Malware Analysis Report

2025-08-06 00:03

Sample ID 240223-npjn6afg96
Target U3wiR5s9Rw.exe
SHA256 52fe9f423aa1e4a763fb5b012095bcd6a91819038803ab35e9b26ec676304821
Tags
discovery evasion persistence trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

52fe9f423aa1e4a763fb5b012095bcd6a91819038803ab35e9b26ec676304821

Threat Level: Likely malicious

The file U3wiR5s9Rw.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence trojan

Sets file execution options in registry

Downloads MZ/PE file

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Checks computer location settings

Checks whether UAC is enabled

Checks installed software on the system

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of UnmapMainImage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 11:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 11:34

Reported

2024-02-23 11:36

Platform

win7-20240221-en

Max time kernel

121s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe

"C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe"

Network

N/A

Files

memory/2444-0-0x000000013FD80000-0x0000000140085000-memory.dmp

memory/2444-2-0x000000013FD80000-0x0000000140085000-memory.dmp

memory/2444-1-0x0000000077620000-0x00000000777C9000-memory.dmp

memory/2444-3-0x0000000077620000-0x00000000777C9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 11:34

Reported

2024-02-23 11:42

Platform

win10v2004-20240221-en

Max time kernel

496s

Max time network

511s

Command Line

"C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe"

Signatures

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Emotes\Small\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\PlatformContent\pc\textures\grass\normal.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\AnimationEditor\img_forwardslash.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\AnimationEditor\ScrollbarTop.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\PlatformContent\pc\textures\diamondplate\reflection.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\9SliceEditor\Dragger2Left.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioToolbox\AssetConfig\copy_2x.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\identity_proxy\win11\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Emotes\TenFoot\SelectedLine.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\MicDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\fonts\NotoSansBengaliUI-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\CompositorDebugger\settings.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\TerrainTools\mt_grow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\TextureViewer\cancel.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\models\MaterialManager\sphere_model.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioSharedUI\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\MenuBar\icon__backpack.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\TextureViewer\refresh_dark_theme.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerInstaller.exe C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\avatar\meshes\torso.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\fonts\Sarpanch-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\Cursors\Gamepad\IBeamCursor.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StyleEditor\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\mk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame-8x8.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_pl.dll C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\LayeredClothingEditor\WorkspaceIcons\Cage Visibility.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\DesignSystem\Thumbstick2Directional.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_is.dll C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\CompositorDebugger\History.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioToolbox\ProductOwned.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaApp\icons\ic-add.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\resources.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Settings\Players\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\ja.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\fonts\Sarpanch-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\SpeakerDark\Unmuted40.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Settings\Help\EscapeIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\VRStatus\ok.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\avatar\compositing\CompositExtraSlot3.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\MaterialManager\List_LT.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\MicLight\Unmuted60.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\loading\loadingCircle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\PlayStationController\ButtonL3.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\LegacyRbxGui\popup_greenCheckCircle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\New\Unmuted100.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\Controls\DesignSystem\DpadLeft.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_zh-TW.dll C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\LightThemeLoadingCircle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioSharedUI\RoundedRightBorder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msvcp140_codecvt_ids.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\XboxController\ButtonX.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 624919.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5040 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 2416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5040 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe

"C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc72d246f8,0x7ffc72d24708,0x7ffc72d24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.0.383082211\581434985" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {852172ca-18af-42b1-94c3-57e638ee9f7c} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 1964 23f732b6558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.1.181110309\965832462" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5cce9d6-d43b-4249-baa2-11c183250095} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 2364 23f72c33858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.2.1847242068\1180413564" -childID 1 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddfa84a9-a65e-4bfd-997f-c5f5e918c8d0} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3440 23f77184e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.3.913670645\1827493325" -childID 2 -isForBrowser -prefsHandle 3804 -prefMapHandle 3780 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a45f1ba6-b8c3-4774-99f2-4db414a05a53} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3816 23f5f567e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.4.492027369\1331954219" -childID 3 -isForBrowser -prefsHandle 4828 -prefMapHandle 4820 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad110f44-d495-47f9-a7ed-cfb316ed3f24} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 4844 23f793a0358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.5.1374651212\541512626" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5028 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71f9ce8-f60b-4e2a-b99b-b0b4a525f801} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5056 23f7a43a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.6.1711029819\322825662" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {814c2294-f8f7-401d-92b4-029745f741d9} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5220 23f7a43ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.7.1943287574\419806565" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f814e89-667d-4a5d-b1e8-5f348cecc8f8} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5436 23f7a43ae58 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6384 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6792 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ro-exec-crack-main\site.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x518 0x510

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCRjYyODMtRjM3RS00Mjg1LUFBNUEtNzZCNTExOTg4NjJFfSIgdXNlcmlkPSJ7NUVDNjJBNTgtRDBGRi00QkIzLTk4QUUtMzlBNDNGM0VBMzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEODZBNDZFNS01MjBBLTQ1RkUtQTY4RS0wQTE5NkQ5QTU2NjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODMuMjkiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzY5MDE2NTE0IiBpbnN0YWxsX3RpbWVfbXM9IjE5NTkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{36BF6283-F37E-4285-AA5A-76B51198862E}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCRjYyODMtRjM3RS00Mjg1LUFBNUEtNzZCNTExOTg4NjJFfSIgdXNlcmlkPSJ7NUVDNjJBNTgtRDBGRi00QkIzLTk4QUUtMzlBNDNGM0VBMzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNjAwODVGQS1GRkEzLTRDOEQtODQ3OS1EOTYyQTgxQTUzRjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mzc4MzA2MzE5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.184 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.128 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7278e1d88,0x7ff7278e1d94,0x7ff7278e1da0

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe

"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCRjYyODMtRjM3RS00Mjg1LUFBNUEtNzZCNTExOTg4NjJFfSIgdXNlcmlkPSJ7NUVDNjJBNTgtRDBGRi00QkIzLTk4QUUtMzlBNDNGM0VBMzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MDEyODlGNy0xMDNBLTQyOTktODIxRi1DMzAwMUM5MUEzMTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMS4wLjIyNzcuMTI4IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzkxMjU2NDE1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM5MTQ5NzE0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxOTY1OTY0MjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2Q0NWE1MmU5LTU2ZDEtNGNjNi05YmQwLTI4ZDI0NjgzOTA5NT9QMT0xNzA5MjkzMTA4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVVES3ZnNmhGY3ZmZnUlMmIyaHZHeGh4eWI2aVVCV21NS212OG4lMmJjWEdiSXd4eU1La0tyQ29lR3dDNG5hZGpzS3lzUll5VmpscDJrVHlZMEZNbndKb0lYZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NDk2MDY5NiIgdG90YWw9IjE3NDk2MDY5NiIgZG93bmxvYWRfdGltZV9tcz0iNjg4MjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTk2ODg2MTI1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODIyODA5NTk3MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTAwMzY2MDg2MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgyNiIgZG93bmxvYWRfdGltZV9tcz0iODA1MjEiIGRvd25sb2FkZWQ9IjE3NDk2MDY5NiIgdG90YWw9IjE3NDk2MDY5NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNzc1NDgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe" -app

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:fDH2O4SPuFM9z_0CAvZDVwa12AjXjyX4Ydq64gg5AxjWuiJsu4FMHlTF0yjG6Oaz5wUuui0hr3YjiXTMKYv8OqWbcNo6vkNc7DSzIrXfM_bDcWYUsSSs6BiILJ66VJ7kUPGYY2ah2Zl6JhJ3mlszmw5YqQ8uIqMX0USQtPPTrCq-BAur7xBLg0OM6myZrwRoRsxkTuGElm5ueaHqQvA1k7VNhPiOUkjwT_Ojo3kZDaA+launchtime:1708688504216+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D218943216969%26placeId%3D286090429%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3De2326bc3-107a-4317-a36e-75eb3b19d1bb%26joinAttemptOrigin%3DPlayButton+browsertrackerid:218943216969+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
GB 92.123.128.192:443 www.bing.com tcp
US 8.8.8.8:53 192.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.184:443 r.bing.com tcp
GB 92.123.128.184:443 r.bing.com tcp
GB 92.123.128.148:443 th.bing.com tcp
GB 92.123.128.148:443 th.bing.com tcp
US 8.8.8.8:53 184.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 148.128.123.92.in-addr.arpa udp
GB 92.123.128.184:443 r.bing.com tcp
GB 92.123.128.184:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
FR 20.190.177.147:443 login.microsoftonline.com tcp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 84.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:80 www.roblox.com tcp
FR 128.116.122.4:80 www.roblox.com tcp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
DE 18.66.112.121:443 css.rbxcdn.com tcp
DE 18.66.112.121:443 css.rbxcdn.com tcp
DE 18.66.112.121:443 css.rbxcdn.com tcp
DE 18.66.112.121:443 css.rbxcdn.com tcp
DE 18.66.112.121:443 css.rbxcdn.com tcp
DE 18.66.112.121:443 css.rbxcdn.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
DE 108.138.7.25:443 static.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
US 8.8.8.8:53 4.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 121.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 25.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 59.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 145.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 104.77.160.221:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.9:443 codeload.github.com tcp
US 8.8.8.8:53 roblox.com udp
US 128.116.32.4:443 roblox.com tcp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 9.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 4.32.116.128.in-addr.arpa udp
US 8.8.8.8:53 auth.roblox.com udp
DE 18.66.112.121:443 css.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 images.rbxcdn.com udp
DE 99.86.4.81:443 images.rbxcdn.com tcp
DE 99.86.4.81:443 images.rbxcdn.com tcp
US 8.8.8.8:53 81.4.86.99.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.114:443 aefd.nelreports.net tcp
GB 88.221.135.114:443 aefd.nelreports.net udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 114.135.221.88.in-addr.arpa udp
N/A 127.0.0.1:50755 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.237.149.213:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 213.149.237.44.in-addr.arpa udp
N/A 127.0.0.1:50764 tcp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 ro-exec.github.io udp
US 185.199.108.153:443 ro-exec.github.io tcp
US 185.199.108.153:443 ro-exec.github.io tcp
US 8.8.8.8:53 11.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 153.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 atl1-128-116-99-3.roblox.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 8.8.8.8:53 aws-ap-northeast-1c-lms.rbx.com udp
US 8.8.8.8:53 aws-us-east-2b-lms.rbx.com udp
US 8.8.8.8:53 c0.rbxcdn.com udp
JP 52.194.177.18:443 aws-ap-northeast-1c-lms.rbx.com tcp
US 8.8.8.8:53 aws-eu-central-1b-lms.rbx.com udp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 8.8.8.8:53 robloxcorp.s.llnwi.net udp
US 8.8.8.8:53 aws-ap-northeast-1d-lms.rbx.com udp
US 3.12.96.92:443 aws-us-east-2b-lms.rbx.com tcp
DE 18.196.70.252:443 aws-eu-central-1b-lms.rbx.com tcp
GB 18.132.219.236:443 aws-eu-west-2a-lms.rbx.com tcp
JP 13.114.149.88:443 aws-ap-northeast-1d-lms.rbx.com tcp
GB 87.248.205.28:443 robloxcorp.s.llnwi.net tcp
JP 52.194.177.18:443 aws-ap-northeast-1c-lms.rbx.com tcp
DE 108.138.7.3:443 static.rbxcdn.com tcp
JP 13.114.149.88:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.99.116.128.in-addr.arpa udp
US 8.8.8.8:53 252.70.196.18.in-addr.arpa udp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 236.219.132.18.in-addr.arpa udp
US 8.8.8.8:53 28.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 92.96.12.3.in-addr.arpa udp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 3.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 18.177.194.52.in-addr.arpa udp
US 8.8.8.8:53 88.149.114.13.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
GB 18.132.219.236:443 aws-eu-west-2a-lms.rbx.com tcp
DE 18.196.70.252:443 aws-eu-central-1b-lms.rbx.com tcp
GB 104.77.160.204:443 c0.rbxcdn.com tcp
US 8.8.8.8:53 204.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 followings.roblox.com udp
US 8.8.8.8:53 games.roblox.com udp
US 151.101.0.176:443 js.stripe.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 sea1-128-116-115-3.roblox.com udp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 hkg1-128-116-118-3.roblox.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
US 8.8.8.8:53 aws-eu-west-2b-lms.rbx.com udp
GB 3.9.63.151:443 aws-eu-west-2b-lms.rbx.com tcp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 8.8.8.8:53 aws-ap-east-1c-lms.rbx.com udp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
HK 43.198.122.9:443 aws-ap-east-1c-lms.rbx.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
HK 43.198.122.9:443 aws-ap-east-1c-lms.rbx.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 badges.roblox.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.124.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.45.116.128.in-addr.arpa udp
US 8.8.8.8:53 151.63.9.3.in-addr.arpa udp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.50.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.118.116.128.in-addr.arpa udp
US 8.8.8.8:53 194.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 9.122.198.43.in-addr.arpa udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 142.250.200.46:443 www.youtube-nocookie.com tcp
GB 142.250.200.46:443 www.youtube-nocookie.com tcp
GB 142.250.200.46:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 cs.ns1p.net udp
DE 52.28.206.173:443 cs.ns1p.net tcp
US 8.8.8.8:53 s.ns1p.net udp
DE 52.28.206.173:443 s.ns1p.net tcp
US 8.8.8.8:53 173.206.28.52.in-addr.arpa udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 8.8.8.8:53 c0cfly.rbxcdn.com udp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-1gi7znek.googlevideo.com udp
CH 74.125.108.199:443 rr2---sn-1gi7znek.googlevideo.com tcp
CH 74.125.108.199:443 rr2---sn-1gi7znek.googlevideo.com tcp
GB 172.217.16.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 199.108.125.74.in-addr.arpa udp
CH 74.125.108.199:443 rr2---sn-1gi7znek.googlevideo.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 m.stripe.com udp
US 44.236.167.79:443 m.stripe.com tcp
US 8.8.8.8:53 79.167.236.44.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 104.84.73.17:443 clientsettingscdn.roblox.com tcp
GB 104.84.73.17:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 17.73.84.104.in-addr.arpa udp
US 8.8.8.8:53 setup.rbxcdn.com udp
DE 13.32.27.4:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:56181 tcp
N/A 127.0.0.1:56185 tcp
N/A 127.0.0.1:56197 tcp
US 8.8.8.8:53 4.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 107.2.138.108.in-addr.arpa udp
US 8.8.8.8:53 64.39.245.18.in-addr.arpa udp
GB 172.217.169.22:443 i.ytimg.com udp
DE 13.32.27.4:443 setup.rbxcdn.com tcp
GB 142.250.200.46:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.19.161:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 loader.live udp
RU 185.149.120.169:443 loader.live tcp
RU 185.149.120.169:443 loader.live tcp
US 8.8.8.8:53 169.120.149.185.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.200.46:443 www.youtube-nocookie.com udp
GB 92.123.128.134:443 www.bing.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 134.128.123.92.in-addr.arpa udp
N/A 127.0.0.1:65099 tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 34.213.123.46:443 m.stripe.com tcp
US 8.8.8.8:53 46.123.213.34.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r2.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 r2.sn-1gieen7e.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
CH 74.125.173.167:443 r2.sn-1gieen7e.gvt1.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
CH 74.125.173.167:443 r2.sn-1gieen7e.gvt1.com udp
US 8.8.8.8:53 167.173.125.74.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 142.250.200.46:443 www.youtube-nocookie.com udp

Files

memory/692-0-0x00007FF690230000-0x00007FF690535000-memory.dmp

memory/692-2-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/692-3-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/692-1-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/692-4-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/692-5-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/692-7-0x00007FF690230000-0x00007FF690535000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6fbbaffc5a50295d007ab405b0885ab5
SHA1 518e87df81db1dded184c3e4e3f129cca15baba1
SHA256 b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

\??\pipe\LOCAL\crashpad_5040_UHAQOYPYYZEKANHS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 360dd5debf8bf7b89c4d88d29e38446c
SHA1 65afff8c78aeb12c577a523cb77cd58d401b0f82
SHA256 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA512 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1453c8b9b5e0a549d2160c9c0f141ec5
SHA1 7bcee0923501dd582f1bda0f00dc1f71a7660f16
SHA256 f2db3b260de1db1c4cdcbb87be06145176695811d6594d467502ff3c9eea3427
SHA512 f016ade673587d075764719d87194034bc6688778d371afdd47a5e5a6248d052aa30f5c3ccedc4b8b1fc06112fca4dfcefbc697a274de4f09386135eb8f3fa8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6aa3b7c39ba66e10e063c0f916d03d97
SHA1 567247d9118b8b251be3aecb1d76ea6d8375886b
SHA256 718368929e2dc399d4dd62631b2a94d01e3ea65a689d93f4d5ede8f2e224d9cb
SHA512 95e5c2cbad0593cc55ba2f0aa5a91434832f0b970f54667f3cc40f8e06d24e985daed3e33860a1949f0c2bbed7c5c0c8c19ff0d999d4ee6557d6fe0052932703

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef067232-d537-40d4-a033-1432dea78947.tmp

MD5 4f48981457d96016aeafd83c099dd23d
SHA1 66aff4771b2586aebe0243b9a7cc983b0a5ee848
SHA256 c836b927f39eff034e3cd579dc6546efcffb4157af76867d724dc7d9b94b153c
SHA512 da7c57b1a8ea3a88a3b643b2e581bfcddded815c9935c652e266e6610d4171f7c5192936ca124a61f618151a198a983d1f3777f994f97a13eff15f37a0c969af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69ae8b1f228ecb1f233e0cd8fdcd850f
SHA1 a6909448cd79cc803387e73755296331e3d4131d
SHA256 ab3cee75a2c4cdf8d9117fded928d912dfe2c6c0d6257d7f29412c304b9a7cc2
SHA512 2588c4abca119a6e028da1e150ad39b20d52f9f77c5ae08b1564024895ff4ebe063067496907675b57899462195be1edb231e8c61af647b8ca56a3fa75e73184

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bdf82c809e91389e23ed959072d456a8
SHA1 aa28e1e1c1d29a7382b094e122678cb947800cdc
SHA256 0ef6beff529d4bb1e0730ae74064e3a538b5075ee521ee6c55fec46607a4ff19
SHA512 91d219a75fba3a96e7e5aef9639d5e2f0788f1abb269998a739f0c82b122bba5fe85cf2f8996958105f63fe7ba77237e0243645f9318e123e05467d01c263d9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6a5bd7a8-4e6c-4cf9-84e0-cee6666bee2c.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c5b539a6dfde8d3bad478e70c8395e1
SHA1 768c6d7e4df6e01502113129b05bc67f3c3f7ef6
SHA256 8f276c67070b772babc0902b3b02b75630e17a698aa1297783d9dec2bbcba31e
SHA512 423e1c6b5a47fce336c6ea055218c3a0daecc57a7145c33599031b5c295fef0fefa493519d1e5be0aa8568e3a2dc667694377612aac643ec44c8c1f9c0b150d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d50e.TMP

MD5 95332d775d17ed3a48eeb1ebffad5d19
SHA1 5da4445f6ece96f144abb8342fc774caf32633a4
SHA256 491220c54272fce819c13ffc9cd34df644a8e4b62211e46cc52f318409020f73
SHA512 afc0f1ebb010e6b1ebda6aa50c01e80ab52026e1aa1a71e85bb1931e558092aa9ac72d09520c96f458624de62f790566b9c753db737e4ac092729ff774fad5b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7ef22ba95e6ebb374eef8f4719cbb54
SHA1 dac271146272e998710876254cbbb2145ba23d30
SHA256 a49bf172f106d14919f6fa5bb9dcb23846320cb224c903cffd92996d620089c7
SHA512 723bdc4416347b2564cf9e5d6d1d19b8e21d49fec20842263de57be1c68ec02fa4206d5811715f07c69d681ef112e4e4c0b4b1d66ec5089bb6918a03f1fbdfb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 2f3c7b5f9221520efbdb40dc21658819
SHA1 df12f010d51fe1214d9aca86b0b95fa5832af5fd
SHA256 3ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99
SHA512 d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b

C:\Users\Admin\Downloads\Unconfirmed 652336.crdownload

MD5 f300b0f010b9d0067df0159a90b2f2bd
SHA1 b7c1403a019986140346cc2d1584ac239870ca83
SHA256 b32e38e103a83a30b37c89dd39620df908f5f2abab0b7b2a0531369b59925a27
SHA512 70f8e2be7a2d7c9c608c06ea09d06d4a9614c5f672a8a9f945fb01da9bbdf4dab2d4630d9120e68f6b86290452ff7e9fead2e9d68a878fb4568238e2cd5fa47b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 509d6f2f5d30dd43ff02f6f6cf17c394
SHA1 6526e307490e074635e0346cd7322511f30f0627
SHA256 c40521e1e94cbb6c3e44221b985ed5aa3984088d8be6991f409d53fed528b629
SHA512 eb719f55b129bda94581941e20056c84313dc5bae884767da0eb4e12d30faa461b17526d4f40b63371808b6205bac9f83b78914dd38be5cdafbfbab84b51a949

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7aae7244-265f-44fb-b021-58df8b867247.tmp

MD5 e6ecd8c93ec4b1e217a536a8ab323e03
SHA1 3d584947694ab5dfe8443edd2ca56066bf933600
SHA256 3393f6b9cfa6bdcd08ebf9a012503a0c7e17340ca789205b68ce1d00319d643f
SHA512 d901b6eafe248761be93d9df9461214cd339f5e93f818270010840a00f2fdf9cf4cdf47eaebd196396591c8bd772b34e0d4590e7c1510d53126070ce77c917bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7164d2017c0961967e5c886da7546b1
SHA1 4ab822c6c06398d7de3791f2e238773a12e82044
SHA256 9022d8b0c1c8f89a1fbca286ca61401641945f47322376b6d5f20936004dcf89
SHA512 5717d327b8e11b55848e63c3c55be2799f5dc14952ef308a0dac40ca5a993f29a148baa8ffb640753839389b2a60112b95f9342fedb64cf75c665be63db9f435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4cacfc4e2651b26800d795451cb7bf20
SHA1 c65ab2c38f78bd50155ae1ff6052ab6e68989773
SHA256 a57568420108adadcf47a249d5617fb51709b2be491c0c6014c6641d4c71faad
SHA512 229ed8144391c5c88f87d72d78f5024ff06df9b23208da0c79430b36cf3ebf5aa61c6a536da40f8249ce120aa2c45fea41a4ec643f4c28e476466e0f377f9742

memory/3440-637-0x00007FF6CFC00000-0x00007FF6CFF05000-memory.dmp

memory/3440-638-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-639-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-640-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-641-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-642-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-643-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-644-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-646-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b2f13b67a0159275446d5600718bd21
SHA1 5807e3639013201544c92457ff1708932ab543ed
SHA256 cfc7384322efb886abe8f5deb4f6a0d29c5a2cd3c8385326052841635406548c
SHA512 90acdd07e44fcce5c791a8738d0d3d684ea78365dd9ec1ae91fe028d06bfcb6b2862f293e0d86242a30ebaef1bd66ddae655ca819946a1b62c56a1d917d8a5f6

memory/3440-653-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-654-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-647-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-645-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-655-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-656-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-666-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-667-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-668-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-669-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-670-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3440-671-0x00007FF6CFC00000-0x00007FF6CFF05000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 420b867feb84aea00fd3c0d9f305f86f
SHA1 bda32fc1f5ef777accd0d6378babf0ca1b79abd3
SHA256 a653ea4afaf7f30eacc10f1872708e0e44eb3b11686b1f7b2a9402f51f58775a
SHA512 87ddd7eff3c847d5032b768fbd07f36faa216aac578d8e84140c723657790ab408910b3f3a280277c173787e6423902f9471a11d0a029a804120eacfb79686e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f9e41f12-9d03-4f48-813c-bd6fb9c28a56.tmp

MD5 5eddb3806ac6b762278251b40d523fea
SHA1 5ff34a00b4c0855f3584a5c91be2f14a8097ea77
SHA256 71f4f47bdb075ddeb3004ed4fb991ef952506f5491bddad800401d2ae616872e
SHA512 40574cedf8fa752660ddc0b9c0dec99c735285fcf415fcb3563625472df2a3680df309957c7e50f68a3487612ff85a9fb350138e7b8ef68d96b26a4a2f637c3b

memory/3972-692-0x00007FF6CFC00000-0x00007FF6CFF05000-memory.dmp

memory/3972-693-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-694-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-695-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-696-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-698-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-697-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-700-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-701-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-703-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-702-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-704-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-699-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-706-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-705-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-707-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-709-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-708-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/3972-710-0x00007FF6CFC00000-0x00007FF6CFF05000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\db\data.safe.bin

MD5 0993d42beae17f004a7c46e3cc3a5237
SHA1 f4ea55861cde2457038ba8d3d4996aa78003ad16
SHA256 58bd52b7dc85a1e2ab03fc9901ec22e7700e9d49e52d381ed083f3d5efa120a7
SHA512 5cfd824affd9267ff663d1996080064c5460dad9c4dfcdc954c762ab76acfa30c8a5f9419bf0871a90efadeaba9b2883a23cb4d5730ab3201f2dbf27cdc431c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\c808db68-084b-48dd-962f-84f9923d2c68

MD5 75bc0307ff8c1b0465d3d338b3e0a0c1
SHA1 308582827c85e62f1d48108a1b8983c632c7f903
SHA256 fa752059523eb4be36182bb6bea2426d60f27746ce27da734b55741e3f2f84cb
SHA512 40c18825211d35b79d06fd03c8eaaab650e604537e5f201cfa60129302fa30219184db80122490c1f2fecdf2ea68265d9965dc20935e60331d68d1bdc98af494

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\75eca2fb-a5c1-430c-add5-a00067cf6d78

MD5 997afb94d51200ff38c2339e48f8ac94
SHA1 375ab8f9dbdd48bc4e67d81e5849e1675961b022
SHA256 2e396f030c6dfde55e1c3d87a753ea3f306e82ce378f16e7b9e65dd19d64208e
SHA512 f9e97515ce427b24cfc3edf2d35d3c3587c782963618927ada1cbae9c841f8443adaa66158ee726d0d0662efd06c9f64e59dd70dcfd0c5e6ba521b22efd85a5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js

MD5 8fb520e3cd7fa5691144219e47234326
SHA1 1b04e5aa99ffe081e92af7a741195b5abaca473d
SHA256 25d580b2a16ee61fced24d1c94a2510de558be98b92ed274c027f11c60f7b8e9
SHA512 ce303c9526b4f7a303e903385b3cbd3906b3df8c026692b63459579895dda33bc09d6060d1ae696e31f0e0a47691451d59f2330e03fc98fa538cedf2d74511fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 a43f320710027f57806a2f054959b752
SHA1 224783d9058d02734d1347f9c4c42b5011327a8d
SHA256 75c0e72e8a0d6dcec9c7d0cf8ef6d7600c5adb9ed6657bfe4a5fb795afaea1e6
SHA512 b4dc2843c4b9808694e4408747aa8cb139dd41bdae69bf556237c51b1c8159aa1b6c80d4773d903e96770979c25535ba40750d8fa629ec93b8681a47f5498471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dd8a0e022018e760533b0a3bfafdba9
SHA1 2be3def9dc9782b10bd46a2b3ca073951f55ba49
SHA256 1c7d713bd02ba78b0353e0b8f7ba1a4f34e865a39260f9ac994047db21e5064f
SHA512 4842d50620e319cff3765b86a5517351aa20e1e106d040c501bf23fcd0767015909801b940b74ba5ead56e4ce48f5f92cccefe4965adf14c52416a93fe26682d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3336bd4992c30093980f4fe620d24cc7
SHA1 b820b4d004e3d84bae24a2ff80ec1dcd7fb53d59
SHA256 e872279403461aba6e22f1e45dba4cd979d8c8955b1012a90e1550642d78ab41
SHA512 8c489f4a4b6d6fe0002cacc1e55b41d432659452eea67480c5e6e4c292aa39355031624d3cb7dcde44d472a4761c65fbf99d69262c5c5f9f2a39b20730acaaab

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bc703e6370fd828eb3642124d2ae3e29
SHA1 a9bff10ddc298b84b85544b20ecf77126dd6e482
SHA256 57166b5b2332f9af374dbd54ad687b6268276c416832aefbdd2bafc5a11d1e57
SHA512 3697823f286f59ddac45c8d896d36ca5c8e1539fcb9358d36a04d63512edae80f78b0529b6242c8cbe6a3d4580b6b2149579df5a089819edd1c1921c7f31f13a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1fbd26087231f429b17f5cc82125c389
SHA1 f4cfa05435ffcba010a9c30569752dfbe9098309
SHA256 3d84487a0bde5752f3a688f4919bd240c51d93e5830ce1c469c8f962b0b8bc14
SHA512 a93c53355425c1a232633f20f944bb4c12998f626b63fd854370a9f9836d1eb7b534a0a7ce9964867b29f3a18b3c72de40f05ca1ab22b476884a9d4f3704015d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js

MD5 7c3891c153a9142a7a7e77276dc77ae3
SHA1 ab26b97fbba501ddeabff9a7c3616f7fb88d5170
SHA256 061e8bcac3d899748a8f6a0f513eb236b75c50c06b9ec57fcd91e89c9d54318f
SHA512 495b17b30f5e66b2bc92bd57429e696e9c3272a325ad75e12ef7f38a79b62fad35fe0027a112ee2807485b799ce9b1bd42b9c997410900d163ad36efdd67c7ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 75321f3a1699e170a0d204aee5df6a2c
SHA1 5158f5e5eb05b6162dff14c545e26456039b6608
SHA256 54f0329e8adb563535ec593c9d2eb183496ab82b36b09612c546ddbb74e155a0
SHA512 1de6b3f138677071a6917200c0d302f34ff53d9bc7ed1544aa8f55d8a08da185024b58e7ff46e46a366e840122f6ec860850248306c3814acad2f8871dfd06d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 05b6c91abfa901d606a13f2b6eb54e0c
SHA1 d3bcc6e83448bc0991616143d062be57330f4519
SHA256 8e274288aec401e60090e489f77a0118641934650f0f44eb647db85c49b02500
SHA512 ce54973380998fa427ea6ee08292142d38cb5eb240cd677eebc4c2da8c84039f403939dc1087668fab297f986311b0740e6c5d06bb1a5072f591878946cc87a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c851a9f493133508e7df893fc29bd38
SHA1 1225617427ad9dcb7e084dfa98e7faae35c77789
SHA256 2e286ed48345f23e77b1e6fa951bc0d25bd6c31c9e55cfdaaf624c1b7027e0b9
SHA512 d71323ef0f4dc3f2639e986b8e89467c135da040b9aa90913aa6e996bcf5f8c64e17cc94d5c0c9058f7b9196b112617452995ccc3320508c4ea71dedb676d51d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7da738faa6b172d12a1b89ab72d6583b
SHA1 b7125154f95e7db4a5b52ecc7dededf69f3aa935
SHA256 3f7f633ed492036a1bd8a2fd3b1df9ad2eaaa45adc504543b1546c82ee578635
SHA512 523feeb0a862953ad3cca4fd77559dd1c1cb49914918f07fd4d46633f0864b34c96770454804f39bf8eb264d22fc0df5daea6f6cd6beb9a7bad5208f5038f34b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bd71057d26b29b0a2829904e82b58ff7
SHA1 687a0303bdc90923755632b5296c52af341916cb
SHA256 a0efedf98c10d1117e1aadb5b905ddfd9d338096f2739b444ee1e6a0af7121e3
SHA512 bd26a572a5771e4564a9d03ec89f85ebd6f14be98fc55f1ba20b9e9fc88fb1ba4ea2651f696f0c534bd97a2722d781ecba4cf8c8550cdf9bc7aea6945a6159a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 4923a7479f3522cbe9389d7a4862ac07
SHA1 1bc1eb916c29c8cb05f5e46deb5740b2c5e992ed
SHA256 6d83cc91996c474cc23c3a20d6cc27b91e34117d0e15277512711efb9a6080be
SHA512 3d0dda89630f837e20956edd8ec1a083c79f5934f10adfffb116dc499d3b78418929f5c557c395cd78ef58d8a23ed2ce3af302a549a9d2aabae333c3857c8cd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5a9358.TMP

MD5 74fa28088233ff85e04a3313b8695e7c
SHA1 b93f68c943c71404bc36e19c038e5cde39114b87
SHA256 d081dcf0c4dbc41b5e36d27b757df121500e4c30d7b69d83b33c276752591339
SHA512 8794f1d2fc58a165157a9fc00eae78ac03d2bd186af4a7c478b7f47a5ced76e9e16b6330d2ad3377aaa0ee45652fe64a47558a812f2d08c3cd582837b5b9a36e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 c5658e00a92f644f376e8a6fa3eeaa38
SHA1 ecb24183fb47d372ec2167bc8160b451a6be15a6
SHA256 9c965d6c08c733081c4c6311d1f2dd309433e26555ce32414090991802a76222
SHA512 e1d45a4cec2024902832a95e7b927c87934fd1bd868ba52ec103d060a3581df0d2875e968c04d8143a828aad21eea85a8287245065d8e9894049bbf255802c0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae107d7caf6c62938f00f6693fd08d02
SHA1 2dedb6df0c5785c1c530f87720f165a88db23a79
SHA256 d5f9130700a1f34e84ff07e6f639ca4ba2899127f7d85090fdddbfc63821b66f
SHA512 5454d7fee187f241197b899f4eddd993604489bd9a8d17d840103ccc95676ada3959ec85c284910e5269e68f219b47bee4bd249270631020729a44cf28acfe83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 343859b4ad03856a60d076c8cd8f22c3
SHA1 7954a27de3329b4c5eefd4bdcb8450823881aad6
SHA256 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA512 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5aabd2.TMP

MD5 ee3956d8f30204259eb26413a64878bb
SHA1 9789e75369d35e6d0113b1147750e440759700ee
SHA256 8aeab4d4fb1851a18c5133d3e13307b269b0b2db4ad8d3eae3169e55c2340c13
SHA512 6266a34e85b6ccadd2414a9f0dd121560baea0ad2783b8ded56460190d308c132630ae5def147fe815c69c03c9cd59b1509922fe8fb8cefa5b59d7fadc40eb49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012a

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43a11addedd7098977eaeda6eedb9f84
SHA1 fecb16de4888928959ef8f0639b73dda09786f49
SHA256 d4e87e9f3ae2ec3c30cf29dc3e9d0bdc23e0b915645ffa12c40eb67bf4d3c19e
SHA512 860aafedf005f948bac15b93965426f7fdbe99c48a6e54016669ea23ffde2eb9e8dfdca68866fa38185fb52c3e09da8266f676c1b2dae50382fffde6eea50f43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 170c00fe1f40ef3c3e0227f359771a5d
SHA1 34759728648bdbfaa2570be1647f141b162fa030
SHA256 81d14da61e8d8a7687c4677d4b6c0aa668dc75a476b47254f6d2b98f96cb0f4e
SHA512 d7a3afc14e69c667798422d75a961abd4f77cbb19c6fb3402a110375d1c7c35bc786d28c3e3eeed872d2eb0b7ea53278af12878bba2d287465303297d7f58b6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d3df79cf9433bad56bfdf643ac1feae
SHA1 b33280353733d2c69e32762c514e89445c7fa896
SHA256 0de7ae3a05bbe2ddd505dd82526bda32f566c8af6cf1aa948eab5a18feffe37c
SHA512 6208be7cb7d546ab09f5ff50ea60fabbf608c34a8c4f4af4130a8975e68a21bfaffe738b7edb7a2d377d0fa25827ae01e03dffc69048dd56e58f907c86055f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4519e58c83de335fc8f9dd3062a82a96
SHA1 96c4c72079d4885db82dd343ceb20a844b170ade
SHA256 0d2511d8b6ea23657b4692a3a2417b0198a26a068241a63d25f4bd023c753322
SHA512 8db33a5f69cb59b65dc0318bf7507f268a2efe0b8e233971a03b2c787f4542ee02942355305834472f417c0856de66df41680583b029010a591dc68298831b9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 357dd58c665588a2a827ca305dae8bc0
SHA1 66b57912b64d8ff7431d4face247f1e90863ac18
SHA256 561fe903fb0bb9e216cfc46dcbf554139b4ee844b7a690079d49735769c1e58f
SHA512 a7816cf27f1d9516647dd26ee5bab03db851a8b13f9053fe20d1b84f10dd60cce716f80847be5b725d780a19f2df588e601ed7022d028aefdb1e624159c92d95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e44e6dec7a6f5c7f7cc84b389ad352ef
SHA1 6d9625a9f682374aa94ba3abfd7d25e9b0540378
SHA256 db142a126b1d336942036a5f8cd0175043275a17edbe19ef6ac31cc7c201caab
SHA512 e1083974428393a6a7190b6db59482bb70e7d918d2d229f3f094b93a547b7b775d8bd7481f8ade2f5a1aa4e30e1d931ee20889dea0f4e8e0ccb4dad6002925ff

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 9f04bcdd340daa9e3115b40e36f18a4a
SHA1 c3c331996ec49f1a6c357845a93f63957eed5c00
SHA256 531df8563b5f76a978ac69ef49b07dd87933eb5a291746698fc381295248cc98
SHA512 c334866560442dafed0df3f9e3bb46b35be77d412dcb1664491fd6adfe6629e35e8aae67d6f49ae78f4d9be29d22594a4519af3fed69f5220359bbc7e5db7152

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 ded8e57cce95a72f80c9609463562728
SHA1 9f3309f4d4bd46f51bc5e05b66a6181647543cd0
SHA256 6636cd9b1e4f4fdf34d107f6927dd4b3301a7ffa37d4cc59adf78f8a45fb09ec
SHA512 0e7140709d4f4bfd5d60d3b8767d1fba0eaf75efc69b310662520937a3bdee532eb4263f5adcbed2183dec2bb20cae5c77635fb5d43dfcfc327c992709465ba2

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 d05afa3d70ece2fea158fda186af62a8
SHA1 f524a0711fc621a53a9e3643517dce4c540b8427
SHA256 6d571c161bba7175e72cac759c6bf614995cc5dfe3374a94ea0427bdf1812689
SHA512 36df9f4b62de832b9758b25102cc5bbe1c8af3f4bfea76b9c359d404733b62659c3078d49b78aedbe0a1f5eea8d8033db6f8bc597dcefa413ff65055518e79e0

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 b454e47c372b2e464bee5e1a0462be64
SHA1 a2add1c942565ef7e6c4d4c420a384d40f8db822
SHA256 69217ed89d624fb3a2028a131d4b7a95fab4a68906a77bd612e37d49cc8937cc
SHA512 573aa3cda19d7d9762da4a57ac61b4213d8e6cf96d8e103e3c9e6f366d472e656498661c7f2d82a82d9f5b2d0d55d6a9b4eb12823e146e6b01c4bf1bb9725ae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2b7e0f7da442d50fceab5f3960f1851
SHA1 5cdf7c0f3ea28f31f86305608e9e0f386928c7b4
SHA256 fc86a2aca5f937f5147f7c9ccf644faf2c50133f4f14c13c3629e33746658ddd
SHA512 1a7a0aa6dcd2c0629214037ff791e1d6b8081e97f04498c3a7ee3cb21b589a1a13858be10478c4c474cdb7bd5fd07f22f763a1c3c0986b965fc56c2f685ef7bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce045035af42250aabe6d58c06a2db8a
SHA1 090049ad6b92983850b70d16b264de2624fbe63c
SHA256 6d5dc9f6425653ad673ac7b0f01a7ca9ac06e0183bfe6da3e1c3c4703e72b880
SHA512 58bd5f571e4235b6a2d41d5e37be1ed01657d06043177ec1d32563293a3da20a24035871ccbd794596badbeb83cd3dbf0c87321dad92b4857fc7afe5e04a6f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a0b2b0f1b9b6af4cc61526b716945304
SHA1 9f099095056caa558b6d0086f4201ff3a7f3c4c6
SHA256 10e37265b1668501b6ceb3abf6985e9edb4056bf51f1310ca847308faa0c59d7
SHA512 2eccb0fa1596590c1dd319f11f60acac0b53650ed395c1ff416faeb087fed5b7ce5c9dfe850962d863011911ec594bc718a5de0e56a1a3ad2186be0b98f8cfd6

C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerLauncher.exe

MD5 01d8527854ca91b35943e764f4fcf476
SHA1 9c29532987fce808beeca1b8acd69aff1f0d7d28
SHA256 0e98f1d3260df1b9f94182c7e53314cb7585a9f185e362d66bd30f2d94a0d9d0
SHA512 70e0f68c87bf3eae282edb1360817b3c123b4eb57c26c6de251b5581f296ca10b595924cb624bf2ba13c5ae94545a6e1a47264a4d2966478a2f074b07da87618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd21b82f4ece97b32d66a851665e9c42
SHA1 6d9a471e091067e1a9e56c5bbe2e2b50aca47cef
SHA256 bdaea594cd7af8eb5dfac28911036b6c3422c395ad7a9b8b82f397302178a2fb
SHA512 b7194cd068d0ac89907fbc02a668d3fa6aeb2cdfbde0896631d2e7c1f53dabebbdd88d3441beb366a75c5e47c90c9f4ee0c56bd73385f6db787b8203eac4fb9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4ec844642ec7ff1775cff44240c7d433
SHA1 f8c0083e1fcb54e7ede48300f9fe9d3b694f2634
SHA256 faa157877a0f59673162345a6cd80cb84ce73aef276c36da592ea967f9513a1c
SHA512 0597f2fe1a14cdd80e72cd79acb2963ab5b7fc51286d1d05c2652e89e3263cdb00b4b3492f2b34242f96d93e9d532101e5ee70f028377f0e66dba63e0195f030

C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdate.dll

MD5 da1bd5e500b99e4ac08745a9f456fd33
SHA1 e9c337fffa883be4ac10ab02e28a5e33eb6e87df
SHA256 e5921035e64f5167cb00b61e4a401b242b4ec267117fd59fb896807b49748802
SHA512 ca04724e34aeaaaa213936f09a1be380cfacd710a5fce0e7bec767d99a687491f6dfeed9eafc7a1c39b3dcb3ee66a44442bcd5d7b57333130d6c325dbfe4fe51

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdate.dll

MD5 2677466ea215fb50fe834041ce63df03
SHA1 59ddde38cbfe0455f17e7287a539e5fb3aeb031e
SHA256 580f4a4c4ffcad56499c43895ac8aa673e4bde03134c328429d04e6c31a4d887
SHA512 ca2f5b9fdb37dc31b889ab59f94b6872ef1155f48027edcb50de3c8fc562bb33c79f88d833231a07192d90a5564502c08274aecb1b69d21163525e4e5539c270

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 b80728d761bab173e3ede7d0db250f7e
SHA1 dfbf512e8acd2e70f63db6e0764101a18f60b397
SHA256 4ce7deee9aa87dadb665870c73b58db76e3bd8265dab1803ed159f275230c0df
SHA512 743fd50db4535770d34f78f8cae9d92a91742dbe9c3ecfe8070cb91c67cfe279faef1d41ef7d20d5b7beefcad5ec551ef527f6c1a0d543752a7a88c4698d9559

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21b6b6530fd674435f0d199536f41309
SHA1 860fce042628b6a4be111640537b43c7324b37f5
SHA256 4836745e6136dfafc4b20909787e833b09dc55a6a8f9575352d2147a255692cd
SHA512 166d1e4ed66ebc12b0377f24720f7abeebaa701fc6182113849afd55422e8425b792c85583c9ce5f30ed26a1d96cefe8ab9521322d4fb594741ac1f310d29234

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05e5d6856a0b1749df96d4c90f8a95a5
SHA1 a87dfe6f909bb7c3a0173a1fc995f75d11854e96
SHA256 0d4c9b23eb9eaa13983f4f1c219c3502777e76e695daeb9a414216c900797aea
SHA512 bebb3ef1dfc114c4945a3c0c6e1727a10f6f7c1455a5c6722089ba488cd94c2f99f9b8e4d5d0313a29b72ed94ed309fb9693ebffc5734a5ac420e6142e0481d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 188f4671f1977f992ef688cf74f8891f
SHA1 6276f09fb99225a9d32b4cd5a276a824b339ff04
SHA256 311069609076e4e5300baf64f9e3793bd7ea1645437e1d0d75a4b094f358ce52
SHA512 8928fec288110e666fd4785cd2c49860a391ca84de871b941e24ee965699687705ae0aad79f6f14948d94590affdd82d62aac2bbc71c031c444b54daad416f48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 95ea5c5f2903bd41203712f9581655ba
SHA1 2b22758abdb15c68d6e22f989136249353672da3
SHA256 aca1990a69620aaa87f2315dc012d3742d38a3dedf8f79a559e72dedb45a518d
SHA512 753346165a82289dd676aed2f930c62a36fea36a03a89407f2a2b16cad7087d903eb5a6a0073aca9cff1dbbe2bbcce8135a2f8133798c17c57a201e35ae63393

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0746375936ccc35f202f401311716e9c
SHA1 68abe069ec185d5d3609f07c9055820a787ab400
SHA256 31733f537e6b420335aa4739f18a32297d4f8597925f1cb4013f91102cbccdfd
SHA512 084ec24dc2b6fee0c37667bc93a0d491c8496afa507cd62a93014598f214b524ce55d3de12ec58fdf726333ab68712e9fa5a57b012947b0bf1fe793ff2b71474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2d1bad17bd63f0b3026b01c015c88f6
SHA1 6585a1fbcfb16e53b8924e61b55bbe943022b764
SHA256 95716f7ed0b19173fa45f783fa17b5ab99a723fbcd44191237fd55e3197e7185
SHA512 c7c0adacb710569f632df280bef2e8e8f9eb93f29f01670c5bd3ede8968fe6a9161b844bc57b881237516f41af9f5ebca6eac735ad1d02ec27bb1f5c6e0ec6c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b03589ce2d7df0514e6befb78eb4065a
SHA1 a5444a80e93e8099509961539503369cca305596
SHA256 acca576af39d22e79085f09dc3b932fa69327e1d8c6f227a7b82f7c1be488de1
SHA512 db52d95dd87318381483e68c8485bad87332325b05670abf363fa6c9f67e832db0125e206abec0aeddc453f424ac053c692660536b7add087fa00203f9f1f771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f315a2849d12bdba5c9afd9e0b292f30
SHA1 aabd444895350840b177830f69284c0be7607efe
SHA256 40f8a9762ce82f588313f2eb28c9a7acc4df4deaaacdbbf70c6af20e27069551
SHA512 173d28904c0e34225328ca3501f664bdf80a144f5478b38981f8fea7eabf6dab938db5e9e8da1a46e5b995eb07cf7892424218b635ffb00da724baefd26a9f32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc0bbc7cccd68f52ad1dd7d530d530f6
SHA1 81865699120016a58d2ee2c91e8bf5bb13dbe39b
SHA256 5b184af3b6e769cac4cc348be31aabe6bc2da1b4089ac3180120a483e04254f5
SHA512 a3d0ffe7013cd6869c5f8856fa36dcd012b16bc2a5eb72e98304dc484c8572d50a3ee251ccae36d78880c5ae09b77bfa2545c300e3f65d20574e78b1878b9105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cfb834168a9ede006f8045f8dd3e052e
SHA1 950622bdb9b0b57d62806f3766b6fd0a38bf262b
SHA256 0c580c883fd07ddddbd608eac08ebf2acbc6e928a5b65b45311bbc948710be0d
SHA512 e32fd2ec67cc9c16b2eb4d14a917b6ef50c7017a8a9cdb0b32f263df9e5899d1593a5a6e4aa40f8a464cd5bcbdcc4c4eace2d5494feb4f14bdf21a2508aad41c

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\121.0.2277.128\MicrosoftEdge_X64_121.0.2277.128.exe

MD5 452e0d9be9133452bcc9599a49496df7
SHA1 691f98fd80f21f5e41b3205dd81aa149efe857cf
SHA256 76b4c2891bb6b1eda8d7fcb509dd4e7db46c5579a1059110b7e16529adbe5234
SHA512 11a908709c89534811365a7748ca8c54ca343257cffbaea21a54915a0556cb333ebe62fdf02ecc698c6d33a9dc8a9ad365032c712eca77298ee9794bda064d0f

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 8685e5d2d439af66b26f87d6a8bc7f30
SHA1 df0eb364a1011d9190aa8dfb69c72fbedb95eabd
SHA256 ebea92f1954ea31b5b46f1b810ea7dc9e9ff216097923e882c6ee8440350fecd
SHA512 d00c347e89511e105250814a572656a64b5f822135976e5b0ec68eee3fedf1ba9eccab128630fa09915a7ce13e7da64f0400e768438d3050ef3f7dd3852763ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88799502f77300e69f13d3e526867afe
SHA1 f0f9268bc90d993bb884a9563717eba83a08ad77
SHA256 fe04979945e870a3d7d9bcd59a3e4a0a291057945f950ce985a84d5bb808eabe
SHA512 1d4e2b9fb0f26de109413c98e1f0bc1bac89204baa63fc363814b9366f0307603d68db7e69934401581e7fdf41805f22df85cd408a907826eccf3bfeff92b18d

memory/6064-2420-0x00007FF6CFC00000-0x00007FF6CFF05000-memory.dmp

memory/6064-2422-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2421-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2423-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2425-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2426-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2424-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2427-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2430-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2431-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2433-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2434-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2432-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2436-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2435-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2429-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

memory/6064-2428-0x00007FFC90B90000-0x00007FFC90D85000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c0260258b83dd181ef29b03785d0f02
SHA1 7b1b42093093f78b9b0b10b1c9ce06c8a7c7f0a9
SHA256 a1521a0d76a7e2041f0e44f0658c54876568d7657bbf028d34f91da05e016251
SHA512 1c1d650159ae0e81cc7f73a55d7d9cc01d4442a11e2f853054d7141bdd71b688d3d26aa0a066b8bf9145f6b5e5cfae4588fbb5480abc70d96b3622b2bfd5574c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1b2a22594bdca8c1520feacde65c95e1
SHA1 ace170f5b44af43d5f7a5313bdaab69cb0301ed7
SHA256 aaef5e2901d763361c41d00dc3ce2b34fb1bd5db78a9b7befb3cc99e0438c352
SHA512 58b0a3e5fcaae18702b0c900b9b1e3b806d513815578ca290e7d058dfa0c0997cfa614ed6d1e9b2650807d1b3022c9f928217b757f1fc3c4a2e349bf00c9d6de

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 dc6f34556c42ddf714f608644dd4dbae
SHA1 8cd47d48fe377a3731fb3cd4076cbfe1ab41c466
SHA256 bbe5dcaee7aaf56256ce0ead49c42cd918d6dc8804d0b35e5a6f582c79688f20
SHA512 de5c12ffb6baf39c6cf331511e3bf3e7a706f828004d06269f905108bd834bf1daa6acea5af872b16b6829e164c7ed1181997957c04c2c04c341385347cd01e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb653f3aef3b2d6fdfeff0ef36bbb497
SHA1 268f4c504872770127a0e682b6b79017029d8fd9
SHA256 0ed823a8dc0bec998b5ba5e4e668c5d074e14616d30a1081a16ea343621bd812
SHA512 abb964ae9a6c410e6659d9f66d08d498e5537a0261f1ddb630355edbb108d86574e157b0294c7ec4faa26b5b0439b83b09dd400dfbaffab93642d3003ae751b1

C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Installer\setup.exe

MD5 0beb955d81d357eb45a7b79b2b0c8d1d
SHA1 203edf93e2528b64c73cd4651f1af9c553ecb6c2
SHA256 f4c850abc17c255023cdc5cdd9111021f474520751ee1dd95e4bfd64e27cf02e
SHA512 ee043bbd66a068679cb078a17d138e0be1e2ad84c8d3dfc738425cbbb232442940819ea48c0f4ace3267f12f0622dca44bf0d83af6977c37921725fa5065b0d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb96e6e1ee5d41c0bfcc5ff1bae3b4f0
SHA1 d767c3193969c13f28a7bb14722d15525f28fc19
SHA256 25ebcda60467d00012ae068c63ece90bcce083a10d9a2d15adc0f15f826eec26
SHA512 e4591d99ea643501fee4e7021d86f703f2dd4b9ec265ea43b057809e77bca3ec306ac900483d93bd22ea0339b2056fe72c9d51718b068cf2ed0b5c1123d7b569

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb28b2379ffe2cf7357d59fd0330e3bb
SHA1 6ca5b8ced19b4c31e7df95f6cdaf09356739dba0
SHA256 e1ddd5814692961822c4ea4cb84a89ad463f80f8e721cb5598e92ceab24f47ae
SHA512 e872c7155e84fe4aed41f26b439db0ebab1e79d1f880741c13e0909a21fd8c671f68913b26a0879581abafebb4494f75e19cbb203a594efc49a118f2bdeb771d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 28dcbb184c9516664d120b6ca3e20956
SHA1 adbf55f8cb7202908e66fa29fbb545ed06d59e48
SHA256 c049ddf2c1ae311b2ae9338b9e7e1220175b4b62d7fb00b08e9ed5553729ed0a
SHA512 8ae8e3f73ad8f580ceaae7041fc7e0a4bd367368475b98b5a918fd0fda9391a854349264c8cda100763e2044aa45a1c95042dd8f6784a053d3c248d5072d9c3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54f02246945f26402b9ecbce0372d614
SHA1 64b1b84ca2ce50b8931bbcf22c25edccef919b30
SHA256 904f631f376696d4c53cf2df81c5e048d040e08951099b77736dedbc6202f98f
SHA512 1ff0c9e0d2d650c61a7dc2e882ccce4ac4683e261b708421649921c50bcec5c9d3bcdcb805f11e29c6c736b9e70f0204f1634a027047bd60f4bf0a6cc875bb98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c06caaed3bc36f9004cbb7eef3c44cf
SHA1 3798d37e0c4ea40cd1a499be55eb99b792c90ed1
SHA256 c46a2e91835c9a6ddb76d8467368aced86fd97d51ffb1611c36c9894d8f0c2c8
SHA512 22e02f32db0b30c8573da736872d99b7b7b715dd8cc13d8312a67af62e280e9248202d34d5972344d03c8a8a0cee145822fc397b18cc91f1546745e7520ae3f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc566ea7700f8ca7b23631aa3154e048
SHA1 74b319de3d0e3f05c2253ccf8dc8f6b05007947e
SHA256 c65c39ac2037ac1233189870755eabc8a88a131120c51240083fc1b98af49844
SHA512 8e2bc57952e362f3368d909a3e4dd1679cf512d9580bc788557ad565bbb99ac3180c9ef747fd2d65043d3ba9113b19ce28e9ed838060cbc5e3199f62ffcbffd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f4d3eeaeed13af6c8820a3f69e283b8
SHA1 d44599cce47da58b1f38b34120361ee65d57b193
SHA256 62f1c6141c5da9b954da90bd9ac1917f1c0b581dde2d6ab49708db065f63a13a
SHA512 fbf7b8a333667aa39ef72a07201912d3457fcaa125eb46f1d61893255253c024ac99891157b3875759e8a9014851554eb2f35aea941eeb34a04502680e4b9c06

memory/5524-2647-0x00007FFC90B90000-0x00007FFC90BA0000-memory.dmp

memory/5524-2648-0x00007FFC90B90000-0x00007FFC90BA0000-memory.dmp

memory/5524-2649-0x00007FFC90CA0000-0x00007FFC90CB0000-memory.dmp

memory/5524-2650-0x00007FFC90CA0000-0x00007FFC90CB0000-memory.dmp

memory/5524-2651-0x00007FFC90CF0000-0x00007FFC90D20000-memory.dmp

memory/5524-2652-0x00007FFC90CF0000-0x00007FFC90D20000-memory.dmp

memory/5524-2653-0x00007FFC90CF0000-0x00007FFC90D20000-memory.dmp

memory/5524-2654-0x00007FFC90CF0000-0x00007FFC90D20000-memory.dmp

memory/5524-2655-0x00007FFC90CF0000-0x00007FFC90D20000-memory.dmp

memory/5524-2656-0x00007FFC90D80000-0x00007FFC90D85000-memory.dmp

memory/5524-2658-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp

memory/5524-2657-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp

memory/5524-2659-0x00007FFC8FFC0000-0x00007FFC8FFD0000-memory.dmp

memory/5524-2660-0x00007FFC8FFC0000-0x00007FFC8FFD0000-memory.dmp

memory/5524-2661-0x00007FFC8FFE0000-0x00007FFC8FFF0000-memory.dmp

memory/5524-2662-0x00007FFC8FFE0000-0x00007FFC8FFF0000-memory.dmp

memory/5524-2663-0x00007FFC8FFE0000-0x00007FFC8FFF0000-memory.dmp

memory/5524-2664-0x00007FFC8FFE0000-0x00007FFC8FFF0000-memory.dmp

memory/5524-2665-0x00007FFC8FFE0000-0x00007FFC8FFF0000-memory.dmp

memory/5524-2666-0x00007FFC8E670000-0x00007FFC8E680000-memory.dmp

memory/5524-2668-0x00007FFC8E670000-0x00007FFC8E680000-memory.dmp

memory/5524-2669-0x00007FFC8E780000-0x00007FFC8E790000-memory.dmp

memory/5524-2670-0x00007FFC8E780000-0x00007FFC8E790000-memory.dmp

memory/5524-2671-0x00007FFC8E8F0000-0x00007FFC8E920000-memory.dmp

memory/5524-2672-0x00007FFC8E8F0000-0x00007FFC8E920000-memory.dmp

memory/5524-2673-0x00007FFC8E8F0000-0x00007FFC8E920000-memory.dmp

memory/5524-2674-0x00007FFC8E8F0000-0x00007FFC8E920000-memory.dmp

memory/5524-2675-0x00007FFC8E8F0000-0x00007FFC8E920000-memory.dmp

memory/5524-2677-0x00007FFC901F0000-0x00007FFC90200000-memory.dmp

memory/5524-2676-0x00007FFC901F0000-0x00007FFC90200000-memory.dmp

memory/5524-2678-0x00007FFC902A0000-0x00007FFC902AE000-memory.dmp

memory/5524-2679-0x00007FFC902A0000-0x00007FFC902AE000-memory.dmp

memory/5524-2689-0x00007FFC902A0000-0x00007FFC902AE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 abcd0448ae1248885ca1b0b8727bfcc7
SHA1 4243ffbb2dfb2af37c7141bd1dab128765dc2beb
SHA256 47db80febd55e11d872d90cbc09dc046879cd51c455e79a11d97fffb02b671df
SHA512 20392c0506e62baed4af3e00474afd7bbaee2b7502f6cd7316d5125f8b077f477f0c3e248197ea149ea9876d47c72110ea6f5f059f11db0a381c3f9837a547d2

memory/5524-2690-0x00007FFC902A0000-0x00007FFC902AE000-memory.dmp

memory/5524-2691-0x00007FFC902A0000-0x00007FFC902AE000-memory.dmp

memory/5524-2692-0x00007FFC90310000-0x00007FFC90320000-memory.dmp

memory/5524-2693-0x00007FFC90310000-0x00007FFC90320000-memory.dmp

memory/5524-2694-0x00007FFC90330000-0x00007FFC9033B000-memory.dmp

memory/5524-2695-0x00007FFC90330000-0x00007FFC9033B000-memory.dmp

memory/5524-2696-0x00007FFC90330000-0x00007FFC9033B000-memory.dmp

memory/5524-2697-0x00007FFC90330000-0x00007FFC9033B000-memory.dmp

memory/5524-2699-0x00007FFC8E940000-0x00007FFC8E950000-memory.dmp

memory/5524-2698-0x00007FFC90330000-0x00007FFC9033B000-memory.dmp

memory/5524-2700-0x00007FFC8E940000-0x00007FFC8E950000-memory.dmp

memory/5524-2701-0x00007FFC8EA40000-0x00007FFC8EA50000-memory.dmp

memory/5524-2702-0x00007FFC8EA40000-0x00007FFC8EA50000-memory.dmp

memory/5524-2703-0x00007FFC8EA70000-0x00007FFC8EA96000-memory.dmp

memory/5524-2704-0x00007FFC8EA70000-0x00007FFC8EA96000-memory.dmp

memory/5524-2705-0x00007FFC8EA70000-0x00007FFC8EA96000-memory.dmp

memory/5524-2706-0x00007FFC8EA70000-0x00007FFC8EA96000-memory.dmp

memory/5524-2707-0x00007FFC8EA70000-0x00007FFC8EA96000-memory.dmp

memory/5524-2708-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2709-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2710-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2711-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2714-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2715-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2712-0x00007FFC8E4E0000-0x00007FFC8E507000-memory.dmp

memory/5524-2716-0x00007FFC8EBB0000-0x00007FFC8EBD2000-memory.dmp

memory/5524-2717-0x00007FFC8EBB0000-0x00007FFC8EBD2000-memory.dmp

memory/5524-2718-0x00007FFC8EBB0000-0x00007FFC8EBD2000-memory.dmp

memory/5524-2719-0x00007FFC8EBB0000-0x00007FFC8EBD2000-memory.dmp

memory/5524-2720-0x00007FFC8EBB0000-0x00007FFC8EBD2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a574e1bbbd336ec8cdb4cbb0ee5a0ff
SHA1 d4c8198e835ae7298046144e8dc2d8b37e94e31d
SHA256 bbd367543c494bc037e9fd2ae241f08cc5b2f3f695ad90065c8f37765000d6ac
SHA512 6e9a2390fb8351b3cd4e282fd8740ff75f068372b96bf3430d4f0015e5f87e151af934be6888c2805e5de7e7fd8dfcb527f80a15204576f9519d3e2f4e022e97

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 35f9bab9434555a887a986e537fde813
SHA1 5b6deb8580f5c2a1a23fa153d88641e79dc59823
SHA256 68dae4058846c04dfc27c1aecb4645a760854ad4dbb1025a2a590d39ab5a5994
SHA512 9995d16d13994eb11993c1168bda6a0cba26bc9dc1e8374b552e5a7c49eb6d23f4280bcfe548caba69821b374ad6cff8e4f1e8510cf0b93729eeed9f50c11eef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 528cca8eca691a89c4f3d11e3c80dc5c
SHA1 e0bd99a0d47a3ec7dfc29a498b946345918049aa
SHA256 40e3483bd702410fcdd2c908d597cf706527eca18758440eaba18dfd782e3170
SHA512 279d27606ea32de6ba22b86298ce4caa0691398e5f428fcfa0c8ce5445e1b46564c2e6d84965239330b6d5800f12acbd7a8fed343f4347534be9358ea7169fb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24d10e670fb50bb05acbe5d05abb0470
SHA1 657b3e62b05bee668f32116eb087d4a7299098a2
SHA256 b6626a67535bbd0e7993e51211597b71e57955bada17d516af36920844fd039a
SHA512 ef6c243ac09c0cac4bd4ee559e93950cee4aa4861fa945ecc721d4ea51ced759b6bd082ef57e245325efad9f9c3f00d4a3a09b020500b7ab4206fa29284de5dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e59d42c472387f55cda9fd9c1c0d032
SHA1 7f23d88b09fe9edafd7e9bb763f709cdafd40b9d
SHA256 d5f6f775cf60b00e3425c7cbf10fd50d8e378fb6b1c6ff5e6daa80aa3aa8f8be
SHA512 fdb23518d5944e8a9de1c10ec25775c5eb60b848826d904315d128efc3e4b6ccdcab5506ce7cc9344fe231e70ba773520ca51097d8cef69dc5519748f0409553

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2319be76d061ae63d195998285f5733c
SHA1 8e87c15a0cf57341e98173cf7b72ea32470e7861
SHA256 09c1f1cac293fe8816ecaac2aeb79396612a2ebfc418024fa79494156c6fe21c
SHA512 f4b4f7dc4f936a0fd0d1a52ad4443419a3e1cab47e45a06063e79fbf8b58b8f692974d548707b1245bf139f11b6ba4b91fa9c1d9490cd2a2a485d97f12235c21

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7bc77f6dbb12bdc2689ad9f592e375ac
SHA1 a36e30145933ad48dcfa8e8978d936cf33034a13
SHA256 c85c11356171674ce890ea8eb51e9bceec21919078dc8150a506b6249f3ea0d5
SHA512 d9255542f596104af58c932bc2d7f630364f635ca350fc37264ea6c5b47fd45ff735d0a6f7f0470359e4c80823528c7bf001c444759574f9d5a9d577634d076a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 4c376fd503e413d143474003d344528a
SHA1 01e78a049dcb0ee8ef3d03dad7e41bf00e4fe39c
SHA256 a9546fe6f0fe08caf5f2cf6f4ffdb673944613396b981234de2487abcec33693
SHA512 52248fefc805e8a21e9568681d264ddee6ebdd5f27f9aafaa1ac3d940593283b862c626e07889aed00a81e62805219d5696dc2d0889d2d526198fc54f19b3d2b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 b4cb2593ad15a969e43642bda0ffc4f6
SHA1 2aad93d7ec5a5ee0606ed10209e56d0216ea741f
SHA256 64936dd98664a66c0ce03abb1127d9eac8e9608923dfc245f184843bc116e9de
SHA512 1d4b81c526db331f89e9d9ceba399f3d82a2dbb217824f8f7fb636d39b5233eb273d26194090b3eb469b3971a565b29448bed87768b2c90f06ba539bd85d1adb

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 9479c2970021dee5d092bb2b0caddee0
SHA1 eff8415adcdf6017b8c500de53addb50c7a99cb4
SHA256 5291dfaa505a5fd9e4ba40173ff0c727b15f553babfa3651a1bcacdbd6aea0b5
SHA512 9759b67ba9249a1365f9789281b16d840021c3dcc3666fdecffe8aa0268c6c65879c240516c47877f94b85c37fbdeec6d05f26a371e07f1de3064b1bdd7b5f16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 72b7237568023b2fb036e20841aacfbf
SHA1 1d28c0b2182a5562c41b2a23d6cfaf09c945d179
SHA256 ba7f863845f4ee35535f857f087eaa867487cf9bb75dc3adccfca63c43d8f5a2
SHA512 2aa62c6e212668fe682e0080ee61ce1e076f17c118e0b2e04ca32d39f07495578b9b9855d7c001f3d45be11b433027f1b8e14af45d24d48d608fa942c89373ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5a09ea298f09d7769776198a1f4cf51
SHA1 3f067798838fa7c2a98f4231abee7aacb410bc0e
SHA256 02892700e4f5aab096739d62ba6f061d829a2a883ff4b8213151cc7dabb66683
SHA512 086c31819a55758927808590ea11bc7b14dc739b8f4fc36956ea50e230bb84847d3e32e5d1c5e2a09ea86e32cb1afe24420507d5ecfdaff9b6418719a2ed7700

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 131dc5665c1b840e2fe8fff69ee1d645
SHA1 20c8efeca06e49bb3f6c36e67fdee6eafefcf845
SHA256 3d24a812665d0640d0be828c2b2d17e0cdc75c4700b6c65637dcd7795036cede
SHA512 4331a74edd798cfc80454d9be438628f306a3c32fbdffa08b7a03b5def71999213caba67b4085a1021eab39574447fc92a1dab1f75bc27d7593fac8f017b0a12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a54a1313087ae8afc08c41186c412bad
SHA1 76d2800c330b21ea18255799bb50d87b13947228
SHA256 2a9ee1ca2629c478aede78085a3627279f9a46fea9ac178e2f78ab35a60373cf
SHA512 3a88cb9248db579ecf4d5922e470fc66a07bb87d71a0fad741b0c3fd4d070297a813c677de0b69c0290f2326196456faa03eb3b53bebe01539e245e32ee35d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20b2040e32371f6b5468975e6b600d36
SHA1 2ede45ecff2c27477189d4fb3d92cf7eb63c63f1
SHA256 8d0a8d888ea8740e43999ddeed60eae6d9a40a58bf0e89253a442eea8f12e4da
SHA512 b21e476f63e0c974aaafe25db34a3acde984dba3416f8c3c7515e47b3174945a72c364ce777960c3cfc80a3ccb21fe163e350500fee7e53d3377aa16c477db9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 7ff03414464965c0a1c6dd06513d63e8
SHA1 419cb04f68f7172d391fa4ebe03d6468e9db5708
SHA256 2a9bc4fe6d89599ca3819204cf01f79c8e16c15ea036d0832591390145317fb2
SHA512 a315ad1ccaf194a56cdb7063ae75f7a1e07ae4c13f6df7cbc1bc084d7cd44a1d33d86a50296f47f61c6c8e755de6ceb3e04fcd06ef17a1923f7667c4ff852381

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 64c8d68901c1fbfdc459ce1f4b6d53b1
SHA1 59853d0ecb59784a7e10a8c73cadf584259afd1b
SHA256 caa2ee6b2bce4603ad014ab4d8cc772db8e59a48957aa05cc8fd2ce25b32c28a
SHA512 3f283f6cf57850056a392766879a9ebadeaede54331293aee13df39010e4e19becedeb9855120f7fa298bf7dba31da8c150cdd91e7634af13b2477e70ec22ec0