Malware Analysis Report

2025-01-18 21:10

Sample ID 240325-p5kf3abb8t
Target https://www.youtube.com/
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.youtube.com/ was found to be: Likely malicious.

Malicious Activity Summary


Downloads MZ/PE file

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-25 12:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 12:54

Reported

2024-03-25 13:01

Platform

win7-20240221-en

Max time kernel

60s

Max time network

368s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

Signatures

Downloads MZ/PE file

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E27792F1-EAA6-11EE-9A09-E25BC60B6402} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402fddb8b37eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000ca9eaae605c69e9f41b9a6d13d52a01cc688309cfef0e1e3c7ec28ed9b013430000000000e80000000020000200000002b58116148cfc48166cd9dcc4c4eee11c47c4607e51e4e6b564a96feb313091e20000000ce4d2041cc33b77521f7812753c1627097ef5247ca5fc49a7a01304ad4cc6c79400000002aa88425cc391db90b9a40cd2ffc6232662fd5b3039fe8b27e645092e6d78f37fb51028d7a76c287e153d6f96bde951d84a92d4821c6c9a113037024a794a87b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000002c4081c700071c7611fde4d441dce0d21611dd98d020bdc9a3b392cfcc562668000000000e8000000002000020000000e3f9cd58f061a9935b788e9511c5618fd06f52f0904be6a42b7b6ae1955cf05990000000bc82049a28dca4fb7432768ba0034b77b7418aff9f345f1112909b151daeb1aebe31ba2069460867f4fc3842b286638f9165d35629efaaf71d9e27297c11bc78af50c412071575b71ab81ecf9bc2abb25c79012d1675621e6171dc7039b450e52a721f4f42c5c43a3a7374e0edd6930fd2e4c678a52d7f1bc5c18b70132d03115d1f10b749e217cba241f4fde53acd5840000000c35b4fe50b395042435e2ba59b59297267a7d4ab0b3ea9f615352aa244e27d77b5c2c8879c8c6a3716a80d8ed02b2210e24e078ce05541282af9e706f03d451a C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2660 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2660 wrote to memory of 2556 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 300 wrote to memory of 2040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 2040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 2040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 300 wrote to memory of 1744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61d9758,0x7fef61d9768,0x7fef61d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3216 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2296 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3728 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3980 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3952 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=740 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3876 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4068 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4272 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4420 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4504 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA0NEY2REMtNTk4Ri00OTM2LUExMUEtMTY4N0QyQTI2NzVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFODI4NDQzNS1BMUY1LTQ4NjItQkZENi0xMkI3RkYzMjA3NEN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQwMjIyMjAwMDAiIGluc3RhbGxfdGltZV9tcz0iMjA2MSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{1044F6DC-598F-4936-A11A-1687D2A2675A}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA0NEY2REMtNTk4Ri00OTM2LUExMUEtMTY4N0QyQTI2NzVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRDFERUNGMy1CM0FDLTQwMEUtOTJFMy1ERTFDNTRGRjFENTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0MDI2MzEwMDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1496 --field-trial-handle=1384,i,8851063533351318559,5917327207379641109,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F32B8C0F-399A-4605-8420-7D591CF48DFF}\MicrosoftEdge_X64_109.0.1518.140.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F32B8C0F-399A-4605-8420-7D591CF48DFF}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F32B8C0F-399A-4605-8420-7D591CF48DFF}\EDGEMITMP_851F5.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F32B8C0F-399A-4605-8420-7D591CF48DFF}\EDGEMITMP_851F5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F32B8C0F-399A-4605-8420-7D591CF48DFF}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA0NEY2REMtNTk4Ri00OTM2LUExMUEtMTY4N0QyQTI2NzVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2RTBEQ0VCQi1BQjBDLTQ1MjQtOTY3Ri00MTVCREY5OUREMkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NTI2MjgwMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDUyNjUwMDAwMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxMDg5NDAwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzBjNDA4NGYzLTFiZWQtNDI0Ni1iOGVkLTIwNmNjYmU2MGUzYz9QMT0xNzExOTc2MzQ2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUdpaU1HQWJlQ0JucHZjVEZCREZDTlduSE9ZSjRQWjclMmJDJTJmJTJmdEhkRTVheldRVklDNGlha2JNYlNhQ3BKOExOSjBieWlQUXQ1OUFPWTUlMmJHbWhQVmpNOVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNDA2OTYwMDgiIHRvdGFsPSIxNDA2OTYwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjUxNTU1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTExMDI4MDAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNDE3MjAwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDkiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0NTY4MjAwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI1NzE4IiBkb3dubG9hZF90aW1lX21zPSI1ODM1OCIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzMTQ2NSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\RobloxPlayerBeta.exe" -app -isInstallerLaunch

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 roblox.com udp
US 128.116.102.4:443 roblox.com tcp
US 128.116.102.4:443 roblox.com tcp
US 128.116.102.4:443 roblox.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
FR 128.116.122.4:443 www.roblox.com tcp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.18.116:443 static.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 ncs.roblox.com udp
FR 128.116.122.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 104.77.160.221:443 apis.rbxcdn.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 locale.roblox.com udp
NL 18.239.83.69:443 css.rbxcdn.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 auth.roblox.com udp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 88.221.134.48:443 tr.rbxcdn.com tcp
GB 88.221.134.48:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
NL 18.239.18.116:443 static.rbxcdn.com tcp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 hkg1-128-116-118-3.roblox.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-1c-lms.rbx.com udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 52.8.7.221:443 aws-us-west-1c-lms.rbx.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 8.8.8.8:53 presence.roblox.com udp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
GB 104.77.160.221:443 c0ak.rbxcdn.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 followings.roblox.com udp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 badges.roblox.com udp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 8.8.8.8:53 aws-ap-east-1c-lms.rbx.com udp
US 8.8.8.8:53 nrt1-128-116-120-3.roblox.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
HK 18.162.64.64:443 aws-ap-east-1c-lms.rbx.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 8.8.8.8:53 aws-us-west-2b-lms.rbx.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 44.238.182.9:443 aws-us-west-2b-lms.rbx.com tcp
NL 108.156.60.110:443 c0aws.rbxcdn.com tcp
HK 18.162.64.64:443 aws-ap-east-1c-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
NL 108.156.60.110:443 c0aws.rbxcdn.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 44.238.182.9:443 aws-us-west-2b-lms.rbx.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 cs.ns1p.net udp
DE 3.122.43.95:443 cs.ns1p.net tcp
DE 3.122.43.95:443 cs.ns1p.net tcp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
FR 142.250.179.67:443 beacons2.gvt2.com tcp
FR 142.250.179.67:443 beacons2.gvt2.com tcp
FR 142.250.179.67:443 beacons2.gvt2.com udp
US 44.237.151.236:443 m.stripe.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
NL 18.239.94.78:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
FR 128.116.122.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 104.84.73.17:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
NL 18.239.94.78:443 setup.rbxcdn.com tcp
NL 18.239.94.78:443 setup.rbxcdn.com tcp
NL 18.239.94.78:443 setup.rbxcdn.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 88.221.134.73:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
FR 128.116.122.4:443 voice.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

MD5 dd715cf5ef8e8151325def6eb987d7ad
SHA1 aee0e191baa008a160e57e7678af27c5997a8c4c
SHA256 c8c41c3f61066e3783e6c2c787b244210250665b622918c567b188dae059a8ef
SHA512 6fff3f6cede4407f03385a6b79b7a60fdee595077f4aa6a5fbc3b7b10e43298809316c0b917da6682d448575df95bf6178df608ac05cb00f485e47211b6f4b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d7b8061a62b99f26c8b5050bb13252b
SHA1 3d06671a8c15ad41bcacfb754e8ab8c54e199286
SHA256 05ebaabd01d109294ad8dfb747203a5d7ef1b52a84dc07bab499f1890cb0c9b6
SHA512 4bddf9902064fab2440bc96878ff8a1bf5215ddd7b7e67b47da7a418266c4042fef8d7fbc1244e5d10e79fa0f26b9b9c4d5b4c5f12418d1c0724ace9c579759c

C:\Users\Admin\AppData\Local\Temp\Tar9DAA.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab9D98.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\TarA3C8.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f6b906abe2f20fbbc90e6f111a65e75
SHA1 55408db11dc54fc7bc5ac510e6c48e1909c50fff
SHA256 d52c8d077ebe0621e479d85d4285dacdee1a1b7641cc60a50ab5f620994f7596
SHA512 606cd1fee06e49c1e3b9e9377986b613d5ac2fac6ab697832ddde00c00acaaef3ad15a6e0b9bd94365dbdf04c6729644e882ab5ca5a2c78185af8923c37da3d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afb0128ca70983afbac0d88263723e65
SHA1 e7f314e66e0f484b41a728c71889b6560d7a4231
SHA256 1c67c221f23a7c4f695b95dd0b904b1125691d5df8e4d772f09535a5a4737edc
SHA512 3f1f2a8f9d9c50423f739c737c4831b8c921d6785a66032fca0df4a023fb3bd276ff62ff39095746ddb5547df911a88615976984147f96df47a8254ceacd9277

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d5220af47f1a8aeed144f75efb9754b
SHA1 ae22dc8c0de7d9e359d4026ed47276e23044a000
SHA256 aac0b3f745723b967d9a5f5533320add822bbf1a19188c2e692ba7b429da8344
SHA512 d3fed380a26a35ec12d5c1f468273ec9b3f875c0b147ba53b7a64c8ecf6d85680882ee5db8dd18bbce4d9542201e9d7e30981de077da6ed57233ba61bcb97966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe0f1fbe267d7a4276d0a93657eff0e6
SHA1 e5c13c19dec69358f519fa200cf5269b53128f89
SHA256 e5f55b4426b7c878780cc4cb3adbcf16ffcc2aaf192ac7d63bbd79df827e1fc6
SHA512 2eb45452995a3fc41d02c142e872886735f9ff9191fa7d0d6041c4835f368f3f2e022b0ea5b5ca24db6114ee4b36985ed4e8e81aa983b017c2882663878fd412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4232ec35fa83a86daadec25d88c1435a
SHA1 49a011db0f152f5075b4de67bc3f9e671a15c1c9
SHA256 08cf931a7d5e05959deb67a65d552fcfc6c5e35a5ea89a2cb0e9785c8d795aff
SHA512 514d2dfb9a8bbe83384331739d6ca4a6e4b78f84163b31c4fcb6704b0d8548596e540439374d6be82914713710aac5085882dbdc0d342ff6dec19c89e08d6b43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a10fe6a5be540ba858483536db02f609
SHA1 5e5dfc342dcb67a3c033eec81fefd8229a3748d5
SHA256 57ac88e48ba79d606588f29fed7de8b7956e3a843b97df8b914a7ee004f7e78c
SHA512 4fa24a78d5d8163b911f3e0e45c42385a8594b8038477ce0ec4b914e36cd0197ed4f5f36ad3f57894e19f49f823c24b2d4e2cb5059b1f2764b58773f002fa758

\??\pipe\crashpad_300_GTLEBHAZIKGRGDWU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c50bf778a19065b8cd634232522a519f
SHA1 6266a37566e2465ba288c613921ca0a853616159
SHA256 28ee62d8e599e9d5fbfd463232b6fefb9abf84222428820405498870ca192fcf
SHA512 327ffe18ec4c562f42579fe7551e8452df801ae9e4b7b0340de20cd884f62c79b4361c083b838bb09dd92fae64b28d17d19300602fcc4fa571ad7a8bc2a6f787

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b789a717a3b65bd94ee31489f8d8eda4
SHA1 e8adef47e8fa94bc4156c1f5009685718a6570f4
SHA256 4ff526b7507cdc52abed11b7f6c3ddac574b8b8c4f6a412f0b1b03dcef8faa09
SHA512 39e8077079f75da6b730d7ee7d597592e1ea454faf4a9d6447cf17450a3cdc0c6b1ec76d42cfdeb14b7fe74d614528ba9db3e2213b8206eabde520c88d0aa78b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a5ad65e6264de5ed2472dacc6708366e
SHA1 cf373d57c47f972ca49bf01bcd4a0c3e6fb0fc83
SHA256 aff45a54ac4853f07f8532ac8779ec995b5544ec198923874072f4e02961b1aa
SHA512 867e84265a50f1ac166dcaa03b7cea27f67a5b06bf0eb731f8d4f8342770dfbb2ce55b3693bcc27220cb86c1c07f2e817dbc148ede5a7b5081fdc37e084387ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_E6E5AFC8E26F79D2A2EBCDC0BC547682

MD5 b669c287666ed71edd5e1cf50693b641
SHA1 1e3db0fd045288dbdf9e4cbd299e74c72843b227
SHA256 4143185205f3909d4719db7577139e9c9d728fe9628344bf8b1187fb021192f5
SHA512 b18a58a2057a7c78311a70a8afcf759216623db5da1fa5c0dc9c37e86f467605739874927a3bab96c510320dd244e552faca66ece5a3df5b9cfa3f2b52f62120

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_E6E5AFC8E26F79D2A2EBCDC0BC547682

MD5 6b99b4a54e2ee7efaf31a2727cf7e2e3
SHA1 9cd5aa24ad8884654433fdfda5ba06b6c5c2d3c6
SHA256 3193b57b6f18f6a64ef1fe2c8d4075ae0ebeaee95b43141e2bda1a92eff693bf
SHA512 410f11d23b9bd345c7fb8e72b98d6cf845f1e01b9c92bf411ae874f6932a75977e125951d3a9fb19e6961e3bdccca9a82d3d521e45cdbc6a795f6626b373e512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_97FAD8EBB31B0B74F135144564816C0E

MD5 886842194c823a326abb3426b97e17b6
SHA1 c2858a55d2ba0fde554ba7e12397546f2c443dbe
SHA256 16cfb3b74045cb6017a2dbd97060f0fef034d9388b8cc05d03dcb3b28bd62a87
SHA512 ca2c7911072d4f86d716fe71f108e6330bb24ae0e3fd6a33e3dd6a4714268b12b42c035bfcdd3813ea7a261afb20155dcd7ad61dca1b53ffea8caa3c5e564fa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_97FAD8EBB31B0B74F135144564816C0E

MD5 8632d6a23b961188dcfaa95c91be8123
SHA1 86ef65c933daa7d8fd08911bf767bb107123844c
SHA256 3676ab691c05863b4af40f115179b1669a838e8783caa2bfbf73ae1de5f84195
SHA512 f95241398c973012af5f8b84f60320381555d6bf14752159a192af15590d8aa9f88d234cd1ad5518dd69c31cee21113fbb182f2c000e6a5b328472099e942a07

C:\Users\Admin\AppData\Local\Temp\~DFD924C7D22F48D183.TMP

MD5 38164241633853034bdded8ee05a6e4b
SHA1 45620c1212bf30ab598c8a38bc0e4688e882b8d2
SHA256 19aeef7f7325fe86e337c46fc17bff97b134c7c25cda5283b8764cb79b34e209
SHA512 bb4fd341dc1308f954c65250f6cee5d6af84f0bfd27e4f86146765ff30b1cf1018a63c6ebf5fef1da8a7b19c8506bfd666ddcafa08c47d42a0d0d20b038025e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7e282fb74d2c7dd578bfe725d4a357
SHA1 69fb54df2bd02fbd7ab1a45a213ed22e4d9aa352
SHA256 991cf8f19606051e36c0003df058ef70976bfc728ae371c00e0aa3e0c18048a4
SHA512 2e47569306f1bbf19bd7105d0719f6d026ac04c92f6c2c79b0659d4bf7f38505ef63e67f634c46a16acad0d979051cc404c25a6ba26ee5ef651631fa3421edb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 30977be331257b4a928df2f4cf97bb34
SHA1 17087091c11594f30a2632c1ac700b159be97f88
SHA256 8e1169b90ba6875e7793e67d392b0e62647d8fd60ed30f24e505e6da4ba327d5
SHA512 6ad51e644edb8bc0023053e08632e13ca9b22f9a832f6e9b72d7f7927e227e9f7b21fbfdd31f309157de212218f0601ec76722ecddfc9e124e88acadf19e92ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d222289292088b47825082bc4cab1a0
SHA1 881d503446cb606021c6bdee74bd9bcde6ece4aa
SHA256 7ac4285fe36724f0a72fa3f3fff3ac81cfa2bbb5e9ed1fb9d213a9091791026f
SHA512 d69bb0340ced5f3da7b999d497cfea2d5b89e5e189a6622a340e4d773f69209a205fd5d289f8501ca296aebf7c0fdd783081775661308cba11d20024d4df1c92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f76dd30c182cc5f55a6a5bc5bab7fb30
SHA1 9e4460a4ff07d982ff8594c98b524ee417357375
SHA256 ef2d220dad976e557500602f1952df75b04c58e0dcdd1a454b6af8744ae9e4df
SHA512 24ef0fa3f68ef6843e94072566e2579971c07fbe4f60278012751ea8ad2ee228de5b681d29ef76d888965b65b24883c8bfb5a7c4b503dd87e2aaa889a585cac9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47eacb4a64021c18df2cb54155fa0961
SHA1 52f1c4b2942301674fb0103748bc09a44671430a
SHA256 5bd921dbbd9fdd3cf98f3e5abd1a3a619a13c759b1de3261c76ee335feb0179f
SHA512 12d73213adb5ff49f8d2f758ed81726e2c2d5b64c23b5cf4ac7757bc43fc89df7b904f9dd35298d6d0d434bfe7976d52eb4b2f21efb4aacf1274a2b4d21bd500

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ddc666432600331737f14fbdf6021b6
SHA1 17ed4321275b805274317ccb60c8d2b853ee212f
SHA256 748554c63e78a93e1c7cddff79fd10a923609a6b8eee300d2e8bdb2f0c1170b6
SHA512 379f0cb865fb9d82c16b58fa360212d30b82342eddbdb28876dda4c094d890f776e4e95e5a542b6cd8854d709790d7e85bcdee941c17c9e70a2563007a64faa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67a1bcbf1e7682843523f6759d786263
SHA1 a009963db1a977d1245350528465375e203a5c4c
SHA256 5a73ca53aeb8f4dc906246d628541e5420ffbe14b9d9f8e8dc4f6e250f8fcfa2
SHA512 0d676a8aef7e1929be604e93833adaca4949257bd025e8335b57430307da3b7b4a115cc63885df2c8fb252fe75601de79dc6fa3b2f0f41202e20b52b5fb837f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0945f7645972def782077c3f27ea92b0
SHA1 671638b81b2c1029e12a0d68cb5ba6e9375dce18
SHA256 6a0e7252cf7a0089f7b6ef8d07a4f99e114b8ef488dbaaf159953681346dd0a7
SHA512 e971788d5915af3919da24b7a3b5e39f5361e7bd22f9e672cccf0d94866c35eb51012e3b5fa19e86a1bc38fc64957c153eba5ef4648b81b7f35b082ef2aa008b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d10e50524cec24272412e368ddf88a3
SHA1 0ade8ffbffa571319c28d45cf3a45bced7a37b52
SHA256 ec1262a509261f71cb45e79d7417420d686f20eb2cead67836e884d48202276c
SHA512 3739482550ac14688c00adb226a66fb36038b75447a991a0c3c628666d0ae8b419527db020a5eb32ebeec07b9f59795d9c80c87ef05a6f09f1349d36b6ad0b79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54124e72ac07fd7682b9fd9435553960
SHA1 679324f4cc92332a7531147e497c04817c038f00
SHA256 762c683f98b0854f702b16957c315a5a187608e30e749f6e0eb29b768b8bb4ab
SHA512 5122d8f8b4f3ab1899137d6f29e32f1d74f858d4c0baecf18f27ea7dba12ff4ea3fd7d8b9f74209d3041c44f471fa744e327e1326d09014beabf08617644c7ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe7a6f95842949799abdc60b68892ed0
SHA1 128d3cdd5fc6ec2b026dcb1587202c3011ad9eaf
SHA256 1f98692e0e0d9ea5a50ddf690f7b45cc18c12d174b609da8fdd9846280f09761
SHA512 e218d5a8882c1b7290dcc607cf999ebe1a607b1ea2fbf25a80ee2086544a7331ccbc5e3cf1f19d8340df96e04567b6c79d0ca26e50f36b24ef3746960a4fcc9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6af366f2da1a443dc47524e9871ff436
SHA1 9edeeb38352028819eccf54b6d933b913c8b8621
SHA256 9d30ad0eee324c419da14baf21b7f590ce83f812e5013aee5093fed6864d397b
SHA512 f042509cc5c52794f9b4718d897227cc85b2bdfa110e04ec57367824bdf9af77e8f303ece8944a374b7273194f067c59fdb0ceef71978145b300282133635094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e045237113502c4e2fb40171595d1243
SHA1 080fe24a2cd6a6d7818ea05bca8e8fb660ab53eb
SHA256 15f3add0b491dba17cad203dff95498047b265ae0c0ed6fcc3767853542196b6
SHA512 9df636418733dc26f4db9116118f35b1f99ec4ac44412f0060f769129addc59d1e9fa8e324d8cb46e17fb4d98f6a2ae3191694c607a0664caa43dabc4b752270

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1db91ec7def5aff34c8e0e1519726633
SHA1 308be874f3baa2aff80e5406f4f28ec1132fb931
SHA256 79c4f1d16d80cd04d18a2fcbe66f655f6aea11f3ae4c4c8c90f6bb84182c9f98
SHA512 5e1eafe239aed8b77d45bb095917f022aa1f1dbe49c119215564c067ba055abb5709a53638b4ade272a5b34c0b9e9617db37a124d62ef5e55de9a5f5392b6d04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 359ed7bac2f77bb32b3f7382890a2b38
SHA1 db683829d8cc1ac802cad841dda25a66505f196d
SHA256 4238aa59c53554da8f1ccaced2cdf5a91326517b6a767a57594745e382bde3dd
SHA512 eded3c09480a6d0d6bb18d0a435e531668b1451d33ffc9a49a738c382d5d635d28645a3549be5d9dff8efb90363975cec8e13c14b0169d00a667661cc6066dfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf77a6da.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 d170269951b86f585f899d21ae50e782
SHA1 e981cf3277587be2e230a211eeb4a64a77aaaf97
SHA256 ca08d2665294fd7036d1c5260dc3c7a280961e4097651ddf2cf950925a1f988f
SHA512 a1769e21b012fb39d9b625ce8d8173d306af510a05c3a377f9d6b7a4894ee53933a191aeda48a7850e7d057ab3d97a49854045f514aa75584da5a5fdaa5d670e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 4aad0061edda8bfc3e8e6f534aacb929
SHA1 7868cfbb05f4c3fcdb560a172c070ddb2f88beff
SHA256 c5b2cc4a6d932afd24e80a44cf631f432d2dfc904f6e0a82f09083cd829a5ac9
SHA512 d2000e458f50793ebe591f5b7be42c1c29e78b874112de14d60261370d3c6e2d2c4b52a118f9a643bf9483e97f2ac02f14eb3483d3b9ce8fd2976f0db201353f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f47470d9b5ad4fc516f9c76d45d4bb4
SHA1 b7406869662e69791a1de29e8f2e4f424a92db83
SHA256 cba8b1cd0fa2e9aec6828fc92c845684d8bfe83876be0e42a0383aaf64edaee7
SHA512 10da15d85700af423c4dd1bc4ff2d603a23495edfdedb80e5432484d0da77ba9012debf6521e22378df5289a479d23bcd447b6011e33ac67a6271e5ea1ea984b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8d8178ec5d5fb1314385a8f07c9b944
SHA1 d7e4381234fa8138eb159babe50c3f8566342325
SHA256 51b8e4665373750a33d7fe2d6ceaecc1115d1588f6474f4c21d0ceeb09eee510
SHA512 bacacc9b367d464d946c74eca47783b9d06f08ad13cd2689ba8cf2f3365307ae74d28781cb44ba889b728057b945bc4f31e5010f92bc553d61dbc55c05659b00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 48a35c503770ceedfe88eadf3c72e3b7
SHA1 a0052c43d41ec10ba7eac140cdcd1deb40e9adea
SHA256 0a6bfdc893730442db1ea16ec69a1830d2d3e1a2a84ce29e5aa999e08d3c8ec4
SHA512 2ed5a5a9eea8a18dbb28c9515d426b3d8eb0aaa7304228b2c48817604015beafe3a2e7829e5fbd46dd27a28381dcebcdd8e783506158957cdae19cfeb8044de0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2cd75041a8c19eef2c410f9a6ca6253
SHA1 45841d03f64507d97503f9a4d87f416e009f2389
SHA256 2125d1282f0ce5ed6e1aeac5842df1bf971fba154589b4357ce3ff98ac5bf98d
SHA512 b623dce073489a449939aae5423cb9f01eda838af4bd60698ba164e71b7fe9e2cb05612ea2cf765e600cde0bdfbbf177b18959cacdb9204a6a2af0ee9309de17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 afba7739184d8d3540612732c30f1cb1
SHA1 9c5e4bc73a3cb243c33a0412aa4b56aad3e146f7
SHA256 37d95ab7581cd936fb5cd731a6664e46fbed04f5bf2f8d74cdbb55b2931f30c5
SHA512 5cb61976e5774bc81727aa64898ce30087f8811bee6d6e946a5fe0ae92df8b4ae1e01996173b4ac9ef1643d58401b0d7af2b8781bf4c58a0cbe581c764f94833

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f979fe2873dde1a91d078eef4de72ef6
SHA1 3896128520bc621466dd077267d59714d0e845d1
SHA256 2c3ede479adfbd062a700e61e95c14dab0f6821cba3c2c3d229b8da460766b5e
SHA512 e6aa2d132faa680aa34c463443fc42f0c3e4aab0771b78b323216a5581da6e97a03b1a08bb277b9ea3af4d1e8151883a1f75738e18e57bb00f951d95a72fd082

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d179b4a855c03a130cc2d5448c33de2e
SHA1 f627b141c81edb2642cc0e22e78dfb98dd1ac305
SHA256 2d4b89052b2b43b5a45df4dbb912879eef2bf968078c3a17d8da7dda585ef924
SHA512 4db9fc3a3899fee5b69e3818457351a4678d2084bb3a65f3381659baac65332a283a048bab01f8d5070673d7c2da7c9082387e139bfd361400d943145941f878

C:\Users\Admin\Downloads\Unconfirmed 736752.crdownload

MD5 87aecd4afa7a8e1bbaf06ba3902c2492
SHA1 fe4efa58530c9463a9a56966ce9b2a312c5d0b94
SHA256 46e5bfc9c8c3b59878bfa4631c16ef264d0dd92f8557a2c160d96cd27e9759ef
SHA512 ee907d1312a5f99c896b7b5122a7c593fc1f5f6e69c5ce126bcb30575d0b8e7489eff7ba6cea6fcb40493e54900e97c2d119971258f824d7a3e9173f07741afd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c4d46f158477420e07ed33024c6a65d9
SHA1 885003f357ac3361c05078ce7fab808d3dfc5973
SHA256 74aa02859e317c9b948cb6353b91aab63424addb18a772fbacfc85056d6d4535
SHA512 e589cb400430c3387c0f2666b85feef444ebee4101338d046d1f2f8e3932047e3cb2df65268d2e7a87a949b5cb87b99048bd758dc30fd412f6b8fbfcbb63b893

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 1e498c136071f938a402270218b48d7a
SHA1 3c2db92188957a0b4ee131b3e1c3853a7d28da4b
SHA256 f5869b79ae78d85a20b913018fb2b9b449708c8cdb17d26ff3a45b46ee333535
SHA512 29e3937ea750fc5c9ec3362f9dc127626bca33df36dff208be14a3a160ee07a9f8cdad1936e6c21d8c88f7db36c64be1c9541ebe4ef621c05f142e6380e99e5e

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 70a6ba6d14ce817262eb6a11401523bc
SHA1 97f3e043f752463b1724d6909e6b8aa52d705636
SHA256 57bfa09fa658f8060e979469561b8ced55fe8be763ede67841e3a8fae9a91df3
SHA512 c1c4154463f139812bbb13a987a034641ce9a0f3510c362a6192d4f8a8bc8f4d489b044a28d0a8d83069919648ab8751759e632d0af5695bf5ea46c545bbb269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a0c62db33ed614f28ec3420d91a1410
SHA1 de9ce6a16872761b06ddc4e38283993a11e61f28
SHA256 6554f454ff1dc49f6fbe025ddd0bbb07e4dab091191c8f1515084fecaf0cd646
SHA512 cfdef8c55a507990c5b882f17918ecc2ff894695facb1a97954cdd411601986e992049f961a199792d0bd0507d59ce213c793992ad3ae4d2ae348f4cd9ff41b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 180648d07295f776fc36b3315e28b437
SHA1 aaece7f497b623e553abe386025165fbe45da47e
SHA256 1d021351b430675a111119b356d536a5a41092e5220d9927c9fc02c6bb590151
SHA512 fd58b45b68fc932be6a0c42496a739d90fd60c9b78a13ba69ce6ac3734ee01c403b77caf9521c35d3dd6652f5585226f9d9cc9e717f429dffa1acf7f22b7ad3e

\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 38fadbdb8c575af849ef599df4f32f2b
SHA1 d08c4128a540a9a3bb44eb2809fab5ccd6773bbb
SHA256 74b9669cb3de47033af3c2bfa1af92762124d7cd6e32667c247a9f6da70078f9
SHA512 19071c61cbd47d908d65da2dec50b0865de0d516463b9637dc611fa977593e6c128958ce311b45e476149b03eef7e694fd356611cbd9f291ed2cdf080fda5120

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 b3e81f8dd15ee73cd3920c9a542a9817
SHA1 47e85ff124a8bc40b7804a3bf6423b3e46a8b733
SHA256 363edefec1fba011a2802763e774b16cf4de4de7993064580efa1cb4ac47cd25
SHA512 3888aabe93a5b1f557f1437d1e78d71e74de2c5c9e4a03c132cc253dd194b7c4951f4a9d7f2848bae58a90902bfba45523bfa513c9c465dc33bd6ad015b13f21

\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 0964990369079b26fbf4cb233c809133
SHA1 fca0307538544a98d93b6d1c0719c3f3aace4f32
SHA256 3f29c5c5e833742fc219458a93a1e52116646f138c7c01a88e9b2b3c23cf4629
SHA512 9f12d78015c482d7883c86b267a77e11d9c69238199c71983187ca12df72cff11fbede3e5f2d7256db6923f2e794b8850cbb01beeaf877b136c7e76cb4735041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 857eca177f9d74dc664dbae31010d4bf
SHA1 0da32764ae737b5b1359bcddff715c52c317d495
SHA256 709416d26e656dffa1a5611432765d0f8b99b9b16c5b94328efc01116bb96bdc
SHA512 6b6d2d3819a23f5138d5e48d578e37834018e8369eb02bd557ef290bf9427312d20c1872fb62f8da28ae0cad5203bebbcd77446381469501b22ba1facc68776f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad36027f2b915736998a6c7c30f7640c
SHA1 67b2bb5c5301f70c42fff17d23405d88d864ca56
SHA256 c4639bc6cd6f4bbd6d785944c38358d573501e733a19fec436f858086ef014f2
SHA512 b894956c4dec9d2aa914da5a99083c2d6979f33a821a631e165755019aa323984ea2606352b3b26b44724875b5e9ae31e979fa6fd16e558a224b4aaa039215b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2174f6ed1a53e16be350e1602a45efa9
SHA1 fd51362de17ccdfc751b46bdd30364d14683c0e8
SHA256 f9bd55f437dd3ed79237448347aa18be38447c09afdab3dc4f233fefb92e6c84
SHA512 ffa09ccf57aeea08d9a8e366c0d43345842769a7d1577d4c260a799787255e7db82a6e204752289160f2c608e8c5baa966448f5b2a30753283807034539bc1b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a640a3a143c6d2598c0a621065a4d596
SHA1 8ac342c3e5b6bd7609bf74d6449bcf55cec0d9ea
SHA256 f4ce499449a1556d09bb518b66d7aba57735cd1508fcb537ec503ba546bbbb67
SHA512 c69aeee20b4c0cd3b6d120cc1f7fd0a7305e5a89e060dd06b3bbbfa368ffec8e0ec3d7fa5603c122b692710bdeb7e3b41e462cb2d38718fae9f8d2ffd4e432cd

\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 6ed1dbde64f2de244451c233cbb84795
SHA1 6a6c4a85372329a09a7aff7441c783630b7f72e6
SHA256 200ec81a96cbeaf24a5cfc0d359f061d5c2ebccb16027391900a25cf9bfe4b56
SHA512 c3c4bad13f873a416c4a7d327d87c3b803a0a1b9df69956b21f2ae555ef88834db922090293b81aa76f844b5d3ad9c414fb6c7f420f28d4a513f4ca5d33f09eb

C:\Program Files (x86)\Roblox\Versions\version-94a1a798754e4385\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 021b42fa9a67e8f3f85125cda6e3e026
SHA1 8366681e70bf20d93546687815f51f7c2bdaf0ea
SHA256 a074aa8c3c6950cff28af8ab4f3789875cc1f3b8d7c32f549b9729f1adccb335
SHA512 a7d6ef1010d9a4531dc8bd479d9e7adee082abb613157f377e7beab22fd02f241ed0d9002c65d49e55865827d1d4da09d738a6dbe667020b849664432dc0f1da

\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\MicrosoftEdgeUpdate.exe

MD5 9811039b38662343ce51c36f72b3c3af
SHA1 b7064dbfaea2603b23b201523f205b1259414ad7
SHA256 b5a181016a424c897e35a4546989eea9e90222e565e3aaef43c87a5ba7b6c447
SHA512 362b0aca90be32e749f5a0db0647fbadde940b8ec9b8aad8e9245a3471de517eee855b7e56ddd8883b017435f5c86d6af2015f261d2a44d35ed21da7f39722ab

\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdate.dll

MD5 665eadd2f3dc338bf9687209d87147c2
SHA1 c21a335e0e8f9b624887d360a1b90d794f7f30ca
SHA256 53fdfa1801810d86ff2d387bae80eb89334ed9cda1ec50e7b4b49e854ec786e2
SHA512 87a3ffef10eee0d8b53a0111de1c0167c1fc0e6ac4f51fa99a6942049e623ee2c3d39d20ad7782e4b302023183b89099a1d6d8864d97bd7a5c8d21e58448a240

\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_en.dll

MD5 3504ddbc8e1c0fccc0ff9876adb9a0d8
SHA1 1b29a2edaec4ee578b6c2a703ea2c6c18d9f7999
SHA256 993262be10ad8eb6917c5b30603689846d9413b0f8ce28c1396dc0b80c7633f0
SHA512 7f14319e4ca08f8fe1f0eee8178e43e3f526cd62185d3936e5f8bde92e84f13b329797b2cc602895cca408b89be2cc74458ea557e7278e0637f38f53c00a8b30

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_cy.dll

MD5 a4018a8cc50921aabcac179bf1645ed0
SHA1 e17945090b9419de0c0d79fb62d129a66ad95ae5
SHA256 6e8a98a1cb77bb7734561322283ed794f3ad217c6b5e21237a3ff46db705ca92
SHA512 d2cf647f99824201c1496d8ac7aaaef87e1c07f2aad351550c22e0b7158d5cbad2d8b1d60f298050798b2f58c31b2f72d6f4db1b4b15b825a0845eff555202de

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_bs.dll

MD5 90921e11df26c0a49e41574946d26c41
SHA1 81b4c8dec0880832f77c646d8e5356bb1e6e300e
SHA256 737a221a0188abfe453d8f6c318710ae3d7ba7dbe552e1ec09839c131676b8ee
SHA512 36d18d4cfb9b555dc4071569df5d86457cb67c744c25ec254c9b6c28c62e95a41a7b786fc58ea1354be53dc90372766e0d2a12ccc095262fd80edb36e1ccac2a

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 8ed598c351566801add5178709c45653
SHA1 494134532451b01722523305e209b6bc4ac4ef09
SHA256 9e04e5372ff2c69935f4a31a60a1ee15de48a3203f0767bcf8716254e6d7511e
SHA512 94fa003ddfb3a89c5913a2c7e245c1eef57fd9e6b9c8dfbf0388b367e67422694f905d8d5e09fb428a78945eddde395a48566bd0db061fa497b3e49339a0e38a

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\MicrosoftEdgeUpdateCore.exe

MD5 5d8e25996cd5ab898deaf25944c4179a
SHA1 89f5b7a95e264401d63e8d792edc03e93fa195df
SHA256 71449064f9b806686136d70847746bdae2b8b8b1ad6b3b4515ad7f6b86f8ebca
SHA512 3adb86b9a7da48db0a05d61860684427558106685b9e204fa0ef9c336aafd4ada1a0338d09133f75f6e84f42369e32951e297e5df9f7da99feac5b0a1a6bbda4

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\msedgeupdate.dll

MD5 a211e3a4c7eb0cc18f4cafdea1346b37
SHA1 a9f7e2bd400fc341df0ec9cb71ba0d8101261c0b
SHA256 80a54dc3ade9d6b02aeeccfb7c9a68c1db3906aa09c97d706872236de79bbfd4
SHA512 3b01005764256fe6e411359fb4f25049726efb0ebc85d4ead1af012fe145efbea2d3739662a17e434e5a3a7263a318aee45080fa9a47981816c5f2ad2ba3450e

C:\Program Files (x86)\Microsoft\Temp\EU2CAC.tmp\MicrosoftEdgeUpdate.exe

MD5 e9937a10bc491623387e179ac3754606
SHA1 7b564bc1778a59e93282587998e4660f5e1a24cb
SHA256 cd1d96ce0bf7bedcadd3e7882eea2e61056316ea14b3ab051c7fc7f449dd8451
SHA512 8929a352a5e2fc3d859f3377651948ca1489fce0099fb74ebf2705ec0daa33f0eab85cb3a5038def9e8c72555ee2670b36ad09c0e50650292928876185a7fc47

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 b2e5c60e92be2febcb2746a01ac0e496
SHA1 8178623d9aafb35cdf898566f19faf912c32baf9
SHA256 7d5dde1ba603fd847a026da00b8be05bab2e1428287ab67c30f203514dab26d5
SHA512 35a1b60bd184ffe4f573311c1645fea98d39d9ae2ebe4238fe74244b1423e7c65cd1433b3ec24b9a6feb42cbea41b85c0452c021ec2c979b62e01fb784fa7745

memory/1088-2612-0x0000000000280000-0x0000000000281000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6b42496c0324dcdda3ad47128409b95
SHA1 c598de38213e7249c2e9f3b9e6ae32b1ea0241f9
SHA256 6eb01bc9ea2c3650ef38d223ad5e642eec5f3ed302bbd5cbd7df105b5a3712b4
SHA512 13c429873b3ebfde2405d758bf950b78204324f45bb2912f82332a7eba0f69b05bbfabb5556515ec416ce223e1be39fe68047077d1e168607af1b533d9f3eaa3

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 043b3477cd25e14dc001f782b55ecddf
SHA1 9d4e40066835f88bd836db1668533ca2e2cdd452
SHA256 69b609dda5a8aec2cc5e322fb753b5e871b0155a9e805e98f38eed9f7f5ff92a
SHA512 9d08bd1a1705d3175d04a570dca9294cf535f8d6aefe02d8d218cb340c8ff9e6f3596e3f77a127d6b0c294976ddd0d5037afb2b58bd8e983f8d3c759765ad7d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d09204b8cf38138c1525f85b41fbf56
SHA1 9745d2c5d148928e95813207f8d8b0466b85331f
SHA256 9518d1f6ae9cb541704031173b4c3b44ebb432443a0285efdcdc41375b814671
SHA512 e20794dd1b5348d90f5d023c5bc9287faf7a0c96ded733dab6dfa9d9fce122d17ed9384e732acd1d944982dce11c5952f53db6e66089ccf1d682752e33e385c2

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2e6323a30f17cac31fa270475d002b2
SHA1 29ade327cecc5b9328b858505df4fd6fb5a709c9
SHA256 0b70cbdf8caddca5243bb81dc1362c4afb252665ca30145a85009809c97efd57
SHA512 541845ea758e59de02019f32f11a19e3a484741384baee466e3e1820bb4811cf45b2fd6a2c7d35259b9db36afa3df2efb0dc5a129ed67aa164f291f89800e4eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 159d9a094c7479bf9171acb192e9f4ed
SHA1 7abc590cc7b6f5c0cfcf51ead1c50a77e80643a5
SHA256 e80cff5429cc5bc4d54ff0929799a31cf831411ad65afa03a32253dc6d5e76d4
SHA512 94f117d2555459286d5dd9b8ae7628029ed7544f5c32f933c6c97e6adb79efe6f32ea8e30753a7cc7a1ee707b649ff2fecd113f31be79e1aa54afec038b9b76f

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1d4f71ef7cb597ef1997791a6ef85119
SHA1 afbafcdb03f9d264312ef6bdfba8105c26a8102f
SHA256 a70e003a84b41b6ca50f1b2eabfbdd8101473e5445cbe024caf995b723f8f35b
SHA512 e8e8d757aeb6565b7474d74ace57b60fad84bf4373b459f2724ea3e80e38ee431dc0b0f8924fc2a5551f600b16acc085af1b690148de38e0ca2c171b2c283e98

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75e889c07f2dbccc46496b71ebe284e7
SHA1 842a4c80479a3261bf5e57d5fbce124f4620452a
SHA256 71c8b039a08b523ac3a4da1552c50d16137c9df1d8c7841b488903d2e17090fc
SHA512 4df5a26fc4db11d147bd603bb875ed3c982e8ab5ffeebe1edf486363de232c91f81d6ee84ee46173db7e0aa979aaac00db77c673a51c89c410e6ebfcce69a66a

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8edce27ca75fab3af0cd00878050c2d7
SHA1 4b861259bc78d8c85eba4c305551cabef9f8c43d
SHA256 d87b5150d8369893a40c5d964f8ead9a4ac33fbc19991fe745d9e23aa743e928
SHA512 16026cb67a57cc782de02a4e3e4e10a109e898bfa69b1da0b50be2a89cf29380205c3ccb6cf3d02d85faaa5151a09336f62b76fe45c67beab9e53f548ba273e2

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9080c3815dd11c6c908333cd8f930ea4
SHA1 bbe75bed61a0dfc653ab1ed5d4223cf5ef1b202c
SHA256 fbf9945a9b4a07ce30a6f5c1e0e3aa6d4565b107aef43ab13639927d94a9e90b
SHA512 a13c056d156c25d6b4cc8f7344cbb17363859440b9aa2d1c2c098a2a167e291a207a228fc692ea8a1d0a20c335ce2d36edc6188234392745e29988203ad983a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 caf42cd86a5ed606d01d037352d92f60
SHA1 6277779a33e39a12d5eef0c13b229c59eda4b396
SHA256 f643e9e43a13b6b0d96ffe8cfc3c0e985636cc4651126d030e6d5b81bddf1208
SHA512 00dce7e3ef7385d29403268a0285d0052e4905fe087c9dff3612362bd34eb369c17a539c1fef009ac9d0ba0ace038587567dcbd9f7c6d047468dfc6e0e59eadb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 91b2201aab709c20f1eb5842a9783e3d
SHA1 39f5c03e50e4d04d0b7a1b5dfb049fd6d86c5ac8
SHA256 d853144e04b6c5275309d3d264d2287b83db18ef2bd4559abe42b0646f33b7f8
SHA512 12966ad57bca76523c043610794eda7d664cb711f8c8bf9fd6bd12852dab44a9eef7bc4e8221f256ee4f80ea1897baf37d12a3a2a2d9176a7a92f95a6cdfa95b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b843b529083d85e20fa225e493229d6
SHA1 7c36250f79f16b1ba44dcec2dcd73692aa23c3c3
SHA256 80465b7919de598924f0adce5730eeced450d2cf9d33ab6b3f907b507d2727ba
SHA512 d51c77a30f370235c6ae3bb52dc811827d2210876382d606d9dc633e58dee6e13b371eb0d6b6e1cf5b707b057c93688bb4905e660c4f7b89d2374f13394298c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3df8dae2e60ae7af13b97597e418995d
SHA1 c49df37f6d114079c90cf0ef6865ce32a9537b34
SHA256 0140d063a22085516fea3a5b80e49ee6f858bbbca9f23c56298022178c9a4222
SHA512 a90d530a36d519ca5172d4222a6a515251afc02d3751d8ac8887e87cd7204ccc85cba192b2feb7f6c3a489a8e2ff8480e886adb93f6dfab6a9367dd45b554030

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a24d1e7b953b294f923d5ba8e8a5c553
SHA1 a8d9a2c66cade2800ac59694578091636e534af0
SHA256 b0cfd1fb6e23b88bfa922093e3e805e88624bc080ea8deab708646399931b11c
SHA512 702458eba8f2a00b5d0c27857c5dcc84e9b7b9d8297dd5734a62bfb718af067e0ba414fc7e5eb6167e42f5913d431da3d90fc1d6ae682fdfec6e300e314a362e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 410255dc9b4e3b75d15261a6ea6c4c3e
SHA1 d12559163f165e4792f17a79cb4321b56dea56e8
SHA256 d8e3b3fe033b04cf4aa2ef223539211f6ec1d6655e39af6f772360c336ae3721
SHA512 12d0b354d1f2af20c32928949becf35db42567f50a74a6c50cd0605ad650cc2232d4f4f17c1d8ae7998601262cd67a6534609b27be82296831828f7a303050a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d937febc7f44b1458e07b5c2a242bd35
SHA1 77e9527b468b7796e624dbc784046bcc4f2b53b4
SHA256 39c2c6029ec312dd657f207c7168b33929b76132788d121780183b2a224059ae
SHA512 1dbb8906ff9598d9b2d01f783b70e1f7f1f013cea27ac325e410557106085b1912c3904dbd0dfc0f818076538352801fab171a6ac7c9b198e039d1a15092514e

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\109.0.1518.140\MicrosoftEdge_X64_109.0.1518.140.exe

MD5 24c52433a9c58afa419a7437c9ee82dc
SHA1 1d77f145c3ed67faa9c4957af19dd805979d75db
SHA256 08e6b67acadfd8912bbfe30f015cea00391a36ae763d2f277e64a033c26bdc65
SHA512 be27a589bf24cd5bde3d85c27234e65709f98b0a5d36b8229fc0d739ee5b02467b10b707c4a1aa1670d2ccfd6fc1b965fc083b57c80fc824fa29858bcc74d7c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac51b22da9be104f227185614c436dfc
SHA1 0b02a11c447f7054dbbf75c1db356d2632cd2060
SHA256 ac3fe9dda1c6677372c18744fb8dbdd5d765828350ff58391d98cb4f5ff50b4c
SHA512 76ed78e81303ad2a8c7f8be795df81959cb4369c097f1a2e151166852a39947739196b59ae560b3676c30035aa4f00f3ae7a58a2d4a796685aef03bfad6e088a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4846dddc5b3c79fbfd99bcf22827b062
SHA1 f1611d6214b2d3d0b63bb49ca4bd21f189572cfc
SHA256 49c020f36bf1288c222d78a5b106222c234377432cb401d9cd39a1b496672c51
SHA512 0ce86fa11bb7ed98f303da24ab1907c93ae4838a90fa483b7584cd4ddd7b9074bed7dbb7bdfbbf45ed9a5f36918aa03ede907dea8d0f68aecb7c1127a44bfb15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 299b86a7df3e0e073d624800e8334991
SHA1 758e0414cd59eb0b086857cc3596afa5b44aaed2
SHA256 b262c028f85568edb6052fbe8e133fcea5eafbce80c248346a447f71375cd618
SHA512 60ff46b955b862d96ddcb5cceb6fc85604771a83fd3cbdd2eb57f0212c18837a54e82437bfb36563568e2705deb3e50f4bcaed516b8275670c481ddd1fe37853

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3e24ecfd5fc5220632d0619181753f57
SHA1 7963bbb8bb0b44082bd894cfc7d33642b5ef18ba
SHA256 1e5ba81aa38f2839b9120038fa81e71e8e6679ef1cc98a21407bbd324a91b3a8
SHA512 1b34667a6a92865726362b9112cf16b971255fb51ff0f37a1e60d06dba3bbf441416375a9b871961030dfb7e0c4627221461268c970724a627e812db47e54ff3

C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source292_475487883\109.0.1518.140\Installer\setup.exe

MD5 7aeb614655cf0a047a1f923b630c5452
SHA1 08ff03f8414db85eb01f9a0b24bb62d243d1ddb9
SHA256 84fa408727f04b346ae5d6a6564cb210e897b29688b707bcd14ba1af867b12e4
SHA512 63ae10f4e87209f330c0569fdb3d9f3e9b16bf398f98f8cb976991668b3876f1ddfd7077e981d05b9607b08463cefe6db6fdbc3d7cc3a0699817a633801a57bf

C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source292_475487883\109.0.1518.140\Installer\msedge_7z.data

MD5 bd70ed26e6e6f3193043ac09c58c6a1c
SHA1 d733a65e17f2851d5116598dd80533efc1656468
SHA256 7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448
SHA512 3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a9d4ec4f01c389d3ef89af63abccb9d
SHA1 569d6d5ec9f5b11a35bb54d157305e147942e523
SHA256 e871f4301f4f44ba4fe0570b67e63b9537734d4b26be2e58f63edd267d562f5d
SHA512 f0f1313141c0b49e34343677c9e4f63978f08bb2725473a9300cd37c43cb2e6125efcedcd109eae294a796d99c6366319d5de65c1d0501f02a3dad0e26cfaaeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6356c489efb71f144d39cee51c53c034
SHA1 04bec2182e63e554263d5b72b4d3b500c0bfe4b4
SHA256 04c8af2bded2b895211a268a06982bc5023f773a44cb0c63bc70c120eabc3fe5
SHA512 40d2be0949910967540e65f3b01928a1e185adf2fca4d760d6b7abd0208c4a8d1b7cb903c2c4145dcc789010edf0cae41319a6655e1b495ee91cd55d82c58795