Analysis
-
max time kernel
897s -
max time network
897s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06-12-2024 16:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 6 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation msedgewebview2.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 57 IoCs
pid Process 1940 RobloxStudioInstaller.exe 4372 MicrosoftEdgeWebview2Setup.exe 1692 MicrosoftEdgeUpdate.exe 516 MicrosoftEdgeUpdate.exe 4680 MicrosoftEdgeUpdate.exe 2288 MicrosoftEdgeUpdateComRegisterShell64.exe 3304 MicrosoftEdgeUpdateComRegisterShell64.exe 4728 MicrosoftEdgeUpdateComRegisterShell64.exe 3932 MicrosoftEdgeUpdate.exe 3752 MicrosoftEdgeUpdate.exe 2256 MicrosoftEdgeUpdate.exe 2724 MicrosoftEdgeUpdate.exe 2896 MicrosoftEdge_X64_131.0.2903.86.exe 516 setup.exe 2284 setup.exe 2512 MicrosoftEdgeUpdate.exe 1156 RobloxStudioBeta.exe 216 RobloxCrashHandler.exe 3040 msedgewebview2.exe 2176 msedgewebview2.exe 1468 msedgewebview2.exe 1140 msedgewebview2.exe 5052 msedgewebview2.exe 3776 msedgewebview2.exe 5416 msedgewebview2.exe 5800 msedgewebview2.exe 2632 RobloxStudioBeta.exe 5992 RobloxCrashHandler.exe 5060 RobloxStudioBeta.exe 1776 RobloxCrashHandler.exe 5724 RobloxStudioBeta.exe 4468 RobloxCrashHandler.exe 4352 MicrosoftEdgeUpdate.exe 5028 MicrosoftEdgeUpdate.exe 6068 MicrosoftEdgeUpdate.exe 1044 MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe 4244 MicrosoftEdgeUpdate.exe 5840 MicrosoftEdgeUpdate.exe 5164 MicrosoftEdgeUpdate.exe 400 MicrosoftEdgeUpdateComRegisterShell64.exe 4732 MicrosoftEdgeUpdateComRegisterShell64.exe 3524 MicrosoftEdgeUpdateComRegisterShell64.exe 5032 MicrosoftEdgeUpdate.exe 4852 RobloxStudioBeta.exe 4244 RobloxCrashHandler.exe 1316 RobloxStudioBeta.exe 4168 RobloxCrashHandler.exe 5088 RobloxStudioBeta.exe 532 RobloxCrashHandler.exe 5644 RobloxStudioBeta.exe 4976 RobloxCrashHandler.exe 4932 MicrosoftEdgeUpdate.exe 4116 MicrosoftEdgeUpdate.exe 2032 MicrosoftEdgeUpdate.exe 4768 MicrosoftEdge_X64_131.0.2903.70.exe 1956 setup.exe 448 setup.exe -
Loads dropped DLL 64 IoCs
pid Process 1692 MicrosoftEdgeUpdate.exe 516 MicrosoftEdgeUpdate.exe 4680 MicrosoftEdgeUpdate.exe 2288 MicrosoftEdgeUpdateComRegisterShell64.exe 4680 MicrosoftEdgeUpdate.exe 3304 MicrosoftEdgeUpdateComRegisterShell64.exe 4680 MicrosoftEdgeUpdate.exe 4728 MicrosoftEdgeUpdateComRegisterShell64.exe 4680 MicrosoftEdgeUpdate.exe 3932 MicrosoftEdgeUpdate.exe 3752 MicrosoftEdgeUpdate.exe 2256 MicrosoftEdgeUpdate.exe 2256 MicrosoftEdgeUpdate.exe 3752 MicrosoftEdgeUpdate.exe 2724 MicrosoftEdgeUpdate.exe 2512 MicrosoftEdgeUpdate.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 216 RobloxCrashHandler.exe 216 RobloxCrashHandler.exe 216 RobloxCrashHandler.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 3040 msedgewebview2.exe 2176 msedgewebview2.exe 3040 msedgewebview2.exe 3040 msedgewebview2.exe 3040 msedgewebview2.exe 1468 msedgewebview2.exe 1468 msedgewebview2.exe 5052 msedgewebview2.exe 1140 msedgewebview2.exe 5052 msedgewebview2.exe 1468 msedgewebview2.exe 1468 msedgewebview2.exe 1140 msedgewebview2.exe 1468 msedgewebview2.exe 1468 msedgewebview2.exe 3776 msedgewebview2.exe 3776 msedgewebview2.exe 3776 msedgewebview2.exe 5416 msedgewebview2.exe 5416 msedgewebview2.exe 5416 msedgewebview2.exe 5800 msedgewebview2.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioInstaller.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe -
Enumerates connected drives 3 TTPs 16 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\D: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe File opened (read-only) \??\F: RobloxStudioBeta.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 7 drive.google.com 3 drive.google.com -
pid Process 3776 GameBarPresenceWriter.exe 4084 GameBarPresenceWriter.exe 1976 GameBarPresenceWriter.exe -
Checks system information in the registry 2 TTPs 28 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName setup.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer setup.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\ui\PlayerList\NewFollowing.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Shared\Ribbon\Light\Medium\RibbonPart_Sphere.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\ReactRoblox\ReactReconciler.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\RobloxShared-31ab8d40-3.8.1\RobloxShared\dedent.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionCursor\Cursors\NavHighlight.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\Qml\QtQuick\Controls.2\designer\images\switch-icon.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\TerrainEditor\Dark\Large\Fill.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\Toggles\Light\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Components\Connection\LocalizationContextConsumer.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\Server\ClientChat\ChatInstallVerifier.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\InGameChat\BubbleChat\Components\__stories__\BubbleChatList.story.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\Shared\Shared\PropMarkers\Event.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\Core\Style\withTextSizeOffset.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\TagEditor\trianglesmall.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\TerrainEditor\Dark\Large\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\flags\getEngineFeatureEngineUGCValidateLCCagingRelevancy.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\ui\Emotes\Editor\TenFoot\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\PlayerList\Actions\SetGameStatText.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Localization\Locales\tr-tr.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Shared\InsertableObjects\Light\Large\IntersectOperation.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\RoduxNetworking\RoduxNetworking\Types.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\MaterialManager\Favorite.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\StudioSharedUI\alert_error.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\ui\VoiceChat\SpeakerLight\Error.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\Common\PolicyService.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Thunks\GetCollectibleResellableInstances.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\__testUtils__\kitchenSinkSDL.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\StartPageSystemMenu.xml RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\StyleEditor\Dark\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\TagEditor\Dark\Standard\AddToPreview.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\EmotesMenu\Components\SlotNumbers.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFFlagEnableInvitePromptLoadingState.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\cache\init.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\particles\forcefield_glow_color.dds RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\ui\VoiceChat\Unmuted0.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\TagEditor\Dark\Standard\Tag_Add.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\queries\all-utils.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\StudioSharedUI\images.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\Foundation\Foundation\Components\KeyLabel\KeyLabel.md RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation\RoactNavigation\utils\getActiveChildNavigationOptions.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\Qml\QtQuick\Controls.2\Imagine\SwitchDelegate.qml RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\FileSync\Dark\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\StartPage\Dark\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\Toggles\Light\Large\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\PlayerScripts\StarterPlayerScripts\PlayerModule.module\CommonUtils\ConnectionUtil.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\RoactAppExperiment\RoactAppExperiment\MockIXPService.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\avatar\compositing\CompositRightLegBase.mesh RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\AvatarCompatibilityPreviewer\Dark\Standard\symmetry.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Selectors\GetIsFavorite.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_22.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\ui\Controls\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Lua\Notifications\Light\Large\VideoCamFilledEmphasis.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\Expect-31ab8d40-3.8.1\lock.toml RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\ReactDevtoolsShared\ReactDevtoolsShared\devtools\ProfilingCache.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\Debugger\Breakpoints\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\ScriptProfiler\ProfilerViewEntry.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\EducationalPopupDialog.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\scripts\CoreScripts\Modules\TrustAndSafety\Actions\Hide.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\BuiltInStandalonePlugins\Optimized_Embedded_Signature\AudioCompressorEditor.rbxm RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\content\textures\ui\Settings\LeaveGame\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Control\Slot\SlotTray.lua RobloxStudioInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 21 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeWebview2Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RobloxStudioInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 3932 MicrosoftEdgeUpdate.exe 2724 MicrosoftEdgeUpdate.exe 2512 MicrosoftEdgeUpdate.exe 6068 MicrosoftEdgeUpdate.exe 5032 MicrosoftEdgeUpdate.exe 2032 MicrosoftEdgeUpdate.exe -
Checks processor information in registry 2 TTPs 32 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz setup.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 msedge.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe -
Enumerates system info in registry 2 TTPs 28 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS setup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU setup.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msedge.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" RobloxStudioInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxStudioInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxStudioInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth RobloxStudioInstaller.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "19" svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb010000006c8a52a63ed35a4089d082fb0820d6b4000000000200000000001066000000010000200000002a3a552d0966a9ec612f1d9e5a5d93da9d15e138794cae628c0818cc546325dd000000000e80000000020000200000005bd141233ea8c612818038538d192e2f380db34f9a2c2546a76d3bc12bb3317a20080000750c1d7f9a5b1bc0b576b6b201d6e50d4d326ed07f09d9620b349ea1b9675acaecf3e58f6e1aa03bbf97ff0314cf4674f5afa1a898571d4acde1dfd11863537273708df6d92afb23ae050f8e455ff6409443928036995347b695f5fc0e039920143113907490c9681d690198b27559e219e088f317fcf8c26e3ad8f497018213ba661e9e46a6e752d7c8709415276c6a4a74d8e0266f8ee0562a0c7b6f833e45f404e7a46cfc72fbab6e2432be1fb94dea12dc438bfd510ac45cb3b96e3a34b9447d4f7a52f7701d9caa88ba09fe0235f6b0293eee929b7523524318bc551f9787310033515ecc6f3e84aac00399c86bae12221930b8455635aebe9fb2cc02298d02464e5803a2b67aca6538e4281982b034ff41c3d8854bbed34ad77ad0c84e92fab2c4d63a61425d181118e7ee35e28bbb03095ed22b8c58ab9da3d9440e6f3ee26b7aec096d400a618a956e8bf0a0134b77e5b9cb995cdf500dc56ac6a8e0d886f465c410f76bc8b4fa2902697e1fcd20ade71226aafaca4c8bc330547ad57379245ba4598d45dba8a83a1e2becc1eff4633df4e841a063376b95dddff5ca0b587d8948741e8f9f372b77860b7a3d72963c982945892a0ffcb4275707b7fef6186e14958b8321b2695d04bf0ee64bf31eded8aebbcb729a61c2dd89c524ef07e9020fc8529b1c668544c70dcea62ab85f6de1ff6ec47f76a69bdbaac8b00a787429f77b5b8167b7fa59e90b3d5c49763f63ae1d9fd601593bd64b35bd6938b871e7e37df518e5985a9e0b08d2c38989a38ccdd7d48d54e216b9c9a7b5c27fd8d27ebf9d76869e2bf97ca829b0af505fe93ef6e4bd1be57459c3a0e9a064610839f7d3ac7754502685e75d5a397e6548f095a313ca8218bee3dd9d04b65a5163eb71b0e7fe80d459c138bfa36565035f8f9088ea8c2920810e2d2e7081f885d92d0551b1755e2ea40fbe895098f1c7abd704c2d3665247f2fa892ed40d5a8ec1c0c38a3c5d6f84db16db02758f289786c0dd20af74f5ce62da74d81f8f9369674495e1a5ad79d9aa5a9cc4ac204f63d8b138a9e4a6bbcdf3916b3ee5badf61621ae17cc3b369efd251518bf3057e23610164a36f97d1dc61dea4671a61a44938afe8e212ac910a41fd0b3e690719aa37e777f3d8644a29d03715423909716aeeaa02f654b9dc0cd1f7730c6ae459e279fd7c21366225a46a68d40e35c198a2fb807ccdabcb307eee316f5a5b3991daee8af86630ef26fc54b8b59213852a5c2c58240c5ccca60743db700ad4fa9cf00da0b66d366f8bec7b3ea2c5411937737480a8aed8802afcc71d54e1d142d85c33a6fc1fb8a383486d325d2bdb6529717f12686f21e2bcbeaba7a58cceed24c70c6ca8b2092f35db60d54de74358dcfa28ff4f6df7a93fa19aff62ed7d18391614f5d6dc0eabdc04c58479ce03609f1957f45ef1245fd450c559386062d24808adf34db6c39b9d0b0b34df16df7a2e44933aab5b1c24ef152bd5cec671d3b0c8d656845eb0ae97c5399030dd8ba2995f884e64ce369038dc8545ad4b92b071ea365c8b76265edfdd3031e442fdf75552c9a4c39fc8ecf20b3352b5287a2f9b2c05e92d4eac05029ee40d809865277d84787a8bf788174ee16b814cc4c331be30817629b1f8140bd278292e621ddabcba9b9935e639bd1ae79aa946b10d15a015c60e8c22326930026d82ecc9ffba58a1c0b91e94b31b7e6e5ec0742c393935c6254b01ea01f9f234997a9cd39a7a685b7729f0d183e27b8e59fb40fcba507b3942d009c28646b6da6ab1b5ba6e8f58ebde5439f71d2e5fd9df6da5dfd9ef966f3c46e8e9e5ad9134fdf57b69d1f622372315267aa47a719dcc118908e650551276cd6d4950c45615c78633e9c7a5873d266cf141ac82628ea621a444a42e579da2c03130e68e34db77468c0aa44264857d1b90f82e89047ade541e36e84e33d3b47faa40891009c2bec55789caa8ac866ba93c34e8139ea3f2cbbfbc545925787905a0caa31b460aab8d2a720c25106ba45f632481e5e957068ecc856fc6270708e9b669ce03679d70c67b1a7cb4b268500af8eded93a00ab4dd14f1e55b94a29ab0727db2c1b47ec74b8836578a10aeb9548946e18b126fea771fe9dda8d9aff2f3af7c73a13307960fdb08e936c2fed8c6c56a22db82eee04fc21975dc464667e9e1ba42c38d46435c84e7fb858c0b92d3ec809913a7bf32f35496cb2aa46538c3ddefae69506bbd6dd3b230bb1b203a6d525ff2adb21877e64ec9899de946eb5bd07fb1efcdaa874150d4bd432a4654c2be55c721a4e473879a4e7d01f3e4bad60ab5fc8cf414f444ea157feba728157a8f07c07a1bd50525e41587c588020032d472d69d3a436c8bf690d5da0700cf187c3b8fa1ccbf542488673d5ac27ae1c000b84a6a22efd4816f3616df704db84315025a4d64bc14325cb550c0c0f3914fd3247d9af91418978b49e037c43e93f09ba0767dff367bfa7ea19c5a0cd7a09c1f243c871ed0d6c5c8aa06e44775dfb9f7345d51489406c157aa85cc78b0be875dc799b78f7f7d2a20d5c9ccdc0c91f8896347929bbbb4406cacfbdf7b0be952238ef45f909a887e453cc3b91d0069cef1356fd9de0761673cbedc48b9c195a3586918ad54c22c588e414050927b519f2d0e9eeebf0cf6d1bb3155195946f2bc164e3cbaafc2344b6a56ff9dba67682328b8ae59cfde56752669ec1c1734d04299f1c1c187a4ef7955289b6449bb9ba734ae575997e6709056aadc47187f2eafc590f7b6f602f29f7fb2d797103c9d53f04e4ed79c74ec9f0cbe892cdf3942fbed699cfa75bd39897f087c77f99c51723fb6b088753e76bd6bfd3d3863eca7273e9a3924626bb770eb1e266369fc95a199e9d7e270bd9cbc52ae270030c9932c83dc2de8231605db0228db56aaab40000000f52ea7de6d7976898078541b5079ffcfe24175a5adc9d5bf36f3775d673d44cbb7db6a144ca0ed2309d09cdd9865b660ad223d794f7433c6ba8304cb3f9b37bc setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\00180012A1473AD1 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb010000006c8a52a63ed35a4089d082fb0820d6b4000000000200000000001066000000010000200000007e14553fb4b6eecc41bc5fbc6d0c0e975bc90dc9b5ee815bd800ae585d701110000000000e80000000020000200000004085506b437a8a04ce755e9c94efb5c220ebe907d750bb6614e242ee4a522208800000003589cb4456f2f86dd78a2fc174dbfc576f7582c552a4d86aea8aac19c851cbed143bdfc67eee59e5baa7e9707d68fc8a40da80f26ae8752388318d5f2f0c7fd25adf7ddfea6fe7a5f91bc6c582e470e7cd12024999b6aa379cfa7a3e235a74017264f44af7aa6ac164164ddeb6f5de1b2bcf188c95a5b5ffd28bc6fe3b9578e4400000007e879bc9d415ce8dee7b4f33e9175eb6f3ded3255a72c9e8f5006d0490f07c5fbde909a0a0aa652f834e1629aab3bc3ab66e1095f2c710cfdbcca56473d3fa16 setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2" svchost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D svchost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "15" svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "17" svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedgewebview2.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "7" svchost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}\ApplicationFlags = "1" setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings RobloxStudioBeta.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7931E4D-82F7-486C-9FFB-E44AB90B021F} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rbxlx\Roblox.Place\ShellNew RobloxStudioInstaller.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{A6B716CB-028B-404D-B72C-50E153DD68DA} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class" MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" RobloxStudioBeta.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\ = "Microsoft Edge Update Core Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ServiceParameters = "/comsvc" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio-auth RobloxStudioInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\msedgeupdate.dll,-1004" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ELEVATION MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\MicrosoftEdgeUpdateOnDemand.exe\"" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} MicrosoftEdgeUpdate.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 434756.crdownload:SmartScreen msedge.exe -
Suspicious behavior: AddClipboardFormatListener 8 IoCs
pid Process 1156 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5724 RobloxStudioBeta.exe 4852 RobloxStudioBeta.exe 1316 RobloxStudioBeta.exe 5088 RobloxStudioBeta.exe 5644 RobloxStudioBeta.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2704 msedge.exe 2704 msedge.exe 2848 msedge.exe 2848 msedge.exe 4520 identity_helper.exe 4520 identity_helper.exe 748 msedge.exe 748 msedge.exe 3524 msedge.exe 2988 msedge.exe 2988 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 2104 msedge.exe 2104 msedge.exe 1940 RobloxStudioInstaller.exe 1940 RobloxStudioInstaller.exe 1692 MicrosoftEdgeUpdate.exe 1692 MicrosoftEdgeUpdate.exe 1692 MicrosoftEdgeUpdate.exe 1692 MicrosoftEdgeUpdate.exe 1692 MicrosoftEdgeUpdate.exe 1692 MicrosoftEdgeUpdate.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe -
Suspicious behavior: GetForegroundWindowSpam 8 IoCs
pid Process 1156 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5724 RobloxStudioBeta.exe 4852 RobloxStudioBeta.exe 1316 RobloxStudioBeta.exe 5088 RobloxStudioBeta.exe 5644 RobloxStudioBeta.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
pid Process 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 3040 msedgewebview2.exe 3040 msedgewebview2.exe 3040 msedgewebview2.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeDebugPrivilege 1692 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 1692 MicrosoftEdgeUpdate.exe Token: 33 972 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 972 AUDIODG.EXE Token: SeDebugPrivilege 4352 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 5028 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 4244 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 4932 MicrosoftEdgeUpdate.exe Token: 33 1956 setup.exe Token: SeIncBasePriorityPrivilege 1956 setup.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious use of SetWindowsHookEx 44 IoCs
pid Process 1156 RobloxStudioBeta.exe 5532 OpenWith.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 1156 RobloxStudioBeta.exe 2632 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5768 OpenWith.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5724 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 5060 RobloxStudioBeta.exe 4852 RobloxStudioBeta.exe 5644 OpenWith.exe 1316 RobloxStudioBeta.exe 1316 RobloxStudioBeta.exe 1316 RobloxStudioBeta.exe 1316 RobloxStudioBeta.exe 5088 RobloxStudioBeta.exe 5088 RobloxStudioBeta.exe 5088 RobloxStudioBeta.exe 5088 RobloxStudioBeta.exe 5644 RobloxStudioBeta.exe 5644 RobloxStudioBeta.exe 5644 RobloxStudioBeta.exe 5644 RobloxStudioBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2816 2848 msedge.exe 82 PID 2848 wrote to memory of 2816 2848 msedge.exe 82 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 5056 2848 msedge.exe 83 PID 2848 wrote to memory of 2704 2848 msedge.exe 84 PID 2848 wrote to memory of 2704 2848 msedge.exe 84 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 PID 2848 wrote to memory of 5108 2848 msedge.exe 85 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection msedgewebview2.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffba3c646f8,0x7ffba3c64708,0x7ffba3c647182⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5008 /prefetch:82⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3368 /prefetch:82⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:12⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1152 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7016 /prefetch:82⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2104
-
-
C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1940 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4372 -
C:\Program Files (x86)\Microsoft\Temp\EU939.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU939.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1692 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:516
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4680 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2288
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3304
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4728
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTJDNTE1NDItOTBFMi00MDUwLUIyQzAtMjU0OUE4RDVGN0M0fSIgdXNlcmlkPSJ7NDM1NjQ0RjEtRkQ0Qi00N0Q2LThCQTAtRDczRkQwMzQwOUM1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntENUUxQjkwNS0xNDZGLTRFRTgtOEJCQS1DN0FGMDQ5RjdDNDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Mzg0OTQ2ODEwIiBpbnN0YWxsX3RpbWVfbXM9IjEwMTkiLz48L2FwcD48L3JlcXVlc3Q-5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3932
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{A2C51542-90E2-4050-B2C0-2549A8D5F7C4}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3752
-
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1156 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163038Z_Studio_48B02_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163038Z_Studio_48B02_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163038Z_Studio_48B02_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163038Z_Studio_48B02_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163038Z_Studio_48B02_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163038Z_Studio_48B02_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=1157413343404184229 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x414,0x418,0x41c,0x3ec,0x420,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1584⤵
- Executes dropped EXE
- Loads dropped DLL
PID:216
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --mojo-named-platform-channel-pipe=1156.3548.134104601184335250974⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- System policy modification
PID:3040 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.86 --initial-client-data=0x178,0x17c,0x180,0x134,0x188,0x7ffb8ca36070,0x7ffb8ca3607c,0x7ffb8ca360885⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2176
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1764,i,5753645170116238498,17325044338820513008,262144 --variations-seed-version --mojo-platform-channel-handle=1752 /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1468
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2052,i,5753645170116238498,17325044338820513008,262144 --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:35⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5052
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2304,i,5753645170116238498,17325044338820513008,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1140
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3600,i,5753645170116238498,17325044338820513008,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3776
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4208,i,5753645170116238498,17325044338820513008,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5416
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.86\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 653, 0, 6530693" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4424,i,5753645170116238498,17325044338820513008,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5800
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:/Program Files (x86)/Roblox/Versions/version-a35d937606da489c/RobloxStudioBeta.exe" -task EditFile -localPlaceFile "C:/Users/Admin/Downloads/conn.rbxl" -userid 7660471085 -parentPid 1156 -parentSessionGuid 28486E58-E830-400E-91A2-A129EBACE6554⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2632 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163158Z_Studio_2B8E1_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163158Z_Studio_2B8E1_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163158Z_Studio_2B8E1_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163158Z_Studio_2B8E1_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163158Z_Studio_2B8E1_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163158Z_Studio_2B8E1_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=7686778338087282605 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x414,0x418,0x41c,0x3ec,0x448,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1585⤵
- Executes dropped EXE
PID:5992
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1733502754974+avatar+browsertrackerid:1733502387327001+robloxLocale:en-US+gameLocale:en-US+channel:zflag+browser:edge+userId:7660471085+distributorType:Global+launchmode:edit+task:Default2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5060 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163237Z_Studio_A5DFA_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163237Z_Studio_A5DFA_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163237Z_Studio_A5DFA_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163237Z_Studio_A5DFA_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163237Z_Studio_A5DFA_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163237Z_Studio_A5DFA_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=3971526130629754669 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x3f4,0x3f8,0x3fc,0x3d4,0x404,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1583⤵
- Executes dropped EXE
PID:1776
-
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:/Program Files (x86)/Roblox/Versions/version-a35d937606da489c/RobloxStudioBeta.exe" -task EditFile -localPlaceFile "C:/Users/Admin/Downloads/conn.rbxl" -userid 7660471085 -parentPid 5060 -parentSessionGuid 94526515-B251-4D05-85B7-502FEF6B22AC3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5724 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163307Z_Studio_2EB44_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163307Z_Studio_2EB44_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163307Z_Studio_2EB44_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163307Z_Studio_2EB44_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163307Z_Studio_2EB44_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163307Z_Studio_2EB44_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=4924147654982215820 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x3ec,0x3f0,0x3f4,0x3c8,0x404,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1584⤵
- Executes dropped EXE
PID:4468
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:12⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:12⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11141576099546668870,2175699739370790901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:3080
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:760
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1684
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2256 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTJDNTE1NDItOTBFMi00MDUwLUIyQzAtMjU0OUE4RDVGN0M0fSIgdXNlcmlkPSJ7NDM1NjQ0RjEtRkQ0Qi00N0Q2LThCQTAtRDczRkQwMzQwOUM1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswMjVENUY2Mi0wMTc4LTRGRkMtOUIxNi0wNkVBNTE0QUUwNDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzOTIwNzY3MjMiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2724
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\MicrosoftEdge_X64_131.0.2903.86.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:2896 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\EDGEMITMP_4B101.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\EDGEMITMP_4B101.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Checks computer location settings
- Executes dropped EXE
PID:516 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\EDGEMITMP_4B101.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\EDGEMITMP_4B101.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F514AB2-02A9-45CF-8365-0EA86E526F3E}\EDGEMITMP_4B101.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6ba432918,0x7ff6ba432924,0x7ff6ba4329304⤵
- Executes dropped EXE
PID:2284
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTJDNTE1NDItOTBFMi00MDUwLUIyQzAtMjU0OUE4RDVGN0M0fSIgdXNlcmlkPSJ7NDM1NjQ0RjEtRkQ0Qi00N0Q2LThCQTAtRDczRkQwMzQwOUM1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNkFEREIzMy1GMjYxLTREQjctOEEzNy1ENTk2OTFFNDIzNDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy44NiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQwMTk5Njk4MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0MDIwNTY1NjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzUwMjE2NTAxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wOTcwNWViMi0xY2Y0LTQ2YmYtYmQxMi04MTA5YjMwYzMyMjc_UDE9MTczNDEwNzMzNyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1jcllWekRwbTklMmZESjJ2YjVraEM1a1dBSlliZHlobmJsNFJIODI3enBDekY0V0NSMmlDZ3hTSExrOEptNGd6QzRqYUJVUkpEdnRxakRzbEk5dll2NmNBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2Njc2NDA4IiB0b3RhbD0iMTc2Njc2NDA4IiBkb3dubG9hZF90aW1lX21zPSIyODA0NiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3NTAzMzY1NzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzY1MzE2NzMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDAwMTc2NTk2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDIwIiBkb3dubG9hZF90aW1lX21zPSIzNDgxNyIgZG93bmxvYWRlZD0iMTc2Njc2NDA4IiB0b3RhbD0iMTc2Njc2NDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MzQ4MCIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2512
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c8 0x1501⤵
- Suspicious use of AdjustPrivilegeToken
PID:972
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵
- Network Service Discovery
PID:3776
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5532
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:1856
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:5792
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:1760
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵
- Network Service Discovery
PID:4084
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:5152
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵
- Network Service Discovery
PID:1976
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5768
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3500
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:5104
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:3792
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4352
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5028 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{13BAAED3-4CFB-406B-A707-E97913BBEB0B}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{13BAAED3-4CFB-406B-A707-E97913BBEB0B}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{AC10A063-7485-400A-BD60-ACA41674CDB2}"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1044 -
C:\Program Files (x86)\Microsoft\Temp\EUF115.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUF115.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{AC10A063-7485-400A-BD60-ACA41674CDB2}"3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4244 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5840
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5164 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
PID:400
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
PID:4732
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
PID:3524
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUMxMEEwNjMtNzQ4NS00MDBBLUJENjAtQUNBNDE2NzRDREIyfSIgdXNlcmlkPSJ7NDM1NjQ0RjEtRkQ0Qi00N0Q2LThCQTAtRDczRkQwMzQwOUM1fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QUJCOUVDNjItM0IyOC00Mjc2LTk0ODQtQUJDQjgxMzE4OEFBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzMzNTAyNTM1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5Nzc1NTM3NjgzIi8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5032
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUMxMEEwNjMtNzQ4NS00MDBBLUJENjAtQUNBNDE2NzRDREIyfSIgdXNlcmlkPSJ7NDM1NjQ0RjEtRkQ0Qi00N0Q2LThCQTAtRDczRkQwMzQwOUM1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGRkU0MkE2Ni05OUQxLTQwODEtQkY3NS1GQzA4NkUxODNCQ0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDU5MDU0MTQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk0NTk3MjQxMzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MzI1OTA5NjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDEwNzY0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hJTJiOW5iJTJieGNvc2U1SDklMmI3UjRwemZVV0JxUzJTUUNMTDVIMUowVSUyZlZVd0olMmYwUkhUOWFGNk03a0JxajhMOEJGTyUyYkJXTXUzSEFTaCUyZkJoM3NOdWJEMU1BJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjYzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ1Mzg2Mzg1IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTMyNjEwOTc1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDEwNzY0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hJTJiOW5iJTJieGNvc2U1SDklMmI3UjRwemZVV0JxUzJTUUNMTDVIMUowVSUyZlZVd0olMmYwUkhUOWFGNk03a0JxajhMOEJGTyUyYkJXTXUzSEFTaCUyZkJoM3NOdWJEMU1BJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9Ii0xIiBkb3dubG9hZF90aW1lX21zPSI3NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTMyNjIxMTE5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDEwNzY0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hJTJiOW5iJTJieGNvc2U1SDklMmI3UjRwemZVV0JxUzJTUUNMTDVIMUowVSUyZlZVd0olMmYwUkhUOWFGNk03a0JxajhMOEJGTyUyYkJXTXUzSEFTaCUyZkJoM3NOdWJEMU1BJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iOTIuMTIyLjE2Ni4xNiIgY2RuX2NpZD0iMiIgY2RuX2NjYz0iRlIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjUzMzI4IiB0b3RhbD0iMTY1MzMyOCIgZG93bmxvYWRfdGltZV9tcz0iNjQ0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MzI2NDExMTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUzODE4NjgzNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzc5NzU5Njc5ODM1MjkwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjg2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NTQ1IiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Nzk3NjI0NTM4MzI3ODAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezg1MkRDNzMwLUZDNkUtNDUyRS1BQjdGLTAzMDIxODA4N0FDQ30iLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:6068
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:6092
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:5988
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵PID:5764
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\conn.rbxl"1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4852 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163527Z_Studio_66DCA_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163527Z_Studio_66DCA_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163527Z_Studio_66DCA_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163527Z_Studio_66DCA_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163527Z_Studio_66DCA_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163527Z_Studio_66DCA_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=5124664553968417338 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x414,0x418,0x41c,0x3ec,0x420,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1582⤵
- Executes dropped EXE
PID:4244
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5644
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:6028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc9ea0f61h7c8ah4390h81a2h3d413c9a60a11⤵PID:5616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffba3c646f8,0x7ffba3c64708,0x7ffba3c647182⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2120566456239635631,5890424312841600993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2120566456239635631,5890424312841600993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵PID:4616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2484
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:4172
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
PID:2612
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\conn.rbxl"1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1316 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163615Z_Studio_FC0F1_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163615Z_Studio_FC0F1_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163615Z_Studio_FC0F1_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163615Z_Studio_FC0F1_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163615Z_Studio_FC0F1_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163615Z_Studio_FC0F1_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=7282990374670860047 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x3f4,0x3f8,0x3fc,0x3d0,0x408,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1582⤵
- Executes dropped EXE
PID:4168
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3716
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\f41c85a44ff149de9f8753a71f7c2596 /t 5672 /p 13161⤵PID:6084
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\conn.rbxl"1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5088 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163819Z_Studio_7C33F_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163819Z_Studio_7C33F_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163819Z_Studio_7C33F_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163819Z_Studio_7C33F_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163819Z_Studio_7C33F_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163819Z_Studio_7C33F_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=5497783072456035309 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x3b0,0x3b8,0x3b4,0x3dc,0x430,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1582⤵
- Executes dropped EXE
PID:532
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4100
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\conn.rbxl"1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5644 -
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.653.0.6530693_20241206T163837Z_Studio_40AF4_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.653.0.6530693_20241206T163837Z_Studio_40AF4_last.log --attachment=attachment_log_0.653.0.6530693_20241206T163837Z_Studio_40AF4_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163837Z_Studio_40AF4_csg3.log --attachment=attachment_log_0.653.0.6530693_20241206T163837Z_Studio_40AF4_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.653.0.6530693_20241206T163837Z_Studio_40AF4_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.653.0.6530693 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=4cf7a0e6567fe10cb70ce4159a4ad9d496c6c4d8 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.653.0.6530693 --annotation=UniqueId=9082888165369139315 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.653.0.6530693 --annotation=host_arch=x86_64 --initial-client-data=0x3f4,0x3f8,0x3fc,0x3d0,0x404,0x7ff6fef2d128,0x7ff6fef2d140,0x7ff6fef2d1582⤵
- Executes dropped EXE
PID:4976
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4932
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4116 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEM3NjFGQjYtRUY4Ri00REYzLUExNUYtQkExRDdBMTE2MDA1fSIgdXNlcmlkPSJ7NDM1NjQ0RjEtRkQ0Qi00N0Q2LThCQTAtRDczRkQwMzQwOUM1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REVFMUExNEMtMzVBQS00ODk4LTlGRkYtMDcxMEU1MjkxNEIxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2NCWUVZWDg3MXRzR3VLSmFvNjNYalV0NXZKRTlYeENUbkU3SDBQZ1VqS0U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI2MCIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNDQwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjYxMTAzOTYwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMxMjc2ODcyMDEiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2032
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\MicrosoftEdge_X64_131.0.2903.70.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\MicrosoftEdge_X64_131.0.2903.70.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Executes dropped EXE
PID:4768 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\EDGEMITMP_6B376.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\EDGEMITMP_6B376.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\MicrosoftEdge_X64_131.0.2903.70.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1956 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\EDGEMITMP_6B376.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\EDGEMITMP_6B376.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DC822D4-0C8F-4BE6-8891-D541AD2B1BF4}\EDGEMITMP_6B376.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.70 --initial-client-data=0x200,0x20c,0x204,0x22c,0x230,0x7ff6fc402918,0x7ff6fc402924,0x7ff6fc4029304⤵
- Executes dropped EXE
- Checks system information in the registry
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:448
-
-
-
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\80f72e64f44241c5bdec236804fd1d5f /t 5656 /p 56441⤵PID:4976
Network
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
6System Information Discovery
7System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD569221ee7ef83d7eb340857b5833eea14
SHA1d7f27c64b62eefe2c204a323cc812fa56f58ce1e
SHA256ad14d7268ee8a9c3c89e7cf62a8a9b713c9f37069fe85b3f8fe525dcda8cdfc9
SHA5128df73f03d7438082b9e8793f5346a7385c91139d879703dd8c32acfdacb200c18231a5a9cedd7836c892ebb7a8888857c68653728b9027ca1f483a1751fbe2e3
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
30KB
MD5aab01f0d7bdc51b190f27ce58701c1da
SHA11a21aabab0875651efd974100a81cda52c462997
SHA256061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA5125edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e
-
Filesize
30KB
MD5ac275b6e825c3bd87d96b52eac36c0f6
SHA129e537d81f5d997285b62cd2efea088c3284d18f
SHA256223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679
-
Filesize
27KB
MD5d749e093f263244d276b6ffcf4ef4b42
SHA169f024c769632cdbb019943552bac5281d4cbe05
SHA256fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA51248d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
29KB
MD528fefc59008ef0325682a0611f8dba70
SHA1f528803c731c11d8d92c5660cb4125c26bb75265
SHA25655a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA5122ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed
-
Filesize
28KB
MD59db7f66f9dc417ebba021bc45af5d34b
SHA16815318b05019f521d65f6046cf340ad88e40971
SHA256e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952
-
Filesize
28KB
MD5b78cba3088ecdc571412955742ea560b
SHA1bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA51204c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf
-
Filesize
28KB
MD5a7e1f4f482522a647311735699bec186
SHA13b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA51222131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57
-
Filesize
27KB
MD5cbe3454843ce2f36201460e316af1404
SHA10883394c28cb60be8276cb690496318fcabea424
SHA256c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73
-
Filesize
28KB
MD5d45f2d476ed78fa3e30f16e11c1c61ea
SHA18c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA5122a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b
-
C:\Program Files (x86)\Roblox\Versions\version-a35d937606da489c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
280B
MD5342e9a60b635a099f71995647c3a99c3
SHA1cc596bc052476192994feb2231cdb12204ba0e77
SHA2563b87542c50676f1384282301bc7e5bf8f4c1e4c178e19792b6b5248c52efff6d
SHA512139fd913de45e1b752599973b2589a777859520a1c554afb2535d2eeb60acf5a0e37883cdb032261cae47dacf692e0301f77bd615038d8024a2274c480eb99e3
-
Filesize
79KB
MD5bdfaa2bd1729cec82c6e787e3de29022
SHA1c2acccf10954cd3cae27f68a8db03c4e9ea406b5
SHA2567a2c3967b1b39033dd24bd012e0b3ea5731c824312a06882064bf6efd9401b68
SHA51236757b1cb3d1054de478c4f29eb9e758dd9bbf37402e90d9eda93f03141e9efed641e5b7b4c6ceb15150c87d4fa5c6436505ddca7d40d1d21765005c9dae01c5
-
Filesize
150B
MD5d7644b9caeff490beadf1079536a3726
SHA18f1cc3dde998f44e036a797042c65fa2fd2db254
SHA256d5c4dca89c97d5bc01ca64786ae6c25860f3163c1063d264d13451e2cc56beb0
SHA5128ebdf2e0a32ce7da39acd9f74b2e58d79c39a958d8141cd836eb10c089a7c16de5bbe17062983b4b485fee8054a2c6af4d34a7b54a9d6cac410d64d940e877aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6dd14400-49fa-40e8-8693-18858833d007.dmp
Filesize398KB
MD58cc8b65894010a0f080fc1b3794add55
SHA12cfe78d5120be228e32c014647f4f19d6535c323
SHA2560098847fd5d69ede3d16232b25836fd69a07a18a9c5897406628f25d1ef2ecce
SHA51230dff11b4f009afda3a78eddbda82cacbee7b4e8fc1c7cb1b6b77b844b3a2fb7a2f70defc138984cac70800ffd7b78e93e0db27829ae8343cb439728e4ae138b
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD51d47f91d242790b807f79cc0cf544953
SHA1e68b2e9fd254c480c57476b6a45cdf31cf224be9
SHA2565631726ec9cdcd408a3c898fd65c3291459d89da443a57f698ec4e6b1e90d498
SHA512a6c03fe3151734bb0d54bb38078bfed211778726e48ea76253733dfb52f60b86fcd020daa1897c38e3f64a48941e0e12dcb9f444cfaf44378ccef5fcaffda2f7
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
Filesize
103KB
MD58dff9fa1c024d95a15d60ab639395548
SHA19a2eb2a8704f481004cfc0e16885a70036d846d0
SHA256bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb
SHA51223dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5cda182e641153b6e809c83eeb3930a1b
SHA1dbf47093a7b744471e64149dc73ce589a677c86a
SHA2561e37a044dee9c93bd6b8579a47ef81cd446939c812497b1c725574c873782adc
SHA51288c0e35f8b897024266755c4f0aa39118be29b47a6def62e1e4722773fba699ab4c32f377587842f13c617ad3f7476527a077bef6715eb077ddd0b9515bd07e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD523a47e2258f7db72c17598d8a2f2ceff
SHA19ad21f7ca55a2131bc9bf2b486a6aa06120c9af7
SHA2561c658d5487f540da24559dfee3295b082178e3ff418c7b6d7e951a4fb315f011
SHA512c6344850ef3cd3f27ddb565699d0be8cb0b6eb6933938788ebdd7383f8a6b4d65088966748df010f8f108d5e4fa6b37e730d3f7d97b9b5944fa7753f17e31c2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5680d802c2e5f6646c486aa8752c304e3
SHA151364364b455534d8054bb2ac6f8538adc50c044
SHA256833c8eb65a9b64b70868a3de5e8f7de1f07a5e3191d2bf6fa218a1c5634a6cc0
SHA512e1b340c706b1058a7a6840e2f04d8d7acda190add5c9ef6496648d8e6f2597af3a6454f208d50f430e3b0ea60c5219b263a4fbbedac714620cf449ec01ec77a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD51b120ce34ba169e176d680e1ef2411a3
SHA168f4fae4804f30ddc31f718d21e0e706a5d2df8d
SHA256aebc3c43195ae717edf2cbaec1d32d6c6b8e288fb806296336b01e92bb152cd8
SHA512fc3485a25df61622e930f1e1208da2a2fd06c5e4257e0f754e26c3d1f0472902473a8079a22e9aeb8f962ef42201c89a418b6317f22607284309ed32fd91a5c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize389B
MD5f982146a88e19ce8d209b4d24dc07e7c
SHA1bb044e7a13dfe6d557209ead74aa881f9b2fa9ee
SHA256cb1e1e6c24d42d3492af28e11a1371253eef6a2be90374d4fface35d520f86e4
SHA512602015cbb2af16effd45dde9caa2f102f18fcddc22276dac03e5d50f90a8d7440e3ec6f08e19cb1f25c35160eeb52aae941c1a8228efcf9dc6274de98fef3df7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5be943.TMP
Filesize673B
MD5f7522210b954735b6ccc42102023807a
SHA1212bf7907b0149c0b5185da534c1a2b7f810dca6
SHA2560b29354d88827c53a1020d6d73501ef983ccd7b88911ac1ac00856768e69ecee
SHA512573cdacccc8ee01182333ddd539ab199bbf1d058fc9360d3e8fbd6482e4c202d9a1b23acb43e584b8aa7893e8e6e792f90d7043e0edb3e92f5a8403807b04842
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize100B
MD5071600d6a61ee6e5b729f21154cac173
SHA121fdc0361442781b7a4ff96b934fa67e7b188183
SHA256bee6a3365e334a249d9ea3af13c4f66b567b70056430af06bcade951d51e9122
SHA512c7b9b3124846fb46e0bc8a7df2b37c85ef022f6f5b359adce79a27da78d4da8519b3bbed5b308356959dede6f81ef2d7dc7b23d8704615d36094239b48da5bd5
-
Filesize
4KB
MD5ed7a2a8290576611341d4a351c4a2997
SHA10b18f49989ec32e2374fdf419bd8e31462b64441
SHA256e2e064ef9591589a290a8788444df10c8b986b4ac221e64649e31500a48aa70a
SHA5128a12ca53351982036ebf7bae8a70f0fbc78d32e6fb12dad368440d4b382729146b4ecc76ab4d1077f16a70bfb6ec864f87c1abd543ec33f13cb37919a64894a8
-
Filesize
6KB
MD55a6ffa2118a185012191080303f569ea
SHA1021d899c5e4b0c6c1d2cc3bfe955ff99739f60b2
SHA2568da01cb282dc7564440a4204f2aa5bcdd4172fd516a52741f4ee24b709d7670c
SHA5129232b0cacb8f053089c1a73ffff7f0348a11d54b437532e43b2685d241bbbffbc663211d40e9e0ee7b4b0f269dec625feae86432f1499f7d3ea63fac8b8b8ef0
-
Filesize
6KB
MD566d18f208b44b00698915658c26e414b
SHA152aef6322195bfb5b95b6c787cd78e89eb2cb78d
SHA2568acce4e3f04dbad6552360323bcd84f1d6c47a6a9bc25bda0a68d72f2d75a177
SHA512d3eb9bef531e427c55f1bea1ddacb6fa00df250df96caa6f057467bc84827411a3c47c8d9437527b953b680ded96143a32878f519d4602c168c0b7ba89cebfd1
-
Filesize
7KB
MD56e58c898b573188a1638021dd8a8fd2f
SHA1d7d2ab7ca38fe1dc78d49bcc9547f3cf4a06d296
SHA2569e252945ea94a58ea263a227d7f106fbc6db43e697bebe22b3e69a0463727970
SHA512a1a12d16231f538759a320b0560d7d4b1ec513b3a638e43491906852e7402926b366053326d9dded10b38781383a23dac71f1de8c18600f53b706e89830e8791
-
Filesize
7KB
MD5e4ae123ff1d1002459e209a3f3f1a950
SHA1cec96682287cccb33bf40079e13aea8e84ef5bea
SHA256cc6da194bff22c657de9bd1d142e377122855e843dc1f0a933f154c3cbd6900c
SHA5120b209044600bc333632c7ec2ca055933e73f787a67b19cb4dc5e21deedf1a7b99bb5257fcc67605092c79d4606eb3210b113532755927270a232ee1991dbf633
-
Filesize
6KB
MD506c95c50466d5b532af8f300636282d6
SHA1d3d443aa378f5ffd66bc99f8662be41403f5fccf
SHA256655408547cb6140f6d951092e7a31a3ecf949d1e79f28ae69a89b7c0c048970c
SHA5128cc216b0b9234794a6e72310feb02f925c65e4f039bfbfceeb936667708d99f75dab9bfbe6a114517e0663e8035f4a6a3aea704230d9895fc14f90439a528e9c
-
Filesize
7KB
MD5e449e372ee03df8f5cb06f6783437bbe
SHA1f8f318e0fab400ceb8d619a8f50691db7c606601
SHA2561f154daf7ae47d86dfda62cb19b258c79ac291e8ade88d61f014fdb3ad1402d1
SHA5121325ab3f64812a37e7627e86b095f1e624beea08e58e317fb9c4fb88b43d9b3a6cf1cbdb1fdef9e405ed74786f72608ec39a313d566774be5f6062030e642180
-
Filesize
7KB
MD585784e67df1b3ede6e62bf30bc41f3c6
SHA1712e88950eb75dacb7cfd6e227301b2036b7d460
SHA25654b3b18c47259dcd418ae39109b363cd524f9fae0f4461c5efa372187ec19e82
SHA51280309f7ac571aa9b587d7da110ba697aeedd7fa3010baa7b316314d21169f0a061646e3aafc054bd97f8c70f984bd31e3ceb8f4676345c98f43d3494af603c57
-
Filesize
5KB
MD557ef57f7a5157490b31f2e14dc689847
SHA19ac626ba01abb018046ff0bd3fe7e4badb5e6228
SHA2561db181b8e495032335fd434d02135b31b5d84efb9b5a12129fe10e6923e3ec96
SHA51221334ceccc5a4d39b7685f99e50fc37fab0e31179785d9bac4fc0a09064e393f86c13a8801506631808863691bf988e1a4beccab145f0302c4345fb87d8f004a
-
Filesize
7KB
MD5b6f469dade266d5841285bf355dda723
SHA1e7977b331533e93b2593ab497affea0635a65d72
SHA256aee2a5e4fe90ab6969337bbbcff9207692fcbd1e9f811b65d6507d39b83086e1
SHA5124747edfd86ec94a3f4c4fbaefc42cded532fc0ce7433517300aeeffceea5a4cd007db47a469e75dd1f171d96e8add3d1b862bc12ca8af8eee6c1f0f3b74f12df
-
Filesize
7KB
MD5b9c1ea3efca13aa84a1d39a1096c9f1d
SHA14f885a9c9d7f5dd3cfcc739f0d82e95f7996fb1d
SHA2567aca07f098a86cf850baf281ad1ffec834fb52abd42276e66f3f45c300a831f0
SHA512721c68364fd0df04740120e91a708086a2ca342680eabedf6db68c73ce46c6773c974f2907d7576d83422e36960b139a72f7a2413f128c8f37246702710cb394
-
Filesize
5KB
MD5edfa293a0bf56abf388a85a575a03bcc
SHA18f8d6c6ee8e1413de036ef450f0c4f1dec63d0e5
SHA256d8789f185f6a38a81949b6f172dc6ebdc692ef8c4eff82f4a0ad1e39d9914ac7
SHA512cf64deaa0c0cd8c6206a3d1ab9af24fdb5bfc2200e4bbfccdb4c4710a1b9a5db3c8b3b483715f9a4ff3eee2f53496155da8cfdc4a027824f1a28ee18854397ae
-
Filesize
5KB
MD569f71397b3d5a7a64c8bef039d3d899d
SHA1a67ab49171559f717b2fa0cc8d016514b41f9095
SHA2565f016c015c0cca13cf8ede31d756948d954ce90e5921b1045bf13c62e2525a4b
SHA51221abdb6e7a359652db0b8dcbe8bad8221d3e932775d8ac7e2477e8a2df09fef935ce0934cde73474478dd42cc800335f724fcd04e285ce178ba6e919098db76d
-
Filesize
5KB
MD55eb676d5bf7c1e63f8f2c6f05eaf82fb
SHA1aef9db4d88996aa073f4f26b8d25e28b6cdcb25e
SHA25658c229e2bba89cbdd6b0f13f5191e11fea087c751b050d3f4737ca68e5e8f384
SHA512fccad58696d061c6a7d97ff7bdee1664e23b4a7808cc05507f748d7d382fb6d8527f0b7b6cb31a6b1d933451b3723fcc02b1cda06e69f47c7895abd6db8bf1e1
-
Filesize
5KB
MD5afa6c09b86415d01c85630a4cb268906
SHA14550114434fe94032fd3497cfab60e1e8cac1a8f
SHA256cd516260880fe79b7a128b7151d8bc40b77a4ed6a25b6bb24e1f49d712f478c0
SHA512ff3b6bb03211bdd33a50c0b35e04671efb9c3d06702a5dcd3a4a76d090b93300d321b16d3700457cc87903c2a9834252505712295a769c39f1c005c49e854181
-
Filesize
5KB
MD5a903a695d6e665cace56f353592010b5
SHA11aebc33b1c08f20b63a9e536e865e86fda5923fa
SHA256479d722460b24b0e3f9552cb02991b6d82ff154c09e38b1de2b6e0355066b66a
SHA512eda60cee57d53e082e109dbc5ae7564db28133b9d1a6395d08684753662a4c2cf1f4490ff2270a59fc422e5ca4be5744c0ac409efd98b595a289374fad065241
-
Filesize
5KB
MD50e3078a43076f71b5c543b706f5028e4
SHA1281ff15e4d7246d1a10bd32f4dbe267beb6f17d9
SHA256a63d66e34318520ea23eb285c7a29e5bf4aa1aa30c27787db59df5595fff3f6c
SHA5120612a8bb077dbea7ec476603641c19b000f6734d206294d67e834b9fb57396e16eae0b0a3af794352d778248614bcf69fce9d6201a9fe97a0b9f900a8471490b
-
Filesize
5KB
MD5d46e4c4b5fa8b969ca1f0523b10ae4ee
SHA12c786518226fb3f93466c995a06d10e3e7532b8f
SHA2568596bce8938829767b508ab2d2959626c557822455dd59cf1d5495c455f100ad
SHA512111dceaef234d8fb6043392e8b7c28f4fe868b762f0d41ca3fbea98bee5752298b37411ed9078d8bd2af4b96011b728cc25142ebe8171c33c46419355d67bebe
-
Filesize
5KB
MD5e0b632fe56a2c74392a8b95207984abc
SHA1391a16b5f5e14931dd13a53292d3c53073c0738c
SHA256684a75ae9f3e8a4bb22b31d1858b3b17f44ce44f661bcaa0fb06b8f1ca32b7ea
SHA5126498185e5a90df4709b1dc5d790f7e297d1136a404f3b2c618b51b93cabad70420cb36a93c8a78c322c8895dd3c91812d12d77ae2117bb816f1473010b67a5c7
-
Filesize
2KB
MD5e009a9a878f793f1b5d2b3768b500f8d
SHA19633a6404dee60df26cf2a95fa24bcf0d15339c0
SHA2562d79def9c62794e6c3091bb23045d96752147dc5f7d76dbf5637a461467180a3
SHA5124fe2f48592dc64814e48a2622289d67e8cc4bf1b38058ed6740a685a94f1d94b3e634095999023aff00cd0c9f2cdca102777a38ddd95abf9bac65ea0ff756c50
-
Filesize
5KB
MD5b695f4066e0029e1e17233c93891a618
SHA13a2ec3e4ed55daa483ec84285fa77764ea56f0a6
SHA256249ebabf7c8de002c164814e435c112921f9a32a6bda2e878cb2ecc8285faedd
SHA512ccd2b81c4f2fd21e98a9d477166d657ad85db683d96e507a3fd72fbbb473d332d0974ec41e08208e49d4d8db633d0d5257054f596aa3144a511ba91f5c7341fa
-
Filesize
2KB
MD5b22caa8561c87ee302c4f7d9a372ecb7
SHA15e25a38587f9aea41806647507983a5413b2b178
SHA25652c9eae02edd05da12e4b09c4e36734367c6191f05ac868fc98c6c1e7f5bf4ee
SHA512a083a3a96d2720e503448e137bc740bed50cfc9af33645893dc9b3bae644040116673d49feefe0cfaec438ffb667eda9374e46be5f6ef92b664154a23d9c340b
-
Filesize
5KB
MD53b01dea1e2e2e6573af92397a9813901
SHA18b8b8edf716d21b9a65c2b6a6df461408d2451d0
SHA2568dedb89ae91551a73825b47c3f0aff6642b2f12d9dc10d3d680857dcb261bf6a
SHA5124eea77d08b849c7706bdde8297a63b1b9bce2bfb77f6b6d2a8d3e3a33cb64d08fbd9aa82fc76385699056ac31c22de65dced1b555649624b7f0447a0590d3909
-
Filesize
5KB
MD573f80a38df607adcf223061af7c9a99f
SHA157a7e6fdd311cd9aa8c934e8a500f514782b2763
SHA256f8139b6cbade12231fa48dbcd485bd6504d430ad507a9d6fe899f837d8bbf641
SHA512fa6f5c3d1f7c630c0ad4743f9faacc196926aeeb1ab79fa0ba3051a07a0c7c59d7bd8f38d5e187dd76747c1eca9268652b072213948f19897571effa688362bc
-
Filesize
5KB
MD5611913aab1480f3121251a987acfc3fc
SHA19e9eb1950eddc15a743a0b8dffb4a2e224295661
SHA25628207a8c658e855ef32a7234a3d096f55cebfccb51843b4fca50e041b11c6deb
SHA512a29ceb0b4783e47143bb54ef372a6d8820427e3cfe1090b4b7416308202b32bfa950605118bc2e5cfbaac5ca5934e3075547d56fdf2fece082c37d984b0887c9
-
Filesize
5KB
MD566341ab1e36dc287847f8fea7e059422
SHA16ebfd30fb836a968a801ba997d3ecebcdf5d802b
SHA256ad808e657e7069d506ae938facabaf0b4d7b69a16a15ad07ddb47db292b0637c
SHA51280c3840a3bf8a6d0859ebe2510b500a038e02b5171e6b94b3356e8c5657c97ece5982480aa0ef541c21018e9bf7e50e1ebc62922aa49e58fc19504a95f8edc91
-
Filesize
5KB
MD5a5c83ac5d5146f13fd80853040f91dfc
SHA15ede7cda2912527bb60bbfc5db13f65b05679bcb
SHA256a2ebecb60ee86a8d10cc72329fd895922a09bcbe5e1cf82e1370d4d7c9987c97
SHA5128b4f19ff57e4a31369365dafbf7687ad22d0e8f73c63b213e8165e146837c15fe179d63f141e0a9922b7e337e7cb7744f8c3ccf5ce57296a6f06d9da17f17e17
-
Filesize
5KB
MD5924b4c8ddace4535ff6e6906a28b7e34
SHA1816edd49b097474fb0e8881c00b990ed8e0b77cc
SHA256f00b4f409ff7dd23a642b4c95e9e64b7ba4f729f5153ee29f03ac62ad47c4d1a
SHA51236a9c9a6f87901461c0256cb1106e0e5c487bef6f04db887cee649e1bf2e915c92dc0ff7c8d8157c53390de5d4ad4595f3da32c178031a9b930fc40078baa4c0
-
Filesize
5KB
MD5d4c6a8cc72679df73cd4586915a9fa04
SHA1701fac0d876519e1ebd4d166bd7196c9fd893482
SHA256e368391da5c4393d2a9236375105a6febcdf06280be872a90829329355c800e9
SHA5123b1f0046338dce0732715011fa052cb67f54dbedf4e5261ef6722b00da2c2310de913e6fe102beccef4f894765f13d0b44cd1d84e4078178ad1f82cfd23552e2
-
Filesize
2KB
MD515572cc5f22d2e5064c5659a94f183a9
SHA1b58aaf9c0a7e9d3174b2adf5ea82e796ed3d64ca
SHA256f375b861ea70b8d006af3863e6dad470a45eacd10fbae2ef3b02f2a770dba644
SHA512cb7d0edf99247119131b94302e441b3c513747bd4df1f442897090e6085f51b5ff124a9f7d9e26ae4c1a38fc8533504dca3bbcaf0f5fb9b38793b55731f1a6d8
-
Filesize
5KB
MD56c947793a084ce019301537cf12d668e
SHA187917c023f6a0903f07b1422b632c19a0ca538af
SHA256d23bac623b544eb778e40cbebc103f95a2513dc8d3cdf1da19b994a92c995d89
SHA512f656d49a320209d1f14493b64ac5c0286ddbf49b3547f0e9877e9d3e6909dd3ec8d9ea722d53dc413531399fadb27a109409965ad9d782f0eb704809073b99a2
-
Filesize
5KB
MD5cae700d3fd92d9545fac50dc67a6b7b1
SHA14d983e2a8790faa36efa8e0209f694e29fb9943f
SHA256e463b402a487b8b6c7ab2b2402a4f95e6683ec00d332424c7f0581dbac2a1bf0
SHA5125876810dbcc2b083572696ea2872dff615d502ebeebd37395412edbe8db404fbdd92b17ced1ee297b8466a694089fa20ab39025804c0fe071f918857dfab9f7d
-
Filesize
5KB
MD5c0c3a8be581b6a3299a272f9756abacc
SHA16a5edcc9a6c98c6f7d7bb8faf512ab4b7d5b3b62
SHA25676b8c1ee179b085c6d8d455d969bc340461e812d1dedbe6770f8d99b3a3d1ecf
SHA5124173968e2a8507e29d9a87254085cb071b5907edc74f3b7c14fae5db023da2d8374e237b62aae82bebb126245e123a2e863862c05f1adaaa7a6a43c3b8392a33
-
Filesize
5KB
MD52dd14ac091751807f4d7a1f260ad3433
SHA167da3f4f2a076f676e616898baf5c00d07b50dbf
SHA2565de97d87a76bc7b315c3803076833612d58e1025b2268065ed219eb211c9fc95
SHA512f9d5bf1fa56fc82a73e79e1a7b587a97e4a45ee2407c42fcf14d8683282c5437f4c1bdb113f5c226f2aaa8ffc79a488c1fd02d8d0c50bf8a8f73e8d3420bc294
-
Filesize
2KB
MD5803676e4db36e25beeb9ccd7110987e1
SHA11c39bd09dce59f2b97fc820633cd7930886bb547
SHA256ed662ea78886ee297a0bc80b4ad301eb7f83606f4305427a43d33fd99d29567f
SHA5121c5de897788a1cf76cc15a2f9ecd6f3b60f1002b65fea0bc8d29ce2c8202c0743ad519781ecc31c92a1a6719d97a16e1a29e7395bd55547c42ea1953ad96c3e8
-
Filesize
5KB
MD5180060ed1167f3f5f26db6848983d0b5
SHA1e39ea99716a816305396afa4aedb475ff70f6462
SHA2565480a3a3ae17a34019cf45180ffda8b9b1ecf221ea6e23b32e1e56d7320bf16c
SHA51211044c481276f93066e85621a7158f159f6eefc0273bd52e01c7b6cef99f1a491303b93ef295913574a45154971af4722e5f441fa82457464a122ea30634088d
-
Filesize
5KB
MD5c4d93ffa982455e828cfd0ec0307611e
SHA14397af53d0992da1c87ab4cce30790a778839cd9
SHA256c02df44daa715d7ae1ac652d431a8626be15f33902dc37829605f52d819c0677
SHA512a31840a29f1c16831b7149db7f91cc7916a87355ef54257b1a40d3096bbb08fda63a1e38b48009b2fe1ee3c26a00f324fb2a6a25029a7a23520d9ad76082ee18
-
Filesize
5KB
MD57a9a61acbcf1d4054593d6ac2ae96fcb
SHA1a824d4d7876e737326ba5047604a84e7c411dd3f
SHA2567dc8507e78e1319b47c0ba35a917c648b7e9259564857174db6a20910568e3b0
SHA512ca3f6fdba141e42e40cf53df5bbeed7987e775db53282e5d766bb92a1234f469febd66052af32f7a2fba4a542da34d0873fae23ef107e75cd91a0db1c3d639dd
-
Filesize
5KB
MD5c38ca860bb2033bf0192fdc42bb43303
SHA198a14f51d21bd36f8fb5e4bbd8d2f44e8bc32493
SHA25680c11cc94802e808e0c8eaae3d3dc68869cf236bbd1271eb75c7f96774bd1027
SHA512b7be9f7bbc2978fc70f314ddf83d297d7afb628b4ed5010fec49f470fba1d44fc6da9799f5e674e0388e07b078cfa01d0a7aa145502f393acb4ca314f7824511
-
Filesize
5KB
MD5c456a8309415c7d94b0ca3f9464fcfaf
SHA16ccb94d9ddd9a6cac90e36018fb12ecc20a99ef4
SHA25686df7897155fb4758c6719e3470b38060a06a520402cb3876c5ec2708a7f716a
SHA512486af0b006d1956a76255292c40c3cddaf550ba8625553bfb0ce2602869b6e5892c47e7ea796c0f046e975630296e3ebd36dbafe38158dd03716480c13d3b3a2
-
Filesize
5KB
MD5565f6f0d6de000cd9e67b74a8a4d7656
SHA1b206bd88c433bcaafede0675d79f71d3e2127167
SHA256956a5945a1f676ab1c968d114b245e5a8ce10bae97b595bcfd35b85377910f92
SHA512d7f0ca5fa0a1d7f82b3909b54db53d2b694861c50c8fa8283c458e19d33ddee58ff4b517f54d978785263262abba10f9458aec371f3cb97ad982c06b5eafea28
-
Filesize
2KB
MD56f03408eca857417bb49d097bbe19df9
SHA18fde090e2840f31b729bfb2314fe81b667438d38
SHA256332e96d03f60e8ea11c83a773a018b2535488676ae1c712e332a0a9982e67ca9
SHA512d558f7c6856be5f7393b69ab63b7cc8229b1ff8b97ea2175fc5fe011d60f9aeec382e8626470a97d7892ebd3446f38900d9d7926fed332e8bde021abf44264b6
-
Filesize
5KB
MD56d6d35ede106c19f205bf3937d9eb1df
SHA18767ee1d9a7333920083a47321b3e10333c8a15b
SHA256f8f120e19bc36f99da7bc89695f5f55ce31d80db0565ce4df1439954d380907f
SHA51298bc5d6f5f56aea8e840e973f316aead8ecd388fd80ca657df84b8d43113abbf4317c9ed26dda3b2fa1d25b94a0c4a65f639e22e14a5d05c21c5f49216913732
-
Filesize
5KB
MD582be225d2d9d6bf07d0c9c17067e9a85
SHA1f9606b93e33ee611dd909a4de0a6b32c6b9e2721
SHA2568dc4bd3d9dff66bf46fcefb0f891808d5cb1f86cc884eeefb8eb1d0831b39bee
SHA51229cfba78eb500c6d54da692637300e3a6371888a9f9e055a5d18d80233c055905a3509e68a47eb457d1cdc694a4a558ebf4b6e93a3726c687e96c0f56f99665c
-
Filesize
4KB
MD579baa113b59024518fdd2c15fc4a4890
SHA1ffa80cffa4eba585aa9f9b5baddcf0167e7cd3e3
SHA256ae0d06ac33d47b2632e60d56d450c64fd73c1b158547e84b1b58b0f49aa9889d
SHA512f5e5e9c14a192194f8973fa9bccf19b4622c5d71226c96cfda4b9aea611aec669df70d958d6cef25cc8d9ed2d4528cc41673f968dcd45c0e87d3a47657d70df5
-
Filesize
5KB
MD5fe929e7b37843e2d481ab9fc707fc5dc
SHA1142e88247cdeccc1021727324dbc7605183faea4
SHA2563c1246031ae1e3fe4bfb79e827fca8952ca153b2521151a02f3a38271e41de6b
SHA512770e53b7e4dbdf9087e3845f701a51e59b05696ae70e04ed50e3c5d0472ec60494cba717af45df37bca56811f33683a743a4f6cd3d1722d28728d8e5729be3bf
-
Filesize
5KB
MD54f6e82fa289ccca13091c5ed23d0c4e3
SHA1930db8fde800ed1274d57904ea90714c7b745791
SHA2560a5f001ebc8f0711fe0d83ee4747d2bccac13d3c9ab6f69e55821ffc9f138323
SHA51212920cb00abe18bd4ee8a9468c312ca212b0ccd9f37767bf707c879ef7024c527e504566e7c287965d3071dbb29c707a728000abda3c16961238ec95d852dfd2
-
Filesize
5KB
MD5f37baefe175049d2ca3288f03ea8891d
SHA194f8d7bbf38281aeda76d77d6ff9d7cf879cfcaa
SHA256fac2b0f5e65347092b494cef15ff66d733c78d7988dde216e4cf69b3a60dae7f
SHA5126ca3f06558d4c1618c38cda724d99f18fe48fea1540563a692930a060cf2b8b1ff83127f71bc668a93e7d62abe8c80eac16b9eac4a5590ff7e368a1a130d58f3
-
Filesize
5KB
MD5d002ca1dc06c106a5a61e812c773aafe
SHA1a1821e3ed3bc0521d06b96b66148184feeac97a2
SHA2563a8c451965a2e9567ab98efa8bdacdef6ce4758c0734e65617908178a33a183f
SHA5128950dfb7108bfcd8dce5d63827490fe406e9b9acbf7f1bfdae3cf4770405480df22a8ea23ef06051624c0f09091cf866e96984808540878a75dbdc6acdd37aa7
-
Filesize
5KB
MD52a7674faabc6b93ff8d3b1a85f24a9ac
SHA19b5d26f82154398d161e9342114803f4a3592c1c
SHA256050287e7f4bcc7b4df27192a1bc5a675171ee501dc506f35bc822ec53b814e91
SHA5124ab99ffccdecb08ed8aa54b7279408832b77de3c557d4225e22295e85cb174a6a8895bbfc11fdbc0bc2492d0a9d7c4bc8b1ca1f3f8b42f38cc68e27302605931
-
Filesize
5KB
MD58f8db374b05326467cebc1c8ef122c6d
SHA1e15b4787927f992e033601db153ee949d67ef10d
SHA25624a2126f67cc35e2dbcf6f8f28186e2ab3d55cdde84f9a489ca3012b53e69c57
SHA5125fad1784e707fcf84a7b92ffaedb4ac760fee647045d9f11c29d5b6b0a1cd9c761bdb71ccf9bc9d92108a9c1c97ed093f8d427121720dbae96ea8d77ed0313e7
-
Filesize
5KB
MD5e26135c3f4618d900e9302afc86547a7
SHA18cf3f8ed55517bc865471c052757bbfa95982f72
SHA256e101a6c0d6dc8437b62c24661c981109f697819e8f2e7b6f05cd21690ea77029
SHA5128414305561cedb0aefd2ddf89465e9c332a638dffbd776ba09ddd84981a2f4fd83ab342645b021f817e7c98431f04052153a92bad2e078cdd230143d21ba393e
-
Filesize
2KB
MD51f8225fdd1982af6e2315f5e86af67f9
SHA177ed409f25783d55a5c9cdab9bd10539f6005553
SHA2567ea676d1402ffc03a6e9a1ac2376ded2569a352f6845143f74ad9fa20b97fa33
SHA512b96d61139ef1f96691c4c4308ca4582c8c7ff895d9ca22ed609291d92c15f26e1b329aac964bc0564499542ea346c72bbf2eb5c907fb7bf23d68964eec3997ec
-
Filesize
5KB
MD55cce0e0805d37d069b658e690d979d89
SHA1438a4817a6ce9dd3f0477be706f6b574fdb749c6
SHA25691ca97a990cbd571831c5d57ac7801b5c43075214577071f17a32e5f364e089d
SHA512759920615743d68a182b7d9d6f591719c8417324e0ee548515b5bda37435aac92c260debc652b0b38f40d4126f3397282a16d48b79bd540b17b444f0330ea123
-
Filesize
5KB
MD58e20bdcf15e90f73234442f02f8a32cb
SHA16664151a2c52c2716d38225aea9ff4d45ebb0ea8
SHA256ef4b602b47477f7ce830c4db42ce093b86ad216d4795a0af0ec1e45bd5a2662b
SHA512515e290741175896853aab8c3da6ba9326631dd6640423faee02c2daaed684a8edff24b55e163d716ca8dcd4d80c2ac5c39b65c145ce2e86b4d6fe6f8e7e4993
-
Filesize
5KB
MD5494a5267eba2ec25b6fbfddec942dd19
SHA1148de1dfcb23af6442f8d9a00c32a739b8649c74
SHA2569e8842954734460d9f34de15a37bb6a3bdcd9c35988a93ddc8315defc8b4a67f
SHA5123175ac81dc8b5b61be5d7c29bb67518e57e9e0a8bae11820abb7cc8d15adfebc2ec72dc93c3175b1c9a2088cd43bb2a7c8091e13e47ec1b0d4f07befc9dbf0e5
-
Filesize
5KB
MD5fc3642a95b6c66b61acbfe25454950ee
SHA117e058a76bc4dfca316bdf88ac0b893d8a4e657f
SHA2565b0e01209ec9eda974aa4af3dcf34b5eac5c8b970682920ba2d425b90ff9bf7d
SHA512a147f69432703082fc62f2f36eced39fb19df1d6c690d1fef0e4e29598f72b476a5c31114ea59c87fe1f5721b73d9d0de274de1003eb1950f7961b3c10f4914c
-
Filesize
874B
MD53d69910e7b426e09d7009c5156ba9fea
SHA195e9b75ce5580e5d293f8e7650cc04abce3d1607
SHA25661b389d220e63103a3de659792973646f289449fa12b8579a1276062338cd7c8
SHA512471532c72c6cabe3070e686bf00266ef9ad6df9fb8cb0d1eca72d7aa4621cb881a68d24ed59ca3e379e1068ea40c06795bbfc52a27a1c4d360db8f03c73074a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9114e1f-56ee-4ba5-9221-991630e271d4.tmp
Filesize5KB
MD5888c7bb96e5f63fe0974dd221cc7ce43
SHA1212957402182c2e01d87120ed84ac51850d0c4a7
SHA256353a6bdff1bb97c694f6188f78f408d65cf1c1720a4fe49e53a9fe5a6679eb9b
SHA512eb052c2b2712ce25e79200c1c444e5aa961bdf793e91347e3143768badd62a831749e33313dd58cebe6680e7dfad860862dc53c6be14d66f80dc3dad6e5b65c2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a6a8f48b19b451f36f68db56ab159ad5
SHA15005cce4f790b28a962ab574fe75291642ba8461
SHA2560bf7362a3a20661be639cdbd8098cd403b7ec0f0dcc3a06c8de729968ff690c2
SHA51210ac13e54a4c80f792c7b622f11017ea12a3e4f56b989e02974f5e535ebefc352ea7b44575c03228260c240b1c785f3b79e1e880e70b3c0b45da056266d37e80
-
Filesize
11KB
MD5a204243bf69eb268969ba7c0c8e5a751
SHA1f36e938f05ca4f87c790c37fbc1b63d33d238e75
SHA256da1a79b929c826381a432af2734f821e881e68c7d755a0bfbfde181f83850f63
SHA5121b95b1834c24287de487563127c89279e41ae3579e8eaa3b6e16d41e37ec3deae06eb033056aaacd2abd07e4a7b0fdbf8bdd71ba9326944702fe3e68478225d2
-
Filesize
11KB
MD501429670502cd9bf4f6db2f137113fac
SHA1fbc090356b526e60ef25aa6a829d0052bc6bfa1c
SHA256ea803ff94726d9468aba4e448e78263ec88604329e7423560b4332a124f4d2fb
SHA5128c4f8dd3c271fa30785cc5d4dfebca8b8f78c9518f5d091fa877011807560d32ada963327b859a085cc5fa0e15f74042d068633d96c76c1fe0fc9f9563950e5c
-
Filesize
11KB
MD5752b8b7ad7560c3de36baa7728744627
SHA1e98c0aab7c191fe079f95e6db96bb0a9af245388
SHA256dc89559e1121b79c3d2945bfc364751b0507a2c9d29db95fcc0570c705a66cec
SHA5121da523b7318fbf03049edb08bfe976710a9bc411c88a094127c2878b76ed72c2543c03cf0d1a4cb3e9a1b4f06ebb590b577ce33dd813b7380e3a282b6a107ecd
-
Filesize
10KB
MD579098526b2af8fa6a93cf9859c63c8b4
SHA14bc68105ab714359a42e9098590f17ff260a7486
SHA2562d8cd3a25c1ae0e5fd7ab35456dcffdac44d2a47fe6e1a6f1bbb18780105999d
SHA512685df482fccea2e2360430bf4f58fcf0375b7cf7fb5f87bef7bb6d4eb8c823dcfe927b939288a4bdffff1db009ba397345b7a97426ce75d9659a7b3d3c055acd
-
Filesize
11KB
MD575fb76cf12c1caccfe1755c970325477
SHA167d2b3117684b1e875418cc79f80fe2f85aa5370
SHA256e40f9b6829919a793b4b7f719d9d5b944650f9ef6385eda64682190dd476bb94
SHA512b20d9fa71d2501d4e9d5c5c21e5f7ea99f672883cb71a1be5f37921f16892457fd417f7eff09860592b3f9bedae994dc52213110c2991a33fa00882b9a590fab
-
Filesize
11KB
MD5e4197322a6f69c132047e36aae11dbda
SHA1a8d17280ed408eb3e1205078e824a961ea1f135d
SHA256a1865c8227ac4b6b9ff7edf31e0e94c792bb75bbb3d2a54255a65d466c38935d
SHA51282a8d956d5bad9e785d85f02dd01ef5b6ea87d85a9268ae5e98e2cbb6743eb56de4d3d70e80b330b1dba1ecee46734dcb56b0298e5aead52385f8f92aa779864
-
Filesize
2KB
MD517216a5c56c5e3da3bfa30f48481bf97
SHA1a3014efefd185a7e34ef4eca9d11999973cae1de
SHA256cbfa218f19b330beac07d8c7d68aa7009c4860e3ae2e9e8e327d192f7d5b5167
SHA5122ffd26f6d8128cddda3b35e36aa6048722d36066fba09346dd8be9deee312abc14de71947e8ea360b5bcf13f58bc565956d6c2eac51fb11c3c8cd9bbea1290fc
-
Filesize
3KB
MD5512406f53c49fea763e0841f4916a269
SHA10d61a31346757f033814cbfd19b4ae9d75e3c9fe
SHA2560213e898f349c9fbb391480dcad1c6ced819a4bca0182562b45bed37c4e4670a
SHA5123af050c0ed26d7c0f1d59ffdc53e2585113f8d92279b85cf098a8037e8c167d1d0476206c53c77c56dae1c2265c641aabb97bf4bba2e72bbc51b0a90b85aa85c
-
Filesize
3KB
MD5303e34d431907eb0292110319fdd0564
SHA17c0a2f25cb61863e1944272490a5285b3837cfa2
SHA2569709b5bc450a8ed71cdfa1b209707d065bc8ded462d6b0044888dd957a69ed49
SHA512a7b79e040d06dad4bcef119cf05e323212e0a19136b1b042826f5efce4decc317e51a978c8fa7b41b2b43bf173220299b18c7076d9d216b07a4d36854a24452d
-
Filesize
3KB
MD55d71952c8d4dfd271594d1de24a27f8e
SHA16dbf33a20f31ccbbd65209b729612368240e26e4
SHA2569565121e6dd432bae407a41ce7e04c580f40002a8529310eaae483b221b73ac9
SHA512b69ab126a2faf9115119b1edb80de162987bf2e0483b3fc7f73bcff66c2d98c64112985f304dbe813599fffea645b4c440c3282399313fdd017031953f19032a
-
Filesize
3KB
MD55bb64af93d85a1e38a32e41af3dd498b
SHA1aeac51756ddfbc7c4cb09a6de11bcc163c4a1c9f
SHA256425cb058722b1b283a3aceae3e2115dbcdc3e17f0f1e914921b51d07589d633e
SHA512a1f61fd5596ac350dcd4a54e7b32fe015d6c3de9a7d71e486ff795423b48e8588120c637ad3831f73d6f7fa626b52ca8b7395d0c4a781657e5a38401e71885db
-
Filesize
587KB
MD5b961cca56c34a56c5f06d2e302b6a75d
SHA1ece349f0b6cae13e9c698d21caf5803bf220e98c
SHA2562bbec2ccb031d0b74cdbc7200e18ca01478aaaa5f26eb909d93ff1ade46b957e
SHA51299cfb93d23ed3874c2c885b4bfbdbd5ecb675246da03826ef379ae5cb57870684c93f6c0763b9f262db23eafa4a0e0eac8bd20d736df0665c7d6232a2239b611
-
Filesize
7.3MB
MD5b69eb474a8542d9a80ee416b81b90593
SHA19d156ab2187e37953bc482e6caad85afdb5b6c49
SHA25658b35665b82ef1fbab76b291ec26d83868430083799f402304541ef54755f522
SHA5123a50f7567d05e013919e45d8de651b1e32608406b7f8a4e88dd2e147ddb0de55ba6375a40faba241bb8c8a20c02ee31d62e7294bd87d9990129b678560a748b6
-
Filesize
29B
MD57a39cae24c1d13e38fd10bcef98c80ce
SHA158d8a40b4d16215399749b563ba610c5cd3e4159
SHA25672de5cd3124d642aafeb64a4562c31204bb506a5c4fe37de302849aef41f0d40
SHA5128f51f5fe9890099039ef275e5148299a87bcbbc1a9aab5c279105b96efd795ef445803b4422060964b3b010c180c9b4526c82f84433669e4e365812f9642c80e
-
Filesize
2KB
MD59a623be98a5cd633ec69d20c820475a0
SHA1229f5616c34cd93636fa800cfc7cf959d3f540a8
SHA2564b1949c935a86c9f974eeece0890a5a0c8996da4ad2d948cf2e0ed3d95fcb933
SHA51241ee6d00fb3e064a3c1ae35f412df770367cd053dc1e71007e2825ec67636597891d481bce42c6d10aa7de85a2538ed7f5bb6627433e43f560d0d781f6561897
-
Filesize
280B
MD51342c2a857e5caae5ba0871e1a50afe9
SHA1fa29cb106db222b8937b8aca227a3512350ab15f
SHA2560be859ef8fc52e17648dfbff7825ee9d01ee41a3bfdf2fb3f3abe055b280de58
SHA512736afce311075827b4b045f0901275051e34eff245d0ecea1539081062933115934aee8efd7a1693bcbafbc2b2dae73479f7ffb1b136e64331ee295359fe7f9f
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\5399dfb0-7526-406a-96ff-a3291b02756f.tmp
Filesize6KB
MD5ab476db0c1d9ba688fadb47be92adbed
SHA1386b783e207be937e26cad15db08ddd3a91cd732
SHA256979c566b5c6e0699962acd5598778a0dd720bbebffb541015f05b100da2c32dd
SHA51203dbe234f6dcd4a91e8d18d45a2f32ce8b69ac1b1eb09d71c5c7627e1da7123534fc8b15cb53d031b86c980410f10fba3e4eca256896918b6b8cf47e26adb959
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f009d495127e38c2253b15dd0c31485e
SHA104e747341a89abf9ccb25bfeacb36b6976e624cb
SHA256fa71a3629e90b660cc392e28aa85977a83da246f55745dc38013e95e7735d6c1
SHA512db3a42aa56b80f8d322155494f9f373992d9299f990a12a77626fb3691c0dc3cee4a190c081b69440644f0185ea376c89259eeabc45900596752eab2a699bfca
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5c2c76.TMP
Filesize48B
MD513a807a942402b8e6b1cd4a649eabc50
SHA18707b48cf72e5b89e4cdfaf77c3285ad6418d9a1
SHA2560a0385b2be1ad7feec410c7d8ca37228be637f313033e877c374ba9ae37d921a
SHA512bd0ce1df5f627ee2c1dace7919fee4174d0b64225ec5488830457216be118b99c1d84739ac542b9e76a8755add645e0445fc350408e9bae0cbb76ca77fdc92c5
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
Filesize921B
MD583dc5b03907724e37a82e9e388db955c
SHA1e54ece007114b6a459713e6d15d096e6049274fd
SHA25653ec7b08162096b47e037894a83c1146aa082c783c1528f62107bc0d8c8c187d
SHA5121aabfea3059e62b6ea2fc7aa655ba6505ddc83850beefdfb5a79c1b6eac5d10bed4f05af84bc9f8bb559e80e61a3f8d4cac06045dd1939f965dda4efb23f8760
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5c3aed.TMP
Filesize59B
MD578bfcecb05ed1904edce3b60cb5c7e62
SHA1bf77a7461de9d41d12aa88fba056ba758793d9ce
SHA256c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572
SHA5122420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD53a20283340d3977768447fb337461f9e
SHA17b439e49934286e0a1f461ca7aa10be59da7690f
SHA256ba396508b8243407c5085f921f9be33051836a0f41bddeaa563f9d9f1b1a4654
SHA5121e997ed74675b7645e80e2b816d8c752d29fdf78f395161621964940fd1b356e00f114bc7241a0dff56998de3107d4a9c6d78a83cd8334170873b785bbef21f6
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD5138aa3a8670c106d5850d0296334d159
SHA18613119b636f3c09c75f342229df18baa85eb55c
SHA25622408b17d32a99d8136dffefe8d7424c7810b2b1957843482198de8031331524
SHA512684adc286c00afd11703535dc15bced877308bed3ffc1b0c7c5625d460215b15708369144ad36ee13633b26ae5acda5087ea4b721688d2d737abb59c3c1dc8a7
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD527bc7e02839212b3fe4f15c497f9fe14
SHA123883dc4a9d973b37ee6ecc1af6cb3315724300f
SHA25602aa622814cd9f26557c8c510bb65dcc03dea641d065c20f6a52366c03ea55ec
SHA512f40f74a5c091850797182e24593830c17854bb26682b36fe4455c95b2f8587832a807d0679f70b7b8f79573bce9962ef18bdbd9f0c9a2ad0b0aee9446e1a0b7c
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5c1341.TMP
Filesize1KB
MD59a54ae841046616d578e0e09f09a2a0d
SHA1067899836ec48bb59b7d66693a779a417d8a2d74
SHA256b1bed3c5c178d552ea669634120a22f940886555f2a46ab3af2654f213e62479
SHA5123fc8fc9ddc7f2c9d64ede6b011fafa7e2cfe33139345c14c4e5345758eeff3e20a21a6426aa0253b22819aa8db6e0bf7a300e0edf022e37f26bfd9ad95ba7fc4
-
Filesize
6KB
MD571262575d0a4dfc475bda5d75685f91f
SHA1cd3259909706f90ca7fd7fe0c5285508219e7ecf
SHA256af8a3e0703b174deffc9ab7f4578873d76d7b2cdd5c5971b33893889f31a25d1
SHA51299d15e96fad96da10db89e7a803086f351414e3e1cbd97c8e60ef53ae1fd285336740b2a3fcac5a289995209a78a7a2bb193ba738fd221963c87811c4232a260
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
1KB
MD526019f6d950e6ccc65037958d9a34ac4
SHA12ab0391a72a61c6dfb7b6e139b353929d7df37fd
SHA256e6885b8c2640885232b9971d293fb7be2b91bc53fc1cc9681b231c6d387a58e2
SHA5122bf8040307b1c702bc96b271c8c93d8440820a153dc8feb50820dd22fb2c7d1589032920196c2dce02343a7a6353382b23ccf1352997a83b432c21feb5533a51
-
Filesize
2KB
MD58214e45f3bea6a81e2fccb887963e9f6
SHA1440be0a0b32e8c3ccf32787a4f16cc72efd3dde6
SHA2569d4b430df77bb1cb4602ca9dc7867a1531b5a938f3e96573f18b55f6877c0ba4
SHA5128f2680f3e4bdeef12f88e371f00feabc7b9301ca1b74eaa0211ed45f8acb2caf76732ec5cda4f618eaa928e6099cdd74ce52a9fdeece83b846efc31cf1d6d7aa
-
Filesize
16KB
MD5b1fda2847d5fcb312b5034dacd5e758e
SHA1c36d54e3325509e5608772a3949f6bbc3453a388
SHA256b93d54ce3d825d56e0b1c35e66f5b584ee1d5361d38faefb22f6e33f772f99d4
SHA51250b15afcf9a9e4a4db6ec3259be08c5002e0a4150aee3209fa85af4490cc5a7564f8de8a11b501c245acf67dfa384a7350f2986e780f9bae1b504929b6841bca
-
Filesize
3KB
MD5b2024b3b32b1a20aeb92386606148a43
SHA1ff9bd3733d1d65788528b4375c8cd73b18cfff5e
SHA256d6cf6e1fef44e43d7ecbfbb59e2c38a3719f9f1fb67af98ed7e4509f6bf3f56e
SHA512cf463a7bea8aa76a0616a72f444fdaa513b8ed6fc6a6771f5b92cc1fb868b4d0a2abd5839a47358d9f3c8f2e8eb187dcd50215541357bdd0c94d30cd2af1a170
-
Filesize
16KB
MD53593af0a00fbe38d5181c838d55b4183
SHA1a79817b7d6999a744ba6eea373c1fcda476cf363
SHA256a6104df662687632b9367862cb6f7e6db0250f2ea3f4c9de12a6fdc1374db82a
SHA5124fdc7745bab3d0cef3433ba3367fbd477ffa55b8d97a1ea50052491a5b9940bb739d6b484bfc2015ce49e2b9fe6f595c050507f67e815d65d0047fbc0e6c0ce7
-
Filesize
1KB
MD5bbb527903437401ba46732dcffb20bd3
SHA1b7fc1fdff623081df481bbfa0aa2e518e41dfb22
SHA2561567c26401f8f3a4eaa0c99751099ced2373f1e759ad00dd5c83f8fe1ad39262
SHA5127c6dbfacc53021ec325942541384c411daf843e448325def136cd0224d1c7f696a76b5b5effa88f4866964abca4d8e1d55ed6829eb437ca39d43a2d44aadc922
-
Filesize
40B
MD53d562616e4b6bcf3d743a3a2ffc8d37d
SHA1c37a0a2e739621b9a49f54d36563c1b6dbe6d495
SHA256dd1738dfd1836a7f26035b380ce83f6efea3a7d754b96642f2423b0e53d151ba
SHA5127d6caa6c80ce2bb41f220eeee0bb32881916dc82118f7567b0c74e3fc22a166f2e40e34ba4aeffd639aee43896b72bd79c2e33b6763b5e22d871a5959f2f0d9e
-
C:\Users\Admin\AppData\Local\Temp\{65C30CBF-CE80-4C3A-921D-038DC1D95D18}-MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
Filesize1.6MB
MD52516fc0d4a197f047e76f210da921f98
SHA12a929920af93024e8541e9f345d623373618b249
SHA256fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c
SHA5121606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
7.1MB
MD5e577d441afe20df31cc18ff84f607ee6
SHA168bce38c9f919f5a5b0e8de87c70cc0e377032bb
SHA256adeda7d3636b45f5f4e5012fe8a43cf323de8a3f119961d3367e6a426916b45c
SHA512f0debbe13fd22f2131f852f2156425f2b50e052be8b221059bd236fdd91e922fb908939d56c03e538a73b71a94628421827ef53d5bdcc06e71a8959f41222a8d
-
Filesize
190B
MD5b0d27eaec71f1cd73b015f5ceeb15f9d
SHA162264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA25686d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA5127b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c