8e704fb2449f7cac8e35d882738d2cdee28780a3224e2ff674544a89bfe1c550f2558993a3f0d6ea1c9ef

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 7e79b0857bfc1097048d7d31d7629897
SHA1 6b2414834f5f82ee7cd9af72b7001ded92c09594
SHA256 7b5018db37fe376afa51ce4ed18e4d349f9d9096cd1e055d10360446a851dad5
SHA512 3fbb71bf8bc868d0ee6ac48864ab396d642f53101dfc4b336d6f1a34786b47597ecd88078fc1967c13cbd5e82b5b7ff4d1de693516ea963669536e6b80bb898e

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 06d544b533ee693223fb978000329556
SHA1 61f8697484724ebd8739fc57c07e329aa87488b6
SHA256 04b3e121ac06fcc5c9122e4cfc081cdbb09fe41dd8a0904af3166e111a7442e7
SHA512 fdfe89cc20bc6cc76460d7457e28688ef9d9237e7451c3990253921f2ff3177ad39c438aee1f17b08129d02fbc6975149d3c8b81dd16b6419d7ef48d30eca93f

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 d538820c5bd24005462731e60e0ea1ba
SHA1 a6173792b5981271e5e2cadc1aa2d476b6c3a357
SHA256 a4b6e022b37f8757c84afd6c8cc2f642ab25d2375f79656e6644e26a0b9d2186
SHA512 bc92de35b7a919fb063bd2f35fa1f315d93862c53b553c076628016e4df33a014a34d088d41f1a17fcc74802869c9620dda2958d8542d9991b76300003d37056

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 4d9d9e14ccd1873a9f12617d9b68fe08
SHA1 8b497865a8f551dbfe47abcb422a111aa6b1dca3
SHA256 681e897158d8fecb8db2980766e47d04a73defa655776f534b776b710b312f5b
SHA512 666d47c7130ed6bd96d283757127af058f39cef1698b538f0239ccc33222538c974022ff3b7d4bba1eae0e4805dc1f0f658a20b02c5e79644d400246b17c7c46

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 07fb329a8513deeb32c6b43275b6f5bd
SHA1 5bfda248b420362fd743551c87c885d40cb44eff
SHA256 c7898ec6b0c2f4d4faa5e6a399600d0995a625eedbeff6684e750bb2f2329f29
SHA512 5131007c49ba8f1ad5f819e0c110baaad081cccd73c3bf826713bacaa578037a3875ce34de5299c66b91b9f640a8cf5d1b5e5f22ef86311ec0203ffb158c5799

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 a67214a0b3ce7d7f3c15deb850ed3d45
SHA1 72d22a726fe3f406d3217e1bedcb22444f54dc99
SHA256 62c6df1ee6f16771163e329cadc2c6cc63f0be70e4c7864c1466169b1befb83b
SHA512 e7b292f74431f0f1690956800561f57915a8c9dca5cce4a616a8485e29b6bd477ce01b9199def95e7b714e131e302b89bd07d1a9e5acbf988b893cd3e4a8e403

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 b4bc508ce376f1d6beebfe6e1c2dce7e
SHA1 106d202a7ee630429cd7658f7a292cb26f55619f
SHA256 e04e186681bf5d2c28dbcace38b6a7e44e7d947b58175848c0cae1c665a6ea9a
SHA512 3c81dbfe75929aff3e73de8ae3ffde6d9a781ef0e8fa8d5c05ebf4d4a040ddc0c488c63900b6dba5c888fb71f20789d48914fc690b26e080a1169a4f16d0f350

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 d23a255d5cc4ce31e16480d98e72bd9d
SHA1 fc9352497a248d612715642bd43a9193c030bafa
SHA256 d544370ca101c34b04e85e075604a5cb4268d2ed5ece5015d7a50d7fbda1c8e7
SHA512 d34d59fbfb1b2ad40a0465a4e9533c12a9b5dac792ee26b221c380c865aa3a6eacd002c9ee82c2c198480484407b2dc081395a40189042a474b38f4ac2223296

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 f0d09e551f61d86d2960636c60d40adf
SHA1 879879ac5e6ec425913da81ede9e3278d521b61d
SHA256 e27b06b0215b07cc891e11534428649a56dadf17781360fdc7dfc827c38302f4
SHA512 3bf13b76aeae7bd01a90e4631ab4f1973881d2fe137888014d520517eab1f974e99518c9c9453c6a79babd467da24c2b0275aec804a83c93814851ac40dd08c0

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 64cb87f6c8d8c308316cd8efede2ebf6
SHA1 1c6dbfe08d9a2066c6a32275bb38229e729dffcb
SHA256 780cc30bde99c383de6b9ad133b7ccc268551b45af879ea4b583ce2257593a24
SHA512 5f24a05ee4d3c15d3730449878ed03e441f0d952cc44e896337ef1d401ba6daeb842b44323228f0e95973d595d14345d1536b9c8d4ad06a50d9b12bdc35aae8e

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 548e9f97d67b128d3a7a46f13381d50f
SHA1 ec4209f00d33d51b974d9f791777186fc281900a
SHA256 f2e88d662ffdee6d9ea00020ab2cfaa6300a2eaf84fda0c3581b9e8a6b3a7475
SHA512 19e2aef043fbfddc6a8d233b16e79f36b80f88617767ad0785c31e061aff49c9ff5fbeed49e6c471e102fdf5de236ec71952a6bc0742d5e335fbb5a2f7027d70

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 bb7a5255e0f2b20becb446fabf3bc72d
SHA1 2eb6a2727449440642841cd721e78dba1f211d57
SHA256 7b1cc3064752daa859776fe6b41166f93e036f3a22d94f74a219c8884abc4aec
SHA512 b42f267220e04b6313d313459e40a1e039e074016e0c81127d525d5d0f1688ed449a5d5e5eaaf817152ca3ed3ea595d87db351b41ccb7389e97b7b7d9b81893e

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 549d3bb7e927b204dc79d19cb7f7db1e
SHA1 77587c633b32ad26914520175b67b42a76dce899
SHA256 1356cc146c63870949912992fbf894860b815d49ab277de1d448446be8edeade
SHA512 f2823268910ebbcab15d75176e9577df0ddc8d747aa924325d948b3c555dd2f954ffbc440afeef38c0ff43f9dc4b24d6ccce4273ee8c7235f56c456c769fd3ff

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 6841e8594277c1683156a9246c86740f
SHA1 d61fc156638ac3bcc130a5521ca4bc6989ff5d91
SHA256 44cfff2edd539a8a5f70d52d279a6b6cbd2ea87d55b6a3c3a13d1696bc03cb1a
SHA512 b21c16210fa3601062751bb27b8f817ecb9a6a26f1cada1f3da8793ea895bee51550708c87ebab9c6cbddfcd2d5685a2fd082b1812f2e30ce657fb0fd27ff059

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 f264943131412c73dd25783e02505be7
SHA1 b61d6776fd1efa55b1afa9d35d40a3fb259f82ae
SHA256 69a41a533fa9ac4488b06b9b189adfa8b84842f30f5f5973b48e20d7d4864dca
SHA512 413261e3b7110bd2306b7c00bdd700d6bf9008fb34842b9a571caceb31f0c4a14aa2c4444e1fc29bb77fd7f0f8e916511e8cf97714da9f31fb2e12d61ead12ab

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 bfe5a087863941226ef4a957d98fd71e
SHA1 9b2df0fe310985631b02c7620c8a3d2b291703a1
SHA256 71cc94300ec0eb616d716ff322549d82eeed9d22af8c1ca4daf52b586de4a7ed
SHA512 41e491d5395c12e624b932d8e5e09e8be08ad103aae53ce01d590d8a07f8336c8a53c1342e619a92ee6c66ef29fd904e0174b953a959dcdd2988d12d34cbd954

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 82f133c0bac77f8b4a7d8032f12e4c8b
SHA1 06259b0c8499e71a2960fb212e620f493cdcdbe4
SHA256 bd8bb8a6d8a9938781c06b2c6a614c57f62c305f5cdb5fa1a2a0e2fe74c5ecc7
SHA512 2909f71080e2d3bb0783ac87ad303d352ba8ce48c7835499fa78dcb9fbff73937bc56fc70439af6b348be1098f221e1fc0282cc9bd8fd943f4adb19d42e0bfa9

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 ffae14152bdcd77dca3e99f34fe366c8
SHA1 211b477e0d81b5ba6f9a4c73123eecf0a1c3dff9
SHA256 6d8f33eec0f6245772ecba85e2ce8fdf7b6f1682e79a14ea4b9da8822dac52a7
SHA512 eeb4e816b1e8697720e22c8eef3aafed0bf9c53e5515a9c3885fbf5cc344381002d632079fb280db8ff1faf685dd8beabf69caf6c89d7bd05b1b163d8eab585b

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 6166ace633fa2ced56c83cee00d978cc
SHA1 50404818c76e3724b3907ca2a180cf9e7dee9338
SHA256 9991483e7b8471b1760a8d9ab5a1620bcf89866801938de82543281465086e7b
SHA512 0e437678997e4b7e84955c2a5affe5b37af4004257f770ed848e40adc906429fe2d361ac6d8372933b37e9ac1d5d1559c71b3873d23db5fbe06a240bc7b0b173

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 b0fa1e1aad6cc946a2deea91e10fe65c
SHA1 34ada866161ed42890808c64acc4e4b2c1a4dd69
SHA256 913762df1ee879ce283fde8af2a1123fa7cf1b7f55ee309f24500b14e3545a5c
SHA512 907a9056d38d197dc4626ebb54dde0ccecee45a63187116a2942ac9dc91a5394c9fdf7c0dd4c3e6808982f5666a76eb312e8fde6f726c4942cbaa7949a55b13a

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 c8bfff8b5da1bfcd3e616c32b4ac8817
SHA1 9e6ed944c436cf4a200adefa3622b7ff6b40cc75
SHA256 cc52faf8c78979fabb39e2fc6bb922a46ed8fe9570be16ec3cfc77246b3d3e89
SHA512 ff8733a6908550bcd660d4e9f3996907cbd4aa0a27a38d5be6efebd34fd608c58ebe88874e14d6f1bafce190e53fb1834b1a6b6030c5bc5a84eb1c1bfcf226d5

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 1b94ef0787d788d306868af699445172
SHA1 bbb9f3e1339199d651bbe0693bfa896ee554e833
SHA256 b09bcf794ee409a8894e1167d7ebb08068ce436faa0c3239125633847548d3ad
SHA512 5bd346babf75daa87658ef7228c8166d4bbbaac113706248a6b50d7aa287f449fcd29ea896000aafb4aba18a7b9dfeb7474587ac3e9e31091059fb829730f469

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 a54235f66dbfed57ef8ad2f9a81b5dbb
SHA1 07183f963939e2c2f05c20c032e4e34fdb287d80
SHA256 bf49f467cd25d510f9ef1f2c6853f16cba0c61294db90d066e5cdc27b64f655e
SHA512 bcb77bf3353381c1bf156cf003fb0fae9b427b760658a7adeec320a37afeec03fa76282b113836c51eac068f7d3c28869cec34677696ec84117ecdb8d37ef36b

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 0f86e39842675c80c02205bbd0e0a352
SHA1 2cc1fe63179922a85cb38458bca88ee508c2e5f4
SHA256 439c443a11b001591e116ff9ecc725fbaf914682ac2ffe7f849173b45ea5469f
SHA512 ca669e9f51dc38a0dbc85956db8c8a2a346319ddd4c5534c2b1da3d4e69d9fe6bcfc7ac755406b03209bd862d2423879fd333dd9192d876ceddca4fb92b40a58

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 2e44e0f534c7f60bfbac2316a82389d1
SHA1 d09e33d74c15e0a9f44acf8a5fe9e0c8f137ffd0
SHA256 0e38892456453ed4d8958d7bcf688ec05802b9494f58c9a4927b68910e8dbe69
SHA512 78ed0fdc94984fd11cae1fbeb2779f7d40c5321f3cb1a1b22835405691a3795a30665a95f507b00f71f093c42e60fa9f3636cb71f4f824121b53b5a00d972aea

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 6c4debdf954b7bba2b1c45fc9fcd78f0
SHA1 17fb99a76eee74ccf56782f988cce717caeb6479
SHA256 aa72f6278542f01c6c5a1f474e9c309b762a4a450a9e8c6e8d7ec6adf0d55e0e
SHA512 78eb61892625a68fce103965041dae3c3b364b967800172c63bc015c20c7e48e09981667c4a3dd1878a4289527cf4c5c62daf51f8680c0e7313f12ab40c755c5

C:\Users\Admin\AppData\Local\Roblox\4155035591\InstalledPlugins\0\settings.json

MD5 fde5e80f3a875a1623bd4af2b6b9a61a
SHA1 4968ececf0651a02c27d23d18ebc5522fecdcff8
SHA256 62a1bd8864b7b375c572f97d7c10a82ec4ffa95ea37921f2e9e01649f06b25ad
SHA512 9d2808f69ed4aa7f27b9a6609972cc94400c0d2d51a0961d336f7f032eaffa9a3bb3d61dee6d919430f656f94b959e0c5158c450e112d1b4e994169bb5c390ba

C:\Users\Admin\Documents\ROBLOX\AutoSaves\Place_AutoRecovery_0_AutoRecovery_DGxgfJ.rbxl

MD5 9e913ff89e68fef71c576421dba9ca88
SHA1 42411d3380ea90bdadf79f43928cfe54d5eb53ce
SHA256 fb024331314c61b341b3a22ed3e8939aacbd5f5266c0bbfe1e7feaeb10982cb4
SHA512 bfd4f70dc30b7f6e23a0190c2a5ef6ba9391a6f7610a9d07e3cb349dd465d2c375ffd68262b98955a4af516b0e8bdf01712665508e5e74766e52981f04ab0e6b

C:\Users\Admin\Documents\ROBLOX\AutoSaves\Place_AutoRecovery_0.rbxl.lock

MD5 e67583f88b750d58f3f8d9d5f0a2cfea
SHA1 bb61927aac906689cf9975f75a25fb0455c51008
SHA256 d8d3d3cdbb955cf269541a993be6c726f2782bd9fc2ae080b89fe3ee2688e959
SHA512 4889843e27ada0d73aa69ab3e45a7cb3f36a1f8ad14b3a3f5993bc8b0f69f4c64b39c31b3d2c84ad0abed276c7e69b3cee2ae8291d5426aab3595ae9a83524b9

C:\Users\Admin\AppData\Local\Roblox\OTAPlugins\OTADataCache.json

MD5 11a17ccab96a24de7ffcaef84e378fcc
SHA1 73f18d2438e46d1006506ae6edd754e17ea25106
SHA256 05858b9864ab11fee682bb6e6028b56d6328dca077041f58f2989f24ae14d9c1
SHA512 e3d6fee7cfb04e5b03c0782b5f647032fe948ce2a85e225b0cdecd8f2729e6ef055caf171e0cdaef50179f3e90d01a1589af44a61415889f5b4cb18db6f6b348