Analysis Overview
SHA256
e8662e595e233c34bb84edec44c2d55946409d7d3b6e2dd7ebe1193e9ada3ac7
Threat Level: Likely malicious
The file King of the Seven Seas.mp3 was found to be: Likely malicious.
Malicious Activity Summary
Sets file execution options in registry
Downloads MZ/PE file
Modifies Installed Components in the registry
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Registers COM server for autorun
Checks installed software on the system
Enumerates connected drives
Checks whether UAC is enabled
Installs/modifies Browser Helper Object
Adds Run key to start application
Checks system information in the registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtCreateThreadExHideFromDebugger
Drops file in System32 directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
System policy modification
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of UnmapMainImage
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-14 13:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-14 13:01
Reported
2024-04-14 13:31
Platform
win10v2004-20240412-en
Max time kernel
1797s
Max time network
1800s
Command Line
Signatures
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=B0E21576431C4BF88AB2A4A5752C2C9B" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E41C32E5-971E-4EBB-86A8-4ED80F6E5EA7}\BGAUpdate.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\unregmp2.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\WindControl\ArrowUp.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\XboxController\ButtonLS.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChatV2\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\configs\GameControllerConfigs\gamecontrollerdb.txt | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Settings\Help\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\CollisionGroupsEditor\assign-hover.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\xboxRS.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetPreview\magnifier_ph.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\VisualElements\SmallLogoCanary.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\mtrl_slate.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\PluginManagement\back.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\CollisionGroupsEditor\manage.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Chat\ToggleChat.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\xboxView.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DraftsWidget\newSource.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\button_pressed.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AssetImport\btn_dark_resetcam_28x28.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\particles\fire_sparks_color.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Settings\LeaveGame\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DraftsWidget\deletedSource.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_6.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\sky\clouds.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\EndorsedBadge.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\families\Inconsolata.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\LegacyRbxGui\LogSide.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PlayerList\developer.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\localizationUIScrapingOff.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TextureViewer\refresh_dark_theme.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\image_keyframe_constant_unselected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Emotes\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\msedgeupdateres_iw.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED6BCA0A-7501-4C53-8BE3-AEF15A00FE16}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\FaceCaptureUI\MoreButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_3.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperFramework\checkbox_unchecked_dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdateSetup.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED6BCA0A-7501-4C53-8BE3-AEF15A00FE16}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarImporter\img_dark_R15.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Lobby\Buttons\glow_nine_slice.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerLauncher.exe | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\msedgeupdateres_et.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED6BCA0A-7501-4C53-8BE3-AEF15A00FE16}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\icon_showmore.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperFramework\Votes\rating_small.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\9SliceEditor\HorizontalDragger.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\particles\explosion_alpha.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\common\robux_small.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\XboxController\ButtonB.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Locales\zh-CN.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MaterialManager\Gradient_DT.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\zekton_rg.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PurchasePrompt\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\button_radio_background.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\localizationUIScrapingOn.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\advCursor-default.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Trust Protection Lists\Mu\Analytics | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChatV2\actions_notificationOff.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\LayeredClothingEditor\Default_Preview_Clothing.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\sdiagnhost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\System32\sdiagnhost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-8950870ea20941f9" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 713442.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 43340.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 831660.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 281540.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\msdt.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe | N/A |
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\King of the Seven Seas.mp3"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\King of the Seven Seas.mp3"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultde5e7d81h905eh4c3chb972he43cfabd1086
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcd0f46f8,0x7ffdcd0f4708,0x7ffdcd0f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2077045492413337926,4920960047723981387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2077045492413337926,4920960047723981387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2077045492413337926,4920960047723981387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcd0f46f8,0x7ffdcd0f4708,0x7ffdcd0f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6260 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7180 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjhBNTYzNjktMTQ2QS00NzFCLUJGNjMtODIyRUVCNjc3QzFEfSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1NjgxOTVCQy1EODgxLTQzRTEtOTU0MS1DNTZFMjdFQUMzQzl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2NjYxMDE3NzgiIGluc3RhbGxfdGltZV9tcz0iNDkyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B8A56369-146A-471B-BF63-822EEB677C1D}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjhBNTYzNjktMTQ2QS00NzFCLUJGNjMtODIyRUVCNjc3QzFEfSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntENDU1MEVGRi1CRjQzLTQ1M0ItOTFBNy1EODYyRkRCNzk0MTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2NzA2NjE1MTEiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\MicrosoftEdge_X64_123.0.2420.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\EDGEMITMP_97288.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\EDGEMITMP_97288.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\EDGEMITMP_97288.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\EDGEMITMP_97288.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{30EEBCC7-C2C6-40EE-BC41-32B200A4A45D}\EDGEMITMP_97288.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff67926baf8,0x7ff67926bb04,0x7ff67926bb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjhBNTYzNjktMTQ2QS00NzFCLUJGNjMtODIyRUVCNjc3QzFEfSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFQkFFNENCMS1EMzFGLTQ5RDktOTdCRC0xNjE3MzBEQThCRkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjY4NTg0MTc1NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2ODU5ODE1NDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MTAyMzExNjgyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xYzFmYzhmZS1mMjUwLTRhM2EtOTFlYy05ZjkwZTMxYjgyNjU_UDE9MTcxMzcwNDczNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Jc0d3RU9VY29KRUxIeUpjRmVpQjFwQ2VUeGhpZ2VQQWVLbjkwVEhOYXRrbW5ybXVwaWFSbXpoTkY5Uk9jdHlPNlU4S21lbkJVWjElMmZZaXQ5SVlHU2FnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBkb3dubG9hZF90aW1lX21zPSIzNTUxNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMDIzNzE1NTEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MTE2NzIxNDg2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTU4MTkxNTMxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTA0IiBkb3dubG9hZF90aW1lX21zPSI0MTYxMCIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDE0NCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Aq8AcnY4Jzy3RXlqD8rG-GzJ4Qm357CD-KGBSlD9EFF6ve2oqSIOILa7DPI8YHrIlchkHc3WZXYq7kzM5x9bZPOHj-RKzhQCHkm4SPbt1VEF-FkDC9MkhQCFmxD5f-c-V9X_b871fHZ0X8z8zZ45hdE7aZBYdO3a8iSt8ir_CRLKiQ6Dbn7pPfmcCa_KFiUw_vhMOzpQXJ7WAPKYB5NQU3Yfy3rvziHy3m9pALPpfo4+launchtime:1713099891166+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D438ea6ec-f5c4-440e-bc5a-08d085cf735c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1380 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:MjICvt35tp_jQTHauzv-3k5WltqiugYm9-hN6Xz7tvtS8RVyh7H-xqZq_7ausk12uRS4j3SU9eGlJln9trNrj3pbGoAPiFplEXMeIOhTHh2slxycbOIq6d3wWlzGUVJira0FUyDgeAShX5FWpoJgTY8NIAH2Rx4AsBvCRf000M6O0TF4GJooKlJ9gcpUTzxHIfkkbo-Vo_aBw0OhVUyyF_iUqvxQg1oUoDrpiMStQXk+launchtime:1713099891166+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D438ea6ec-f5c4-440e-bc5a-08d085cf735c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:N6vBoF8LLEaEGncrEDw3P4PHM7mB5ybFrdaFONo3_3mt7S_AbZZYymhwuEmXg2HdQEkspYh3KZsCimt8OXOfDxRCGWpkNLtsozDmvU4UVNpNq_ZkRqkc_NcgZKSZeWe8q4umaa-mUJOPZcCY0CMohZBENeRlGtQWQpVTZCzBdN7HTVXa7CofXXf51cV1cWH-NQt43BDCKMQTPA2lW34rEhr9RP-pdwlZ-5CpGH4mI7M+launchtime:1713099891166+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D438ea6ec-f5c4-440e-bc5a-08d085cf735c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:qoRRcTk0pa_u2ROS7V_bIb1_RKiqtTo3k2pIonxwPndw-dk_nLqTW_bgOJzl769k7Jy2HZh4XzDO2DI9SeoZexTDtjYhCiSiWzTPu3avVdSWDuoPfNkR6aLgNHCJdf6lOBgqYMHR8eNO_XP1HtVFbmiFBWXQJb7LwDczlNhbl_gP_yf_DBuQDwFCR3euPgWtWGyDIDFwQ51m2sofR5Apph6_Q0_xuwmUlfIKHRMRkzs+launchtime:1713099891166+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D438ea6ec-f5c4-440e-bc5a-08d085cf735c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:7zhmVAt9jMH_mrUWT9Gm10Rnr6AZX_3hhy63T4MEwR1Y7KBWddF-89XENp_plWoun1t-aQnwiSDD6BYvHt_5Es_VFVnlpt8LZFUzSXZyrjk-hQa5iyJZayAH6S3nopXVoiddLiqYKugnwTPB-bGRYcdcq4YL5idH_JvP_mgZzbSJjtVn9SPuHS7-mq11A5bXZaV_nFa60h-hqlDg2jz_UcPmWNh1fLn0dvTOmiCFJdg+launchtime:1713100124615+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3De43c687d-f383-4c59-945c-dd6f9145ead0%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:YZTEUekfxWLTYpBlKGIR3EBgWKKi6kdE_cJ5hR5YSK5e4CFnbKjBwBprNUy-l9te5g9mgQBuOgqG3p5b7HHKzzqik0DxRLCgLZR07RJqmVi_tvQ1d1EwGNFpAE_qKrowubjWaUu4J94S5Z2HQqzcT5jfg9iLfEQVI9pwW8woV8DaphTQYDv-JSvdpTxqymxgK-Tj_3KFA0KR2fqxD9K9E7BdJfUctk4xR1ffk9WagdU+launchtime:1713100138860+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5dd6aca7-1b81-4b6e-836b-0154eced45c9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4092 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:TMPN3tfW8lnybm5-3OClnk6RIs_y8bndrNxPRNQnuPaOiVJhLq_XIgQj5cfivUbBe7g-LhGAlalcYsNMQHwGFvqHzerfKQ_6aQ2KzBVCHj7ufry7LYW96OAnUDizZ8h9_24y8ObNaBQM5Cbou-IiMBlEhBKbXDLXsh4jLNAGa6uk3z9V1E1sAtuV75C_wu_7Q1SKBvuiw_ubDG0uzT4jWCzSfqYgKxh-VHOURxKu8nI+launchtime:1713100138860+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5dd6aca7-1b81-4b6e-836b-0154eced45c9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Uh9sHJb2iBFd66IA96Q9gIrRIxkxtEU91CJzUFSrBBZQ0A4YDbowgPytT1oIdXzUqIQES3cb-hixSIsVpGO9fFCV-ZLMPYwF7eiC9uQ_LsVe54Hex1dza_xfFDra7Zo12CyRkQoFAWG6HN7uxvYpocp4IdDG4AK2iXFZp1yPNjCX3papSQML7ca_VXl_pyyzQs8TG4FVSieGsoK3NzGe7kslaHuOji8xAxZubb8IKhw+launchtime:1713100229084+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D47e71398-f7a6-4f91-8dea-e7864de29422%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E41C32E5-971E-4EBB-86A8-4ED80F6E5EA7}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E41C32E5-971E-4EBB-86A8-4ED80F6E5EA7}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDZERTk1QUYtQ0FBQy00QTVELUFGNUItQjJDN0ZEQkVDMzhFfSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBOUYyNTk5OS03RDFDLTQyNzEtODU0Ni01ODhGQzBGNzEzRDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzMiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5Njc1ODc3NTAzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTY3NTk5NzM1NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDAwNDMwOTM1MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2RhMDE3ZGVhLTM0ZjgtNGE5Zi1hM2ZkLTI3ZjFiOTUzODYwMD9QMT0xNzEzNzA1MDM1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWhDb1FGbW9sb1klMmYlMmJtd3NudUJSakhlbVN6RXNqeHBKZ2daaEJIbVJhTjV4c3hFYTFNUkRhRnVLaGROT1lYOEJRV21aazhXMVUzY3lPYmptODMyZkVEdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMDQ0NjU3NjUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2RhMDE3ZGVhLTM0ZjgtNGE5Zi1hM2ZkLTI3ZjFiOTUzODYwMD9QMT0xNzEzNzA1MDM1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWhDb1FGbW9sb1klMmYlMmJtd3NudUJSakhlbVN6RXNqeHBKZ2daaEJIbVJhTjV4c3hFYTFNUkRhRnVLaGROT1lYOEJRV21aazhXMVUzY3lPYmptODMyZkVEdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ3MDA4IiB0b3RhbD0iMTgwNDcwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjI4Mzg2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMDQ2MjE3ODEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDAxMDU2MDEzNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDEyMTIxOTc5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTYzIiBkb3dubG9hZF90aW1lX21zPSIzMjg1NiIgZG93bmxvYWRlZD0iMTgwNDcwMDgiIHRvdGFsPSIxODA0NzAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe" ContextMenu
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWCABB.xml /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d2y50xre\d2y50xre.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD0F5.tmp" "c:\Users\Admin\AppData\Local\Temp\d2y50xre\CSC80B6C9EBBD694B44AA4A8673313A5226.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kx2ihs5l\kx2ihs5l.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD1B1.tmp" "c:\Users\Admin\AppData\Local\Temp\kx2ihs5l\CSC418537771D97489C90BBD293BEA3F.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ef2ihqbq\ef2ihqbq.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD625.tmp" "c:\Users\Admin\AppData\Local\Temp\ef2ihqbq\CSC6D05F9E8260402C855E8D1E15762D7A.TMP"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED6BCA0A-7501-4C53-8BE3-AEF15A00FE16}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED6BCA0A-7501-4C53-8BE3-AEF15A00FE16}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{A916F834-75D2-4C2C-B410-9BA178B3DD9E}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTkxNkY4MzQtNzVEMi00QzJDLUI0MTAtOUJBMTc4QjNERDlFfSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2NUU2MjI0Qy0zQUUyLTRGMTEtOTk3MC05QkYyMjNEQTQwQzJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPS10YXJnZXRfZGV2O1Byb2R1Y3RzVG9SZWdpc3Rlcj0lN0IxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDAlN0QiIGluc3RhbGxhZ2U9IjIiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzI3MjU5OTY2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzI3MzY5Njk4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM0MzI0OTkwMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzNzA1MTAwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWpmMkVzSkJ6OENUeXlqdmFHWSUyZjcwd1VKY3FPMjBjZk1rdlQ1R2JGaXJBdUMyJTJmMUJkNVhOTFR5ODIxa2NaM2NxQWJOZU03RGxxSVNWelR5amM0VlA1dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyNSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM0MzI2MDAwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNzJlZDgwODctZWU5OC00MjljLTkzMzAtY2EzYzE5M2Q0MWFmP1AxPTE3MTM3MDUxMDAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9amYyRXNKQno4Q1R5eWp2YUdZJTJmNzB3VUpjcU8yMGNmTWt2VDVHYkZpckF1QzIlMmYxQmQ1WE5MVHk4MjFrY1ozY3FBYk5lTTdEbHFJU1Z6VHlqYzRWUDV3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjEzOTEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzNDMyODk4ODIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzNDg0Njk3NTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIyIiByZD0iNjMxMSIgcGluZ19mcmVzaG5lc3M9IntEMzE3RTA3Qy1GNDlELTQzMUMtQkVDNi01NTQyNjdEOTczQ0R9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjIiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU3NTczNDM1NzUzODkxMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjIiIHI9IjIiIGFkPSI2MzExIiByZD0iNjMxMSIgcGluZ19mcmVzaG5lc3M9IntCNkM2MzhCRS0yM0QyLTRFNzgtQUM5RS00Q0I1NzU0OUE2RTB9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjMwNyI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezMxMUY5Q0FGLTc5MTMtNDc2NS1CODhGLUYwODkyNzE3MzZGNH0iLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU1D9E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{A916F834-75D2-4C2C-B410-9BA178B3DD9E}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTkxNkY4MzQtNzVEMi00QzJDLUI0MTAtOUJBMTc4QjNERDlFfSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RURFNjQ4NEItMjhERC00QzNGLUIyMjItMjZFQzBBNTc0QzVGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzEyOTIxNTA4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM1ODk5OTk0MiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:tjUfe-9E_8VSXAjl4ZhCPYdKHbKyfdm2J1mow9kCsYSN7tEb6Sn1jfiHNajp9axscGwN6aF198DB8q0RixadYzHZOPAkzv3XZVa0P38YogI5VRZ1n1cWqBFWovmYySUcm-pR2Eu_qstItv1_mOPvIREtUihkLqXao6gLMnO8I1kuTLbrnYnquHDYk1dApqv8ojf3AlsPPOsvozrT9sBdwhg9FipoXQJmM0RQHOMoJ7U+launchtime:1713100229084+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D47e71398-f7a6-4f91-8dea-e7864de29422%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:8AAZCsbABFdlJmpQgOqO9WjdlAFUftMZPSZwzWWmZ246BM41kjIxJTkjv5xBQVuT8EAUFrHTigTJQip_XF9WuFqVHvMoa4fHKDVXOgbXPTAUbnDODoP7VRM7v2dYxKMGu4RXnsXUhMNAdjmYdbCfq-D4nMPB6L2POGCoc6xd_ll0FgEyeMa1Wl2baA6X1oNHULCl02wGkREQgFD7b8M4X1LifnjhVQaUL3I3ro31ygU+launchtime:1713100351345+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6983559c-7918-4f9f-9d50-6616c46b9b23%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:gs8tgS95VR1aslNU73fk-sQUA7lzPPMo6A1C7S_WbolY-CGEI21LDVObbN3d-HQzAAH-DzZB2FoyAAA4BYBuMx4ZL8Zu2n0xTpgJg6R8HbHdorOcBbaOTHxCWPMUdO6-GoMRjN4BL7aVMC-bzBXwRJdhBxn3VnkbrQhLObe5_vXLoxkgrH184pIpljcSUbAy4pPbODz7T5aj7CoAbxeoblj4WQJYAloOtcJGR4GsxEs+launchtime:1713100571106+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1dede7ea-ada8-46d9-ac10-92d268363e9a%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUVENTQ2NjgtQUI4RC00QTI0LUFFQ0MtMEM0OTkwRjhDMzQ3fSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0ZDODAyNUMtRDU3Qy00QkFGLUI5N0UtMDQyMjc3Mzg2NUNCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90OyswalVtWWVLdFpBRjVDM2cyMnBCQjVGMFJ5ZHRmMVNIN2Jud3Nub1UrZms9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTI5MjI0NjIiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NzM5NTEwODAwMDAwMDAiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzU3NTczNDcxNTU2MjgyMiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTExODgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjcwMDA1MjY4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\MicrosoftEdge_X64_123.0.2420.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff63adebaf8,0x7ff63adebb04,0x7ff63adebb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff63adebaf8,0x7ff63adebb04,0x7ff63adebb10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:eekvhoi8rMl_vgepGWpPcGbSkdLwhPALjFrhaqUxgyIpCcpWKrEvcFxyxZXSRgzvntAptQaKevK9UjYiA1cYJ-8C6ZOMyjPJh4ism0rbblBuuT7utZ2E9Z6iaB6xZPMgJWY38fLoujj71M-9fXA9njsA90I32gSsYi3ISYGwytYLmAOG97cyxAS-rv3PcO3hX-MDGSiRBvxZEERFy1_wweZmmYvxr3EdQC8bLA6RpYE+launchtime:1713100641674+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Df324efc9-1748-4845-b014-46a93a24e3f0%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUVENTQ2NjgtQUI4RC00QTI0LUFFQ0MtMEM0OTkwRjhDMzQ3fSIgdXNlcmlkPSJ7RDIwMkU4MEMtNENGMi00RERGLTg0OUMtQjc3MjYxNjgyREQzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxNjAyMzY3Mi0yRDAwLTQxNjgtQkNCNi0wNkQ5OTZFMjBBNzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMiIgY29ob3J0PSJycmZAMC4zNCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMxMyIgcGluZ19mcmVzaG5lc3M9Ins4MzVDM0IwOS0xMTUxLTRDODAtQTgxRS01Mjg2Q0Q4MUEzMDB9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIyIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc1NzM0MzU3NTM4OTEwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY3ODkxMjIxOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY3ODk5OTgxOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzcwNTI0OTg2MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzcxOTYwMDYwNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwNzQ4MDYyMDEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MDYiIGRvd25sb2FkZWQ9IjE3MjA3NjA4OCIgdG90YWw9IjE3MjA3NjA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzU1MjEiLz48cGluZyBhY3RpdmU9IjEiIGFkPSI2MzEzIiByZD0iNjMxMyIgcGluZ19mcmVzaG5lc3M9IntCQkZERjQ2OC1ENjVDLTRGMTQtODNFQi1GRkJDMEUyNDJGMkV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjMwNyIgY29ob3J0PSJycmZAMC43MiI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMxMyIgcGluZ19mcmVzaG5lc3M9Ins2MjQ3MDRBMC0yRUQwLTQ5NDMtOUQ0Ni0zRTMxRUQ0NzQ2N0N9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14602302266261821344,15885132041276622602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1064 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Sq8xSy3Ka6Qb0VCxPPdU6QB4ZcpKlUr8zlaVUIRrRsVXmY_DulQdcZWtjgcA09eDxt8occEi_CL19QirkS6UUCo53iQrjbqKob0TGA8nM7OzA5attix-5e96fnsbfLNGWpJ6BobIcACnizhRxybfHNizjuoV4qCJH5CP1AxYb_FJB9aSmHuv8fDrJLxn5k7-s_Vhk2PkIXtioe89f0b_hkdHgoBJpzyu5DoK2rbyMVE+launchtime:1713100804236+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713099847103016%26placeId%3D15532962292%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3De8855863-97c4-42b8-9f49-dc2c78aacb48%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713099847103016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| NL | 23.62.61.115:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 115.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| NL | 23.62.61.115:443 | www.bing.com | tcp |
| NL | 23.62.61.115:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.89:443 | r.bing.com | tcp |
| NL | 23.62.61.192:443 | r.bing.com | tcp |
| NL | 23.62.61.192:443 | r.bing.com | tcp |
| NL | 23.62.61.89:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 192.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.2:443 | login.microsoftonline.com | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 5.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| BE | 2.17.107.217:443 | static.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | static.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| NL | 18.239.94.64:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.64:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 217.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| BE | 23.14.90.81:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 18.217.161.32:443 | aws-us-east-2c-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| HK | 16.163.212.88:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| PL | 128.116.124.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| HK | 16.163.212.88:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.161.217.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 88.212.163.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| GB | 35.177.120.45:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| JP | 54.248.171.206:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| NL | 108.156.60.42:443 | c0aws.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| JP | 54.248.171.206:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 45.120.177.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.171.248.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1d-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| GB | 18.133.14.21:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| JP | 52.197.53.113:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| JP | 52.197.53.113:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.14.133.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.53.197.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.238.18.217:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 217.18.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.12:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 12.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:53185 | tcp | |
| N/A | 127.0.0.1:53189 | tcp | |
| N/A | 127.0.0.1:53192 | tcp | |
| N/A | 127.0.0.1:53195 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.12:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| NL | 18.239.94.12:443 | setup.rbxcdn.com | tcp |
| NL | 18.239.94.12:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 143.191.67.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.146:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:50853 | tcp | |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.78:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:50876 | tcp | |
| N/A | 127.0.0.1:50879 | tcp | |
| N/A | 127.0.0.1:50882 | tcp | |
| N/A | 127.0.0.1:50889 | tcp | |
| US | 8.8.8.8:53 | 78.94.239.18.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.12:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:57022 | tcp | |
| N/A | 127.0.0.1:57025 | tcp | |
| N/A | 127.0.0.1:57038 | tcp | |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:57152 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 92.123.142.59:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 59.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:57624 | tcp | |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:57627 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.78:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:57630 | tcp | |
| N/A | 127.0.0.1:57639 | tcp | |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:58263 | tcp | |
| N/A | 127.0.0.1:58266 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:58275 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 23.63.101.170:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:58381 | tcp | |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:62368 | tcp | |
| N/A | 127.0.0.1:62371 | tcp | |
| N/A | 127.0.0.1:62374 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.108:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 108.94.239.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:62394 | tcp | |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 191.2.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.78:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:63139 | tcp | |
| N/A | 127.0.0.1:63142 | tcp | |
| N/A | 127.0.0.1:63149 | tcp | |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:63273 | tcp | |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 3eb94cc0fc28531ff16d3b6f0240e056 |
| SHA1 | acfad90a19477264e3188e586d44bc78fc59ed34 |
| SHA256 | 0b0ebea453d5bfccd25d92202950d3a79a47469f56223555e39c09b21f3dea63 |
| SHA512 | c3a86d93d29bf5c2d6d6ffd7db6b057455e37f080c25470d0cf7f3e615da30039091f89e3d8d0de18f719538f87dd29d9d1b311aca6fb289c9b6fc516bc9e607 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 987a07b978cfe12e4ce45e513ef86619 |
| SHA1 | 22eec9a9b2e83ad33bedc59e3205f86590b7d40c |
| SHA256 | f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8 |
| SHA512 | 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc629a750e345390344524fe0ea7dcd7 |
| SHA1 | 5f9f00a358caaef0321707c4f6f38d52bd7e0399 |
| SHA256 | 38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a |
| SHA512 | 2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902 |
\??\pipe\LOCAL\crashpad_2476_KDWDNVDNQMJOTIWL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f70fb1e1b9e51ec2f79c476edd3c2654 |
| SHA1 | 0fe786f14f8eea16dea6b8337e461a4202a9fa4c |
| SHA256 | 50ce13b114904e5583b2bfea2ff578819dc5db88e5c4d124d655ee888a3e5865 |
| SHA512 | 8456b458246fecbda6f285b61b2c1b78a04b3ad00f30d09e8a24f0a4fb3ad2946f88642dbcf9c10b53d44f526117e0932438407315267694ee05f5011dcc62ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b52224d2e8185753ea18fb94249b08e1 |
| SHA1 | cd9137ab6939653213327431f0ba5020b3c01511 |
| SHA256 | 56e33fe246f25aeabc3e1c982d4edd887091bce606de5e3dc0a806314f96ab39 |
| SHA512 | 241ab2414c25f8939654da92ce1ffca3d7eeb40f0cf444485e5c8b3bb6a43280749a9b9f36d6e91fc359eff53031403f068b57c5b654ba9fc0f1716371e04ef1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cff358b013d6f9f633bc1587f6f54ffa |
| SHA1 | 6cb7852e096be24695ff1bc213abde42d35bb376 |
| SHA256 | 39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9 |
| SHA512 | 8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 619bca744db9e8d39cc6056297a4028d |
| SHA1 | ea1498a9cfc0f8a63afe0844282bcdcec9584109 |
| SHA256 | 30879fffbb2ae9d3dcc7c0ffb863e9a817c8b9211bc88ec8d439a9a03d510180 |
| SHA512 | f97614366ff8dc6e7c3035c95ab09150396a6c9263c69790f66facbaff71556cccb3c57b0b09d011d37dd801ee6dba5fc7713a63962f6d17204c9bc45af32606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | cbcbff103eab258f233854b0582de6e2 |
| SHA1 | ba1d67a527d234b15bdfcdfaecc96ad44980d162 |
| SHA256 | 388129f411fe7fcecf5184326e214949161db3e4c07bc93f9f361c30e1ed1d58 |
| SHA512 | 26295966a39a785122990c655bf36f64f5a409df722c3a24a8cd27d45d5126f04e4bf5d9e43806f398e53876928bf02c47c2554af66c2aa2fcc9f1f5cd1b133a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 437835c2639dbb0f827af8e45cfe1620 |
| SHA1 | 1671498e80173c1791564ccc431855c51bf8cc01 |
| SHA256 | a82b5de6243b1b8bfce152d12c520564634a657cda9fae1c42274ac1254bed53 |
| SHA512 | 78c728f5e76bcfddc32f61e8f00db7fbbe5a43fcbffb744741b1aad552e8ad88d9449b41180f85e0939c712a65da03847c4dbbc0eb0419a8b4c41acb6ed31617 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | af932d86590bad18a02a0b260dd0285b |
| SHA1 | 0eb4b84e50b79b38e71ca7c797a3ba1f167ce7cf |
| SHA256 | ad67a3d0ff8faea4a125163b01ae65fa01237354700f0e4269a4cc918e743409 |
| SHA512 | 576b51ab312af328608815c441d683199c1015a8919e981a811fa631345dfd88dc49aef97e768819e979776b2112ee0205b3a6a68eb7840a975e160cc6872acf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6b99ca00718503645c6ec69aa5ff168 |
| SHA1 | 578b3552aba2671be6880da254bd2c2810380b9c |
| SHA256 | e88870485c33cf46ac95f8ea65a9fa2b10506c3121efc168d190ea3e3dfe7c3b |
| SHA512 | 8a6a2c36795a8662a1252993a94a1e680cf57d477ccdca7954b89f01d8e2b81500b60c788c115149e4dd9156d4b48573a39ea4dd8cac1105a68cfc9b3e39c670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21b240c3044e828a1e6550093ae9b755 |
| SHA1 | 5ed17b5a239288d4c8feda03eade8629611a8461 |
| SHA256 | a95725b171e5276e41d7688a680302f33ebdf1db076031f11fdce7c3bc2af64a |
| SHA512 | 4be25025484ca8978662ada51563ca148e9be8862d60f820b2173005f28920f6c49080e4339ffc73341c05d5923df70370f85fd2222f51fbea77bfb33c403168 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05493e9548382b3c2eeb80b5267f8f94 |
| SHA1 | 34ff5e61fb3b8a3573771b3484adaf81f727be2e |
| SHA256 | dac5d5eba7b6b68d26edd7e9a843e08e43cc6b48bfb108bf1f352f4ae077500c |
| SHA512 | cdd3b2be6329575c44affdfd4e33491e0b627ebfff51a8f87cc4fc8c027958c3de1edb2eb81f84698fb7fecb441c1ba9678c2b2597b2550dd0c03b9bd65377a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95e57a6b8a47121d9024d3d825161110 |
| SHA1 | d735ce32322371a0b43a02da6d2f36c71f91e7ea |
| SHA256 | 3e6cdb42a6ec5450218f2338513b07392c786b6d6b47d645f1f9cc91214fb237 |
| SHA512 | 70c8011b69a799ec629ed2bd1a285a1f93e479d94eb9ade40f9a11540254b2ac81078cbfe696dee07faed2ecb1b6e8150a30532651ca8274b474a94df231c0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c948a03543df3a5c5d7c83f13254d136 |
| SHA1 | cf872f11116b83c01260e3c0e3ddbafbab965056 |
| SHA256 | 978268635f43db566e5c072e3820b245b919058bf80e13d452c4e7f6c82966af |
| SHA512 | 18aa684f4a45176fa7af0b9919c19278f91077917cc12e0799dfcb51bf3cb3bae589f6cbf3eb96e9547a15f8c2a1e34740e90cb04f223d5beee4390c775f8f44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596150.TMP
| MD5 | ef20bb0587ad6f15e9ec13b22fa98bcb |
| SHA1 | c7372855f62c5490f5f55fb080616a4340f39afb |
| SHA256 | d7785385d4be6ed09a22e1867f581cb028d822a4c50a61753e05b6c6efdfa6e5 |
| SHA512 | f9995ee2ca25ff2944af7e7ace826fe2dbd051274bc1e8476375275c9786343fff526b470eeff0d1d668ef2dd1dc27d7eb955e49dac5e22cec3f9cebe5e13619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 87851343375264a65ce6a09f99b0da06 |
| SHA1 | 97bd7c2c26436449180432bad1d0aba51e572a5b |
| SHA256 | 51ba82518fe6961990d47c911c9170623cfed67ac7a7850c33ad8962d6f9450e |
| SHA512 | 71b7c63e3c2f600d7580c546a7d53edc848a38495c01451af0f3aa31cffad9fb862ae85d249ca7d7390821980bdc6adb250e5d0a874f41972db2a3c44a4a1f83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | d170269951b86f585f899d21ae50e782 |
| SHA1 | e981cf3277587be2e230a211eeb4a64a77aaaf97 |
| SHA256 | ca08d2665294fd7036d1c5260dc3c7a280961e4097651ddf2cf950925a1f988f |
| SHA512 | a1769e21b012fb39d9b625ce8d8173d306af510a05c3a377f9d6b7a4894ee53933a191aeda48a7850e7d057ab3d97a49854045f514aa75584da5a5fdaa5d670e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 602377c1207de63df61470cb0253389c |
| SHA1 | c38c487612e20b1076d0e81561a524347b2bb02f |
| SHA256 | 0d502d0b607630cbdac423f86e304aad8a8678e2c7d6c82f2e89826fa117a193 |
| SHA512 | 810cfe768af9598953663ed72157d9b5720bba2247680290d28e66d750f07cc07a2e86121d34edc842fc46a322c8b689a47c38d2c78086e99995704919fec7da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 491b1beea2a39c3e4b286dd7b6e7eb66 |
| SHA1 | ea9c5f15f1fd375841ee289477b56749394da4c1 |
| SHA256 | ddda647e97c7df09ccdd4ef3981897f099408392954598fd78ef83259c9e8171 |
| SHA512 | 29aca144b902e15ecf1ed91f6590f6bce572173a5ddba13c7afe6665f770b90d0f7d01713582d90cc8752d6b8c53eded225e03fbaa8dbc82bebf7a8c6bc430c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 244f54b5f4353906fcdf4bd9e0cf5f8b |
| SHA1 | ba864e5c9a776a5f614ff32bd13157b3a0c59762 |
| SHA256 | 5d6b40be200b54a0fc1a253949605d9a772d0611fb5ebf5e308cccc1d3447ca4 |
| SHA512 | 499b00e0bb688bc2e567ed9e16d5167ba797e180da92165e66e47846d159d34b10a2002671e34e95b8794bb9580d9ef9ae4fd93c10e0cb3c86cc8e68e2e3be06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e665880fdf4ac94b05a3725edddf195b |
| SHA1 | 5acfe9f39b9d9f06bd411995d67961335a4b6ab3 |
| SHA256 | 64fc6cd26d049abaa42be5cb591ecbba708d27d05e42e28fa927f2127ce21623 |
| SHA512 | 509395d14190820534a345a6a0cc137e229986be8564602d91a4a4ed1236d8ae187e341dcee4c2a8d6eca625c7da670710e0c15e50699135a0e365641ddd3ea4 |
C:\Users\Admin\Downloads\Unconfirmed 713442.crdownload
| MD5 | 9fb66ffa1e1f4dedfd16eb3a8170bafd |
| SHA1 | 69b5d57ddda6b97adde820b9ceaddae9c33d53bd |
| SHA256 | 7953b28b736795aaa54e6cd5cb591e794e2f770c1045ca2e33af5ff19f480eaa |
| SHA512 | 4b141802e7a4cb6bd4a7498d30086a9d83c62d37f2137f4910ca7d3fb7009079d4dc59b95050849cfc720210b0cb44bf588d15c08e3ba830aae19c0a27e8e6d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8fdc5256bd4a87cf1e5a819e9c6ece21 |
| SHA1 | 42f9b39ff64335ed50db79e9c0b88df6d1946648 |
| SHA256 | a9cab2026a915223f1d3797de34b4a4237cd69febf1d4ce1d766fb6e7f98327b |
| SHA512 | 15b5d1024429f28db3e85ffaa2f4c530b93df933c064c6f2f70c56e8b3052feb614a54dd34d97f11275cf49ae115448922cbef2d6e8ddbba565c7470726504fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2738be3dc7f2b9acf6bf628d10a922f |
| SHA1 | b25a0c14a7f4492f2a246e4f2ee474aa8a35220b |
| SHA256 | 508866f25aa13e4fe01335d6907bbc2824344a4530d958bc17920bfcdb9cfb74 |
| SHA512 | a3603194ff47e298d05d4818f7517d530bc72c7fad1e048f2f1ed8bcdb4c2a5b43df65e3958f2b85966fb4bdf52cced91b30e042292a8e61f9d4ff2402e8ea84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c237a660ac61c01cd22d450bed32222f |
| SHA1 | b1bbcc6ad3a630718f3be708c9eff0bcd9dceee3 |
| SHA256 | 499813c17866e158ed8af1e71e15f045a78efd383ea485498e3d75186dfd1556 |
| SHA512 | b27d4e74efc2bbe540ba6487003fa657a121039fd9e011a2ec923963068e392e982d62c71b8f9d95dc101401b07cac6f245df074fdf98cde598abc5a8cfa599e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 22e0f42fd1d19a731b6404b035986e38 |
| SHA1 | 489a00ff03d140bfff7cb2e6eddd5e7bf92acdde |
| SHA256 | 52c723dcd138dcfd0173d4f7f4309afbfa9633dfe959afcf198e06899dbd489a |
| SHA512 | ceebfe6661d5660a6be87e28a0bd3d31f09d599178a4c32ba774695e0dfb357d1701d4989eefb73d3a41ec0f1615c575250a633b90b309fcd109dc5fc0cfaf35 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 4f9d28edc0c431adbfcc19d8fa47702f |
| SHA1 | 37a6e145fec66acce633199ea7261bf5dd3d855b |
| SHA256 | 17e5cfe0cd5e01c1cf679b2fb7da7f3eae6cac2481c41f355c23df375ee0b48d |
| SHA512 | bb7a5f33e2ef384347f8ffa09381aee5609a5b4997a205c972e7d431effa8c89f47e065b41f3acd86c2a395e0fdcd2fa656b57c84c3b94bb2fbde52ed2284dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 691359a99b86e74bb4df4aaf0ab91fd6 |
| SHA1 | 3dbde917f030efb26c5e3f9bf0b76a0c470dc1ce |
| SHA256 | a94771a1f32d34bcfe8a2b777dc6c9d7b79ad889a05453229ce9fda82d4c510f |
| SHA512 | 1a986160a788f41942c8154787a9c3b4c2f86429c87723d7f46f2418810a91a983c40e706388230191fd6c56b950749377e840cf8a8614db92dd9036cabd3dc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4028520a42ce2c7068c25c74bb893898 |
| SHA1 | 1d96a3ba66de9c90a8f211a362d20cc4aa30bda3 |
| SHA256 | 476a86ef464e7774a58d51216e81c82183186e7f6566f38c44d730c307752ca6 |
| SHA512 | bcd1a084bf53f0be31aeee9e0822b4ad7b504b8be52eb4c9e90f1e35da940e817cbbbea6c3727512eeb1a75fe3574b6644da71062b1134a56a90493a05ca9ccd |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f3b8e82c20c4bb3f94a2d7bcd2a82cd1
| MD5 | f3b8e82c20c4bb3f94a2d7bcd2a82cd1 |
| SHA1 | 89618596be7cb90317eaaf2d09b05d522d008260 |
| SHA256 | 7de6a5a45227b0f21ac7dd50af250e37f20b8bf2d6f4aa53a7f643d77515bd07 |
| SHA512 | 82f15e37366efd29879add4f50cedbdc27d4eb885e190dd54c8e89787b51d59ccc21473f431292da679c7e8aa7cf2d0ce7219e1503d59a0f356e078f9feece55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6c6cff50b8c97f8bc76cb72a921611ef |
| SHA1 | e5d372b07c77c3bbb21380369408b6a77280a7aa |
| SHA256 | 3303944c16baacefe79d37dcb8d08efa35577d5468ce9bf8fa288a8bdf397ca5 |
| SHA512 | d02cc79330f11022d2c48426a0e6f8e9d5b8fd2518c21af7c43c1218a32ef60a6e4617466bc08b55d20fb5f7f6abec737ce077f86c23e09ab364018b3209beed |
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU7A90.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 870cc2c781d1d536a8f824f71d1c3e7e |
| SHA1 | b0b24fded448151a694a609e468e6288273c5ed2 |
| SHA256 | 0793a1cd4fbcd58fb63a46566e924fb4d54522ef4aa03f02b7504c112eb2932e |
| SHA512 | 9d86234a2558a83bf974d2b8d4104bd23fec5cd3481f46cbcb8d074ffad93d1d9af9093660acb1edf79d02bd14abb3ddb294bb7c4ee4ec2a4b73e63b828f9c3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 93dc35b0df24a613860d456d73bb7a35 |
| SHA1 | fa142e2befca8b622db148ff4e65e0ce6a5b6e63 |
| SHA256 | 817a33d87d3ebc0c9e637bd280755b4feb5f8c911ca6bb313342207e62aec97f |
| SHA512 | 11aa571ede0d11152e1e8257d1d5a55b2e2366d8eb84ca068e1c345682dac311ba561679e2122ef1fdb408fb3e861b1047b24b9ced7d047e1cfa1bdc4b6d4339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 332e0e16510540559f56299383b947dd |
| SHA1 | 7fa0c8a0776e4244462148220d77d31e8d4b3cec |
| SHA256 | 3cc88126d6c79ae85abff3a8763dfe74981defb200254205398c63e4a4e5ca05 |
| SHA512 | 833ae609f172a80fa43fb86a98b02601ff24b55fa4f461594a30c00fef87a11442b6b85d3afb0cfb924518e85b25f9f07f45262b587cc69c005647328c9f4b6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 209f079939b8c191b3af4bd13c4e4164 |
| SHA1 | 4035ecf1b15ca14aaf125b2610d2471525cb7491 |
| SHA256 | 4cdab1dfa783a6889d5a26bcfeedd5976f2d2ad80f1aa5d9c38bcd7f8c572e1f |
| SHA512 | 5aa67e9e608518e8993847955d6521c2981e961bdd8798965de4bb9b159b19484d3d8f391ea9b0e3b5812e46cbb1e23d6bc2db700d3f44a5b6f12589ef9f0217 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6120486f2cd91ef2472d6c60ca386153 |
| SHA1 | e55099090f5925722a6467907c04e5f0a4d49954 |
| SHA256 | dbaa580f7ddbfc05df47cc12c440925f3bfe9d27382bb5a8d574a89635cf4e45 |
| SHA512 | 373b772d1040a2d3f8fb61fbcf0f8d7b3a858d43eb49e5794eee77def7e0a767d069406219b7f4e6b06e03998f0b8d076f5d5f23782efda1c7caf3ce484b42e2 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe
| MD5 | 300df46436ba5d076b227c32967ada91 |
| SHA1 | de9d47ef0c61fb04b7309875e2f03c8fa37d19f4 |
| SHA256 | 1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b |
| SHA512 | ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | e392c1ca70649338456c18fd91d13b77 |
| SHA1 | 346d160653b963aec5aeb062d0f9e1aa833529f8 |
| SHA256 | 89342acc65ddc5c625f6e99ab148cda9c4a96a94dc9bf16ff7f36fc400a46a8d |
| SHA512 | 34b5578cc16e8deac3d64e6798ef6717c8d5e03389575604c13112836caee1fa3fec0b6875fab58892e1337045e084f2413797d01a7046a6a6d431ca4d4664f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 68da9e99cb23cd7973e8095cf289308d |
| SHA1 | 4f09331c644d887cd9786c92c756d626536a7071 |
| SHA256 | 53558718aa452ce3643f9a9671ce2097444b985d2efb47614d2eee691be54df3 |
| SHA512 | 3181eca64f5546737203858fc3d117424f47ce2ff0b2a5bf9d10b3c28cc6b412f794c3f29b8d40aa2d43ddf3eeca2a744ed025987bc1ca1dfc320dae3ac75a86 |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe
| MD5 | 31ddc9e1c11a44b88cf96c45b3551ffb |
| SHA1 | 811ccb9706f656e29d089e30a2ee1650302394e2 |
| SHA256 | 46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da |
| SHA512 | 67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c04ed7bf5c9a6d34c45fdcf7119b68b8 |
| SHA1 | 79bcf653ceb589d9a7c74d7069a3af8bb9a4ea1f |
| SHA256 | f3303c35f2c7afc056aed9c715653e8517113d5d53438b91f724db27a6b803de |
| SHA512 | d6c1d06c8d7036e9c503435917fc54f2c86610a7c372cba9cc9902cdfded9f612eb032eabfc7a56ef3b9a4239db97bb24edfbac267a1b86fe2d515ac3b8af29c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72e06b7fa75685a28b24a3f017a292ec |
| SHA1 | 0c97f01a6606ba23487eaf7ebb36c4006b2af0a0 |
| SHA256 | c11932100082d7f8d76ad8f91dca11042a5764c449d3286a38fcbc724f013e96 |
| SHA512 | 63b1f760256719cf769c86c7ba5512551a1ed7defe500511ad03d2920df916e15028e4013ad42e0b6a34f0a9e20421765dc24e099dcebb71202657bce8f7a15f |
memory/4788-1792-0x000001CDE4EE0000-0x000001CDE4EE1000-memory.dmp
memory/4788-1793-0x00007FFDEBF70000-0x00007FFDEBF80000-memory.dmp
memory/4788-1794-0x00007FFDEBF70000-0x00007FFDEBF80000-memory.dmp
memory/4788-1795-0x00007FFDEC080000-0x00007FFDEC090000-memory.dmp
memory/4788-1796-0x00007FFDEC080000-0x00007FFDEC090000-memory.dmp
memory/4788-1798-0x00007FFDEC0D0000-0x00007FFDEC100000-memory.dmp
memory/4788-1797-0x00007FFDEC0D0000-0x00007FFDEC100000-memory.dmp
memory/4788-1800-0x00007FFDEC0D0000-0x00007FFDEC100000-memory.dmp
memory/4788-1799-0x00007FFDEC0D0000-0x00007FFDEC100000-memory.dmp
memory/4788-1801-0x00007FFDEC0D0000-0x00007FFDEC100000-memory.dmp
memory/4788-1802-0x00007FFDEC160000-0x00007FFDEC165000-memory.dmp
memory/4788-1803-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
memory/4788-1804-0x00007FFDEBD80000-0x00007FFDEBD90000-memory.dmp
memory/4788-1805-0x00007FFDEBD80000-0x00007FFDEBD90000-memory.dmp
memory/4788-1806-0x00007FFDEBE10000-0x00007FFDEBE20000-memory.dmp
memory/4788-1807-0x00007FFDEBE10000-0x00007FFDEBE20000-memory.dmp
memory/4788-1809-0x00007FFDEBE30000-0x00007FFDEBE40000-memory.dmp
memory/4788-1808-0x00007FFDEBE30000-0x00007FFDEBE40000-memory.dmp
memory/4788-1810-0x00007FFDEBE30000-0x00007FFDEBE40000-memory.dmp
memory/4788-1812-0x00007FFDEBE30000-0x00007FFDEBE40000-memory.dmp
memory/4788-1811-0x00007FFDEBE30000-0x00007FFDEBE40000-memory.dmp
memory/4788-1814-0x00007FFDE9B00000-0x00007FFDE9B10000-memory.dmp
memory/4788-1813-0x00007FFDE9B00000-0x00007FFDE9B10000-memory.dmp
memory/4788-1815-0x00007FFDE9C10000-0x00007FFDE9C20000-memory.dmp
memory/4788-1816-0x00007FFDE9C10000-0x00007FFDE9C20000-memory.dmp
memory/4788-1817-0x00007FFDE9D80000-0x00007FFDE9DB0000-memory.dmp
memory/4788-1818-0x00007FFDE9D80000-0x00007FFDE9DB0000-memory.dmp
memory/4788-1819-0x00007FFDE9D80000-0x00007FFDE9DB0000-memory.dmp
memory/4788-1820-0x00007FFDE9D80000-0x00007FFDE9DB0000-memory.dmp
memory/4788-1821-0x00007FFDE9D80000-0x00007FFDE9DB0000-memory.dmp
memory/4788-1822-0x00007FFDEBC60000-0x00007FFDEBC70000-memory.dmp
memory/4788-1823-0x00007FFDEBC60000-0x00007FFDEBC70000-memory.dmp
memory/4788-1824-0x00007FFDEBD10000-0x00007FFDEBD1E000-memory.dmp
memory/4788-1825-0x00007FFDEBD10000-0x00007FFDEBD1E000-memory.dmp
memory/4788-1827-0x00007FFDEBD10000-0x00007FFDEBD1E000-memory.dmp
memory/4788-1826-0x00007FFDEBD10000-0x00007FFDEBD1E000-memory.dmp
memory/4788-1828-0x00007FFDEBD10000-0x00007FFDEBD1E000-memory.dmp
memory/4788-1830-0x00007FFDE9FC0000-0x00007FFDE9FD0000-memory.dmp
memory/4788-1829-0x00007FFDE9FC0000-0x00007FFDE9FD0000-memory.dmp
memory/4788-1832-0x00007FFDE9FE0000-0x00007FFDE9FEB000-memory.dmp
memory/4788-1831-0x00007FFDE9FE0000-0x00007FFDE9FEB000-memory.dmp
memory/4788-1833-0x00007FFDE9FE0000-0x00007FFDE9FEB000-memory.dmp
memory/4788-1834-0x00007FFDE9FE0000-0x00007FFDE9FEB000-memory.dmp
memory/4788-1835-0x00007FFDE9FE0000-0x00007FFDE9FEB000-memory.dmp
memory/4788-1836-0x00007FFDE9E60000-0x00007FFDE9E70000-memory.dmp
memory/4788-1837-0x00007FFDE9E60000-0x00007FFDE9E70000-memory.dmp
memory/4788-1839-0x00007FFDE9F60000-0x00007FFDE9F70000-memory.dmp
memory/4788-1838-0x00007FFDE9F60000-0x00007FFDE9F70000-memory.dmp
memory/4788-1840-0x00007FFDE9F90000-0x00007FFDE9FB6000-memory.dmp
memory/4788-1842-0x00007FFDE9F90000-0x00007FFDE9FB6000-memory.dmp
memory/4788-1841-0x00007FFDE9F90000-0x00007FFDE9FB6000-memory.dmp
memory/4788-1843-0x00007FFDE9F90000-0x00007FFDE9FB6000-memory.dmp
memory/4788-1844-0x00007FFDE9F90000-0x00007FFDE9FB6000-memory.dmp
memory/4788-1845-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1846-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1847-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1848-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1849-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1851-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1850-0x00007FFDE9970000-0x00007FFDE9997000-memory.dmp
memory/4788-1852-0x00007FFDE98A0000-0x00007FFDE98C2000-memory.dmp
memory/4788-1853-0x00007FFDE98A0000-0x00007FFDE98C2000-memory.dmp
memory/4788-1854-0x00007FFDE98A0000-0x00007FFDE98C2000-memory.dmp
memory/4788-1856-0x00007FFDE98A0000-0x00007FFDE98C2000-memory.dmp
memory/4788-1857-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
memory/4788-1855-0x00007FFDE98A0000-0x00007FFDE98C2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2a0d5a5f17b6857aa9c0a4fdd6c402e |
| SHA1 | fac082aea82bf60b837b2208f53cf54125b10609 |
| SHA256 | 5deaa87606d6f4d333fe09a2a35fa3b5566afeeb1d98f83e59541bcd22d24355 |
| SHA512 | 3afa908d8312c09a001e39b351a41ed11e8563cdb35822e6783acea93ee702258b7d99f3be94dc9c73afeb0dcbeb654825dc2696b86d898a8222fc1807e094b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b20435486069ae6f90caf4085650610 |
| SHA1 | f5c48bf142da4e1ab9bb7b6597f972fafcd3e058 |
| SHA256 | 52de22c1af7664ee3c14b76fac6c6db58a531ee3f63e7c1ab4c769773b640529 |
| SHA512 | 5791963e8e5d81ad0f245f4678722c8ddc73dd70b6b7670f3ff5ec61cc4e215850195890554785598738b5c9f08f610ff3e4a8b6580952f1a7563b1cd3334954 |
memory/4788-1893-0x000001CDE4EE0000-0x000001CDE4EE1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95469f700ed5591ddf16796c663e2e49 |
| SHA1 | dab0d673997e6d5fdea734d96bb0a4f3ac8368fc |
| SHA256 | eaa2f8da2f0f29d25cae7ab36718ad9eb5efe0e7eb0c232341a9f75b0a59b780 |
| SHA512 | 0edc848f95e3e1aff465d3f9da3b0edb3501aadb49b56465efd6d2ad9684ca38301269c382852613ac14a8395a03dffac16a5bef12d4fa156312393431498fab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 273684a1a70f935e3a9713bd158db53e |
| SHA1 | 4410fd369fa38e2db0ae360066a49b9a543c0a96 |
| SHA256 | 04ea53cf8d956c7fff12236722151ef3c23456c126bcc2747121b0283400ccae |
| SHA512 | 62cceadbe007e3498796ec90833f41aaecb8df9e7b64fbe3402704ce8d48442197b56e7b252766516352a5c15545c0b7ca9a632299a1f337101e111588255c90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 735c8e050c6d70e97ccf8d550b456b28 |
| SHA1 | eb8014d8e2c7bd4621054bd859a49ff31c5141df |
| SHA256 | 96e04345225827777cf5149e5a55f5d220050ca10e6716d18f11d25c9f7ced3f |
| SHA512 | b7e26a4dc9e2c80b3b884b1304b48f0435113b044cf458d72cce82e020a5916b2befb4b094edcd9480a6643faf92cbde0c7cd665b3603c4749100fbe8597f604 |
memory/2940-1930-0x00000249417E0000-0x00000249417E1000-memory.dmp
memory/2940-1955-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 560e3ff54165a15dadadac8b2e9dec0f |
| SHA1 | f8126f26c8b4b003bf526e85ec0c47f2f805eda8 |
| SHA256 | 2b08f78d7d23451085af84a38d22ca6360f7e14bc457743212170b08c67195f3 |
| SHA512 | 85fa706c81038ca0855cc2cf677a1a0066f47c8f83fc93279acb77ff3bbfccaf5a1213585ee86f2835eda751d0bc3b26ef9d667bf6b9b8f9a0eb9239134d7b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a0d939a71377e2b40fc5d3e78ae0e48 |
| SHA1 | 5541d4fa7dc7e3b0b2a44ed5cbf5ed3deefe203a |
| SHA256 | fa548edde6e0dcc44bf8f3ffa13a6b2ccc22398563860fb1de451d7abc95975a |
| SHA512 | 98163ef7eeeabe85fb96e6ffc9114091abbffc0d98307e3e1bfb09fbbe4f2aa504aa9cd9c43bd247af157de80a33a2ed8b104f4c8c72d174b9f138ccbb097162 |
memory/3880-2054-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f20e2bc3b2e7b6a985d0132047e1d2f |
| SHA1 | d3a1faea0b3bfb7fe868a5a055d72290f78077b2 |
| SHA256 | e2d54eba531a6947321c3374692581f0146a035a4171bae072d56232c82d8f75 |
| SHA512 | 9a55c8c7e18f512ad9bc01057599c25a646e2eacf12ee2d14266eadd252efe21da777d404c0bf57f6569f884b980d3ebd0a409b0a5991133ee1216abb1292f77 |
memory/4212-2225-0x000002C5A8590000-0x000002C5A8591000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 222afd3b0b10ec918b6a9af75ad38ea9 |
| SHA1 | e75ccd6109eb1e2b1616bb0f8944e4a71f3c4f0d |
| SHA256 | 9f87dafe4dbc0cd33e8ce8fe541c9efe030aa01aeb6d219cc9af9f667aae89a3 |
| SHA512 | 76abbe02c0cb90c84d407d0d4b2e00d6ef6d6fb937eab9c2783304caf930cd9c67fbd2f5a17e2fd1745ebc79fccee87c046c49e493df929d4eb6fee51b2e31d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d79ccc07066bd9cbb8c7c1ee680a4996 |
| SHA1 | ff6f1d4d725b3cce35aa718cc361f02dbdf6ddf1 |
| SHA256 | 2c43bdd1e27cbd3142a9de7eac4173c21ec4d32c90647539ed96a33880d78d64 |
| SHA512 | c17dc875c82b2d2242d7589aff1d6a87e695739433dc9813020ea99f3407c96f4716a1ca35c9f737bc1b0b43f76dbea1acd7f84142ec3d98fbb97752f22528af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cbdf49227a7a44c25e4521d835f88ac8 |
| SHA1 | 4029f5fef0bbd198683155ab63134ab921ff8e7b |
| SHA256 | 7159c5962eb6a33d1568779c5cb056ed2ba8be8e4e2706f259e4b498a92b2358 |
| SHA512 | ed34373f29f1dfa5b159cd039a9fdcb910a245ed41909da07bb2a79ac198df8f89106c99a8a28558e79a554a31776de97bbef23690bccd0f710a49d5a42d7128 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db5e1788f1fdc81bac4cf756fe807ace |
| SHA1 | fe8c7000f91b3c0473cc9f8704ca602b8c4b7c9a |
| SHA256 | f3085dbe2b464cfe5d90dc98d051144da6e9354c8cfcaea3b906e4792d82aace |
| SHA512 | 1aeac395d717cdc642c325bde98e32a0a90176918a4bfe6ccacef95f86d11feb56ed78cf744e980fdd786ab502cd79c9bece9e55bb70cba800f3505d482f8b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1519cf57637a22490d216450a8366e6e |
| SHA1 | 653bdf82287e8c3911d795d5cc952b3db162dd2b |
| SHA256 | c43ad363e5787a7a1d6fefa6f920e3ddbae7982f065fed099262050f0705e1aa |
| SHA512 | 7ef78f94b7320aad6caeef9d64805ce8b3050976fa992faebbbd803c77958453b9768b8a36674d3c9a62fb2f7336dbeaf15ea7009353ace4e4230cb51af12aa1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e076a1b0007c687b4744d0042a062ab |
| SHA1 | f467011e93e384285182b2f6e2037305e3e60c9f |
| SHA256 | cc2ba678478a007ccd3f3aa03041ebff00eb740e997f8e18f7ae05425b5640d4 |
| SHA512 | 284ac5c0e75bbfb3e32a0601db6b4619112ccbe9f78c2e3bc53e50ec49e8ef4897ce83b8d0ca74d03792d5703ceda617d34c8cda66246e45a3c52dbc2d353a88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e90a48b64afa2c5198a42216a68c6b86 |
| SHA1 | abbdd0e3c0537c920b90af13e785fc1b74081075 |
| SHA256 | 13bfa90c285b296efbc5c0ebd396aa2ad31f3de7f533056dc68944a8a434624c |
| SHA512 | eae91c3bf023f52ca06e1e3e904c1e96dd667771156aa0a9585802507d9bf1c8f6409073879a4902719642c4fe477e67bf734b6502db72ed172a78cecc249b60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b9ac403722cabd89d783cba94656e08 |
| SHA1 | c522223a078a1aa7bf2f5b7c245232b25bd12588 |
| SHA256 | 1f21140a6869ddd62ebcbd5ca89ba064547d55afd0fe8b72e8771a32145660c1 |
| SHA512 | 9b8fe142049661ad7ad07b160251be2222daeb92e54b2411abc3b0e6d3953a9dc57ab0823f36f27c51eb1fe5e0ef89631026f7b2681c9d2d60b4d8370c69864f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d5bbd7efab079a1be073538d215fa29 |
| SHA1 | 6b73c1d9cd6e633189f980bfe3dd8bc4e5a0eb39 |
| SHA256 | 2590df7d119157e2897a1a1c2f4ffdfb1f16669293e97116d401c5f7f9123830 |
| SHA512 | 19d67b6568cba2c7e49c79523e02fdfa2d50f71b392950d3439d6cb7ce9a0476f20505a46b21d1684a52a11ab106f3119e33a55afa03a1f67840a6023ffa2ae5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1a83fbd111f7a5f9e6ef5bc284cdb359 |
| SHA1 | b7284d48aaea9e1e8183312fbdaef424faaf53c9 |
| SHA256 | cf0c760fff588559f3c6fc7417157a5eb7328a7db9d66337d8cfe98ecc0a7aaf |
| SHA512 | 88b80378a77a1f88f0eeb7f81543645f17c987e32f0c40ddfa5345af3401982833363c0790317312421819df1a778c88d725cc793ecc32d027669f3046d7998b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 067912b33c1b1afd9206ebada458216e |
| SHA1 | c80fd44594754372a5137a02ad1e2d3d2f552354 |
| SHA256 | 2877167983014d3730222a5c6e8959c4d7723700347bd7e33e0324a731a5e463 |
| SHA512 | 034f3b9e24df4dc9c22765c9089d31b194024effd7781504ba14fbe38d93d7679b430887d50329313b3efe7eaacd08c0d66be9eaf09aa6b96404e0c1522cb67f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2a74a305bae42c7f5e7347ad761f7724 |
| SHA1 | 21169672e89bc72282d3f19c9cec79a35af72793 |
| SHA256 | cbab412f930cdadae3c30c11fa3decc46391e0057e35622ac70ef1b94e2db86f |
| SHA512 | e2317fa971fdeabf827d087c5c59dd3b9dceaf982d1a0153110bda7f33334575c470c6fd5dd7a285df7b75e251d11601f59b834a3aafa4a67fb16ad9a4110858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d999c880ae9562b968d2944df46a8ad5 |
| SHA1 | 6945c48bbd2bca70f1c618385381d136b5fda070 |
| SHA256 | 4c26617ec9e61becafbdd72b353538ffd30eb34530740e92488b30c7f2f1c3c3 |
| SHA512 | 313cfade9a204926aca1b528e7cecc0087efcf7e603a84548e1252c3d9df4f0707f97bc6bc3126a1802b48d9b5b8579d7b4551a355f94661317b81d83dabd067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 800a84f4bda98e667805e19d96b377fd |
| SHA1 | d891af50775fba9744c939e28ae615fad551f65c |
| SHA256 | 4418e819a704f6bbdb99613e4d3557ba3e85d732b0347d40fc773fe97df16ec7 |
| SHA512 | df31d36ca90b6f988ba1867681fb5a87c09b8ea1533e910e273acb9e8a615e12ce7d0f7ca77a0d70cd53a46b666d1b5c026b66991a2a2fbebbf3832110cc2cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd821d0e2360da11909552bf44fb04be |
| SHA1 | fa0bbbb7334d1fa960f2e444db1c0369b30e94b5 |
| SHA256 | a3baa0ba16a0bb35b8d78642ead285ed9de735f34d434856b99fdfe97472ca1d |
| SHA512 | d1a04eb6083b361af169e100676f8753badcf64517104e78defad1f50816436edd054d972c5c4a98231661116cece53525337cdb09c5c7c1cb160b2ba3062705 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03269919515b1e65b40e36eb875f9834 |
| SHA1 | f98e7cbf7433d6cd19e189220a100da5200aba45 |
| SHA256 | 6eb95eba727d4c3d49c599e3ae9618e4e6c5b94f7550aa79efedab9acb8f3d10 |
| SHA512 | 2a41ee568ff825f1add600c8cd44a26171ff92bf2010f5435ea3ddfd5a246c2e121d552b9228b93cd132c969b4866ddc78c8494de556e2d0d4a9cd8ccec111ea |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe
| MD5 | 09fc5490d32c867927e960f673911ebf |
| SHA1 | 2ecbee3518fb701959d2539a88892391250dc010 |
| SHA256 | 9014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6 |
| SHA512 | cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64cefb8015a3f01aafb9b30a4e5c91b8 |
| SHA1 | e44fa823e76fee3f91d1f961aedca76cbaff6ea9 |
| SHA256 | 7671ed2c3857e6b9c638bdd357cfc1b64386f933d25e31e8988fef2af545c232 |
| SHA512 | cc1bcd284340a4a1e6ddbbd232cb97034947c858cb1d8421b0ae374e21f59ef10978dd55f939b858199d912ed1896169c27d37327b4d3292ef8338b64a2604c5 |
C:\Windows\Temp\SDIAG_757e2306-cbd9-4f8d-8487-c9e57841259e\en-US\DiagPackage.dll.mui
| MD5 | d7309f9b759ccb83b676420b4bde0182 |
| SHA1 | 641ad24a420e2774a75168aaf1e990fca240e348 |
| SHA256 | 51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f |
| SHA512 | 7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d |
C:\Windows\Temp\SDIAG_757e2306-cbd9-4f8d-8487-c9e57841259e\DiagPackage.dll
| MD5 | 79134a74dd0f019af67d9498192f5652 |
| SHA1 | 90235b521e92e600d189d75f7f733c4bda02c027 |
| SHA256 | 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e |
| SHA512 | 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3 |
memory/1656-3065-0x00007FFDC87A0000-0x00007FFDC9261000-memory.dmp
memory/1656-3066-0x000002DB7A8A0000-0x000002DB7A8B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_syrxeahs.2xe.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f89277763e2870ee1ccea22b129a1e3d |
| SHA1 | 2fc42ba735017b8cecdcaf23159bca02857faeff |
| SHA256 | b33ff4cb483ff06531fa15b27fda33b1d78fca93b31cffe351059948d75c81f6 |
| SHA512 | 7428b5e6057764f9c3d3467ee2d97a76c44fbb129c0c444be893b2d7bf22777790fea56577e2c3692dbb51a6a89b39e4254354ae907a3f8047c063a04938139f |
memory/1656-3085-0x000002DB621B0000-0x000002DB621D2000-memory.dmp
memory/1656-3094-0x000002DB62050000-0x000002DB62058000-memory.dmp
memory/1656-3104-0x000002DB621E0000-0x000002DB621E8000-memory.dmp
memory/1656-3114-0x000002DB62240000-0x000002DB62248000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d40b5f66cbf1f151413542479dc3030 |
| SHA1 | 163c1121dcec1711edd2f7d395b26dd5760c029e |
| SHA256 | b5364c89479e84e6ec732d013672aae52106c71159f758df8a98d32c9bc4bee0 |
| SHA512 | 0d261c422c4fc9c7c902258895a174625881b5f7c85b5788cf19d5e8edcd0bcc11fde1340cb7792041b565b003d74f4d5ef04cb5481db72a5874c597213f71e7 |
memory/1656-3139-0x00007FFDC87A0000-0x00007FFDC9261000-memory.dmp
memory/4392-3140-0x00000232D8EC0000-0x00000232D8EC1000-memory.dmp
memory/4392-3151-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
| MD5 | b18c705b3c68cc49d9bf3649abc75c24 |
| SHA1 | 6dc8963dea0f3185368790dee2a346301b4fa24c |
| SHA256 | c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa |
| SHA512 | 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fb9fe1d2ed205e81764e34467e749c59 |
| SHA1 | 9013c8f2c991f58796fc01ed5ee610aad53acf85 |
| SHA256 | 2339896795523703c2f088bd350af769c3b8b883a95231616d0b51092324e81b |
| SHA512 | a686aae087761cf48ec8401bbe64c7d3ff5c28daed1bd10455be3964df30c93c78d968199fabf609d2c97eb63d903f375f03eb6d16286cdf4be2450d0bcd0c88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88f8aeb4de1ed2a70c841ddd5f8a72c8 |
| SHA1 | d859ba2ca2b0fa60168417662d2d3463190ffe29 |
| SHA256 | 4c1a845002c994c3427e7f31cf42a75ed1e3a9f75831635d87d5075477dfae99 |
| SHA512 | c2dc1c2d67f03df7371a25e5db7d25d80f313db43a1f1b64ec7c8c17bc2a6adf0900707267f5b8587b8597902514831c89e813613e6cd5003025642a4490225d |
memory/4392-3363-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c44d3937bc335c0e3ade32b707ac007 |
| SHA1 | c203872d26350020b01022b58db6dcee5f9b6e86 |
| SHA256 | 7e45c3cff0f3c70190537da896ece1c99527b82bd05d77c38a50ab9d0dcdb9a6 |
| SHA512 | 1021c3e99b5e337b8ad90361bba65792005e9768f5da9c0707ea27848810a510ce384434a2084130d0b190dea5f7f175a2ff43f06e34148f0acdb59ecc4e117b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4db4764f9ff93c1c53a50a964ca74332 |
| SHA1 | 5cb609f27a48240445e9c9ae620373a7fea40b17 |
| SHA256 | 6027d70373e09b1d1559e9c4405d0355fe0ba11cb2fe62b3e241114070d7da4a |
| SHA512 | b88e8afcfd97167fc44d73ffbadfc8f3f2c53284bd63bc822796bb80e912d5a99941c1ec58fef16253c5cf2b25e8eed0899a933cbd2a15c1a39ae9e41c514541 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1cf12925aefbd135ab61d418b4abcf8a |
| SHA1 | 49b6c6f465aa816b0934a2036d98023cce10c5e5 |
| SHA256 | b6db8b16b149abd5fe2dd6f13218fa28627b294e959da0fcaa079405e9a49c39 |
| SHA512 | 21874b2155ecf9495e997dfcd1b467855bca1d4fd279a40f5ceca9dc6eeb85e325c6397854a6997a3abd6ec74d7dc6821d9161dd7a4776d34cc40f0eb022826c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1069ef03-6b3f-4829-9eba-29ef169b557c.tmp
| MD5 | b4630c4e07f37ebb555933937b7487c7 |
| SHA1 | 703d8ebdfe3c163bfc2684faac1cc9212e2620e7 |
| SHA256 | cc059f218013d413ce69e8e76afdca7cee753c1e9854106b0f234517adcfb9a8 |
| SHA512 | 8442878a994425feb5ccccf911ee12f365a517eb60fa11b81aaffd0857a708fbff56b7fd5b3dd1391c38bca243184f85558b8202dfb6e3ff45f5be7375287be6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a099b3eb5157c8a943172ca1460b3be |
| SHA1 | 8cc7584b0d9239184e27b4baaf85bd682e4621c0 |
| SHA256 | e838f03429224517e1c6c4121eb72d3adc5607bb28304f712adaf46af98b0bfe |
| SHA512 | aee31d2902402f84c73de09823ff0ab4bbdb4b954297daeaabbb373ef30c4daa3b34b95e8c6944510fde1d70443cafd85fc503e775db6b83af8f300264ce101c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d714e22f3cdff2a93419109c9b124e9 |
| SHA1 | 0448168bbb7dcade438a12ce0e9ae3ff1acfdfe3 |
| SHA256 | abf4c4b9cef5e7c0c8cac4a25a28b50f3cca9d80747a1a9cbb3f9e043b9a4288 |
| SHA512 | 8df9e1b64f3f6712b59afd710fb96deea6bc8f69d7367af55d5c1d80a1ff8d289cd5a0f6eded31a5dad56516fd1a186d07fe436d3137d11119ec5a9b97c00d95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 695d0b0bef6f5a24e1c078ca4429c971 |
| SHA1 | 1c6aff01ef01c9d8c2b383212f618dde0dcd3282 |
| SHA256 | 65967d3f4bc41acbb519eb0a43dea63fb2f7dcd676af0e8b131c735c01dddfdb |
| SHA512 | 2bd9b64eae5df79ef81ae16568ca05767475e9bce65c656d7a2ca0ac04eaa79b2125b96e862dcff53335027d4ab5b12c4a7e647be4c252712487ec571fc59b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c6ffae0c1238887a1e451f1c201d24f8 |
| SHA1 | 2989306dfb518fe90e8c263371e2d3fb40682e03 |
| SHA256 | 317a73a816afc10098c61f3e2d5e059261c08a86f6dca19e595dd1d123682ba9 |
| SHA512 | 15048df2961094ea6e97b6ff57efbe1401e24c1dc7107e3d47e4f69c7bbb5319dced62ae7615861d24f8c37cc17f549ed4d7ec172c8b125ab2d40481e99eea7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5c2a534cee879978737710c98b9ea55 |
| SHA1 | 0c8618f1ddfc93c9d1a419a948a52d573e34079b |
| SHA256 | 50dddd047d0e76b0fb158b7837e60ae0f4e6233999c06bf323062ba1b2707cbc |
| SHA512 | 8d60473cb8ec65defe312e6a707441b6af4728d7dd8df6f9be9e5bc7a52e36047aaf60ba7aa14fb628885c9a9d7bd3104adfd484872424127722a452f0d05ef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f1ce70f12e4d95ea0c14af451aa262e |
| SHA1 | b27584bcb53a099b625a90ec438b833c86b363ad |
| SHA256 | 6d39dd7c695cbf6de6dbd84fd15e7b32f4a46b6dd8259a445c68c5524e677df0 |
| SHA512 | d3cb301df263ab2041c0f72d9c605b300464d7db586e31f4bd44b66691d84f7fc46fa5a78db572f2be7be8a61bfc47ab995a3f3a90521ca4f7edeb9e9ab6b048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28e5014b581c36f5045a8b346a7b7108 |
| SHA1 | bda3d69b02bab0833788c201a63f11f7c7e4121d |
| SHA256 | 8ba77a9185cad936b4af9e272e6c17c913c10d428bc53cb7023f99a9e43bd2cd |
| SHA512 | cef439ec1b0ca9b3f5e2fe5e40dfbbbcfd00aea05e61148e2d249f65aa4ce1be70eac2319178aef582109178d139c4c311f1f84f7c9fdeb7b8c30e4ae0a6a3f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be14f8b1232c803ca01a98c322f793df |
| SHA1 | 1b76dd2bfee55f93981cb5b3e7496aeac968d59f |
| SHA256 | cce4839aeece13255d70917e6b54c0d383eb1e63f151b3db036b48f437d93253 |
| SHA512 | 482ae31b86f192e1d0407aa50d87b6f8561a8f3a8e4e21cc3cec503bf7de512f84d664600301617742b2ead8fad1b789f0c0da785b590711b2c8a3a5ab1c97e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 81a07a49a4e847beb1cc6125e5ee239a |
| SHA1 | 41c8a859ee10d7238a90e277faee78802e01083b |
| SHA256 | 7810e7b9b83de6e0bcfc48e1e83471bd46d9721c43bfadc4c20e11de953fb5a2 |
| SHA512 | ab5124cc5bd7c8e996dddb57cf3f0769a5b7ddaf44a78b5be537e886d30dc7040719ff5c14b9fbde77db70719a22d162a2fccba45f615874bf3b18d3e1e38eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4177a51cde1cb44d7400b460b38b59a8 |
| SHA1 | 782deecd469505bfb4ed6cf675755612df92508f |
| SHA256 | bc8d48199dd54f7e31735219e8da21ee44da18be51ef0114ff1a29dfee511ee0 |
| SHA512 | b79abe0801df9db0c1a1ae0cf3ba3f6add5ca4d4e14bf15acdf16c9fb55fbda00861096ea94047ffb10c758947a0418dcb42d5332f8e410a3d5e3fc139e57e95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b7abb2014e33e08ffe929bdbf5db400f |
| SHA1 | 03d31f3679d1a959e630aa5174ad7d7fc61c133c |
| SHA256 | 5628dbe63bc4498d72c62f0100a4f5ca596f47157b1ac658f177551cd91681b9 |
| SHA512 | dec2000fbe007f91d498c10e4d030c256d0d4acebee851b483a0b0835a48983fced4b94a728be861a10fcee97e9d4b185266b277fc0ab9d1b7ce48fe74157eec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69fe092aada197329c0170c48335a684 |
| SHA1 | 02096fbe015ea58822c26fe25a963d7b0f219abe |
| SHA256 | 7b62f1eeae07b76a5d092634a9261ee2ba016b85652611e0effba889d4dabf36 |
| SHA512 | 38dd9e51a4f8c7dda3b0db94fe125f6da26ea4f57c38a2c9c20bf9e50b7f681f0cc099bcc3b60b8cfb8ddd12040f7a145e388d04038096ca5f3c689f198c5995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 886c575b3d4375ad84bd80445578c393 |
| SHA1 | d48eb9b188b5201f75ae5d2ae68f17f9d43ae7bf |
| SHA256 | 1f067aa7cf84ebb04bfa45f3b83bf9b079221f263d3a2b4d7c3c25fcf1cbd770 |
| SHA512 | d046808f224fb45dd2a157278ff2d170405d131dec53134372a04454ee4cc9b54a3b5c777dbe559fa1dea53c749020af577141b33787e9dedef2c76330ae777e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 68205a257cc83f240058e67ac1c02ee2 |
| SHA1 | 91815d817571bab345ab1636c98ce787560b329e |
| SHA256 | c283524bed6ad6739a7465b859ef697113fbb675cf46cab7fa38b258d1272745 |
| SHA512 | 8feda806e6acb0be08e19caa65009f11cc3f838503e0979778b13b79494a7a662a8ae5409165ef95671f8b30178fbb4a28a7ba779e4367836dbd775a2d36a7df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e4e74f1595a119dfb57dfda49add10b3 |
| SHA1 | 615996aadf890d5bdfae823a434a50154f12e09a |
| SHA256 | 363b6fe2bc3060702f736866f286e606d0cd318cc695e1a2ce0058ab506835d8 |
| SHA512 | a4c921ac069fe9a2e1c5c20a5a827938e6e25098016bb0aefef5c32255eb21827107a1e27a4ce6cd30fb186ba9064cdc4671bf5164696e4ba7bffb73eedfadcf |
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\AppSettings.xml
| MD5 | 431a6eb20932ec1c56682a1f60d231d3 |
| SHA1 | 40bb32db040cabade103c21ba5b6f811dfb0773e |
| SHA256 | d5de39863fe721668ce1e115e0fc55a7c733747daff6235d27dad3d160c84dbb |
| SHA512 | 0969b9484bb7c661d4e0452ff1c77396796333904b39f24c56d5a92ac4ed4ebde9b8981a985c6950b4af2852e8d9599e071a51ce4f9ef21ead778a2fdc76fcec |
memory/1404-3762-0x0000019257770000-0x0000019257771000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ac50e0654cb7c057c57c1479204d6fe |
| SHA1 | 5e05a7740245906710db660d3b1c3146085fa1f5 |
| SHA256 | ecd67cbb83fe6f759e7339b91189960499fb044dcc389024e8155b10607b62c0 |
| SHA512 | bac23cebd7e5632e910619cb4de0bd1feda5348bf579e367cdce4b282d24f74722963bd55beac5470f19035e6f699dee241837239e1bfd998a42cea59fe995f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f36018283ccf21b051fe3000113810f4 |
| SHA1 | 71147afe9ced06b8177f6574a613056146416198 |
| SHA256 | d41d56ba99365738fe67790479f761d06f502e32e89ea4dfbff3096fab96b45e |
| SHA512 | 6a2d83142f647b16851d057ba78db848ad0337eba4c34483a44589fed534ae139e8dda1a1d739f179fbdc7cec8fcea9d66594b0d2e39dd8c3e15bc14c1a6b20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b66a8f44e27a647c1b6524e0bf99d60 |
| SHA1 | 1b610362c871c6a8bfb9244b8e462d5b91ebc69e |
| SHA256 | dea990e09cf341be432c365a2748de23107cce423b1fc9d0929b5929b8ab1a0e |
| SHA512 | 7c13d9af7eace15d0a215ecc1ba5276163ecc9f2f670ff18b0869c3dbf5b6849c490daa34d77be1421050f76658831d256b385727fc93481639d2f7d8fbf8f55 |
memory/4108-3869-0x0000025ED8220000-0x0000025ED8221000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8045f0754005797769482874c012d745 |
| SHA1 | ebd1eb53f1745d81454b5be612df86f5b6ac1e17 |
| SHA256 | a42a3be3c87085cbe667444791982f5b5dcf060cf0a831569446f9698c27f933 |
| SHA512 | 9eb7dcfb6f84d3781871e7b932bf47d909af678f715b82b46b247a4ee156cba8576e76764dd0d643215e6257e8ceb53a5fb2ff2528f1ced8b4b4c9c25738bc56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d066b823180dc4f7c11835ffe1e62bd |
| SHA1 | 58f8d65b87c3da6b55c94e764bcd1f820129c699 |
| SHA256 | 2cde974494fd27128a778edd1dcd9e0d707d9a65f1bebada6f908996c5299c0c |
| SHA512 | f9ce238ae2033f8505858c73fd3d94965a113eb3436d0f45516aa15a109f465604b5fad6b5f6a530bcd92a874dd9294a0281716e903c1f1368e16487a38e01c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f58552d45013afb23c16d7ebddc435b |
| SHA1 | 77a8d064b902c40b8de6d729329df917df12e493 |
| SHA256 | b580beedb53b11ce0e5e957b7b5441b6d701a065b89fab8f9914d05665215e08 |
| SHA512 | 54660b6eabcb13d807d3f5dab180ee310bf608913afed39cbc32efeb445dec758de952f19beef25a7c7fbd6ceb3aec7567baf5bf8a042a81e9f2bfbbe8c81cf8 |
memory/2456-4010-0x0000021808470000-0x0000021808471000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aad2460d-4033-49dc-8398-8d976cd432a5.tmp
| MD5 | 92d5f6c675feef9b9fa77c3d6288a0d4 |
| SHA1 | 46bea4c1cbdbef4361cbf5fffe432dbf0d57a658 |
| SHA256 | 7aef5cb45b5d3a0a97d3a4d90c6bf3901b6a6ebae41c57a8cc15547d66c69284 |
| SHA512 | b7673fc7fdb3bcd793507d40bffd75f0392417b364979c674b03b4ba0332d119e9e386f8e0fd4b5bdb5ab6eaff4d0323ed56e34c39da184028e41846962b133b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac72d20301a0ba442c050d29c6fb5913 |
| SHA1 | 2174233499c85fc33b0d65f43e6988b5012649bd |
| SHA256 | 54af326c29d98805f421dffa0925b7caa531f387f57b0fb66bc91394fadc2215 |
| SHA512 | 48ee05d0b3d11d51e93ce710d6465e3e73e6e500012910d2b10e5c7d459cf519861bd17abb82b9ceeefef8d8e60d7d698211da4d12da6e607dfba55a279be4ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 93fe71d03fe200de023f88cb67ca3264 |
| SHA1 | cafcff2a8eec184c6075aa27f47b3b4feb8389dd |
| SHA256 | 715d3d047fcb62a6a50ce5c1cba03d8591263429978ec9d1605263cbcc760b1e |
| SHA512 | f9e1bf75f588ac1884b01f73ff538c209a9c3c03293960265a81290a9fc745eff9b6b8aed957acd8e4d97bb47429d1dd850f935dc5093342abeb5e7003a4b09b |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024041413.000\PCW.debugreport.xml
| MD5 | 2b8c7fe6837f7742360580fa7d0eb5fd |
| SHA1 | 880228034640e27716d1590a298ec9bc4e8fce9b |
| SHA256 | b51a80b7a295a66e1449aefa1913abc39429d0d4a76b9d2c1f2cb8ab725909c4 |
| SHA512 | 953c1615be048aa868c95e32e9a2f7ee02614bcd9e7463b18c7aca3493d1eada7372dab480a3180ccc18185587a8a44d63a28f646b3e1bec086b6479d4970d1e |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024041413.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
memory/1656-4172-0x00007FFDC87A0000-0x00007FFDC9261000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d01efabae245ea81efc0958b24156aa3 |
| SHA1 | 20d8df6f2ba164643aee8cc6f7436986e2fda78d |
| SHA256 | 0d5098e51480fc4d5df19715573f04486a096e35c50abc27305b1c4fdcefe98b |
| SHA512 | d050f42792fdb0041d84cc363b424d5aba053f8a7232077a34ea3c25997f4245c188309da3085016c4cb74295f325b2d8d9f194d6ca1d00369859e853cb5e47a |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{806B8122-B24D-4838-96D4-93D383A1EFDA}\EDGEMITMP_B0B8A.tmp\SETUP.EX_
| MD5 | 2415cb112f130a1382726afa58a0933e |
| SHA1 | 74ac041e6dc607e476dfeaff2d2bbf2b5c004b5c |
| SHA256 | 85679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179 |
| SHA512 | a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f98e94bb3f944743642441ae3d192f17 |
| SHA1 | 8667f1326bf9a7a1642aed32a3b090c2703173d3 |
| SHA256 | f52a48ff3aecbd446d4c27a01876a6fbb005555d082154fade73539f60811cc2 |
| SHA512 | 7c5a1711895d1e2c32e33337dcd6d3bf912846c76334718e75e7b27ab5cc2ff81bf1b11b4a617eed9dfd77ba6fec54ace5f50046d14e704a0672279459e8996c |
memory/1592-4238-0x00000232918E0000-0x00000232918E1000-memory.dmp
memory/1592-4262-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f638237382c5a75820e208e4161f6203 |
| SHA1 | e70e603b3647b14b27abf0dfdde80793e4e9e45f |
| SHA256 | 8034bba211b460817cf972830aeef0cc6e14a76df64013308befa028040fff62 |
| SHA512 | 3caad504667d1106c0f917f6b5772c4a87f5e53626abe85ae8d813c295f2e25702ec5ad59e546b7f9e76bf8a655ee4a995a31248da66b884b3951ce2d299de7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 92c6055d09ffd596eaa731fc113d556c |
| SHA1 | de4c7659fa6347b760722282c05d7848e96b359a |
| SHA256 | d1e0f32bbe3a6cf3ed638c881178b5398162941c243e9a679c233f2878f5ab72 |
| SHA512 | 6310af1bbd8a4a5c0e837efa634c1ec062b06c1f607725a88c87d8571053c7aea7751a10c9d1a2e595582cbba4511d9fceca5d232df1b6f8bdc65a1af3c74be9 |
memory/1592-4639-0x00007FFDEBF60000-0x00007FFDEBF61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cddd17dc3a80eb7d32b040c3508b185d |
| SHA1 | f50c9dea6d9f3f7e2ebd0896b03f538ed2b0c6af |
| SHA256 | 4d58c10e1265618f02fcd01cd92d94e9522f115eecd9326ef5b893b79e670756 |
| SHA512 | e7c1a828499fa14b23920407320d0c163f3712b364eeafc1f6fbb819a63c0420118dc5a142dab36ca7cb3a5059ee14ac1f0abc49091055d6c57d301eb6243738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a975f7e74b39df5a29e00161708b9f72 |
| SHA1 | dfcc33c63c91072ce9dd947b85c7d44e15aed6da |
| SHA256 | 1d654b5eb439fec4ced3101ac83c1535a5432631c0a42d73a6490fe1ab97ac19 |
| SHA512 | f1af68bdd55fb10a07e436a8433c63d047b0b5fe14a5b7fa6838c751cc61c62b0c9c4ebe6d70f8c790767f81e950adcd0262d169778818aedb9092cd0c8b6cc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70c996887b14b99580da6b19650d95fe |
| SHA1 | 1149fdd93bda6ceccd09e24e19af981920760ca0 |
| SHA256 | 3d2073f2471cd5d72a63b7782fd81da97712d83fc8dc12a6b36d579ebd431786 |
| SHA512 | fc4a311279c675211c2e61d60a2ced1e380259a9c8f62a5d4dbf8c62c5976c781039e5d4ed0cd6664774eed31a808b601e96cfe8ebc46d4712e60f96731614e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a0ebe6ba591422196f2c8379a986cd1a |
| SHA1 | 6089136c3863b8439d97f984f8abd98359953d13 |
| SHA256 | 774a6a7a84e5065c064d43790bcca587acc07ca8ecab458b5c9fc53c60edd917 |
| SHA512 | a414f75aa2dcedd4b468bbfc7e58c5c38b21d7333f4852be99b428bbc4e953978b5f1844ad94037d107dd77180f2020514c93702ac61315241dc4429195ac150 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b01e71dae227da9a1bfc990b989e6380 |
| SHA1 | adf02a76617c1719acbcc0f91bacec70a8331110 |
| SHA256 | a77e66692d48439113aed7c14409af0de85321eb677e574b18e27bfc6b27d413 |
| SHA512 | bd106f82a6f56103e8b95346bf4945bd3539ad6265bdad93de373664f82b93426d91cf3982fa92bcddcef419eb03fead93c3f28ed57a1622b01381486d024e99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1f0d8986613442732050ddeaa4040a6 |
| SHA1 | 8926aa04d7637bcf3043d6fb6c3b31538a5b1556 |
| SHA256 | dfaf8b447e70070d17946b859834c3fdd8a16aab58ae0c46ed36b55dd2932168 |
| SHA512 | b9a4c317ede4e82a1221885a1610c67d73aed74b7834f41ebe6a2241b61385f41f6cfbb5128b50dbaac1e171957887fa94dca791731718f784e095a4ea76d687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d9d89c1f891c9c07b1edf1e6bbe24ea |
| SHA1 | eba674fa2f57b98234653adae44b0f23ceba69ab |
| SHA256 | fbbdcf19ef46ec50fe0502a7f68548e16d1411a125a18ca7f162e476de5347df |
| SHA512 | d812d0f2ab807dbbca5f6b2c80851ab85ce921212872b470f0d94d6fc4b3d0da296bedb0c367c76f014a5bd69565b6d2494d2d664fb6756d0b1ab56c408a488b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6facb99ee4b54f859a1da01d9dca7e22 |
| SHA1 | d22a7b21a6889307271ddf77a33e7ec70d7d0a20 |
| SHA256 | f2d63405471bd9b27f7ba421975932339ab80a161834da32965daaed1ca2c1e5 |
| SHA512 | 6a3efe5399a54ffe9ea906044fa91ad30af841821563e49d484d71f847f3c2bbc7189188daed0aee92d6f048698442ad4bcfe544eae84de9701c249f1cc13e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65dcb22c325ddd4a3954e140d4977980 |
| SHA1 | 01d286e081ca7d6812c7a0d3c29962945fde8f02 |
| SHA256 | 529a11924f59efdfe976e1a12951cf6bb059edf8d6afff8750622e3c7dd9a980 |
| SHA512 | bb093be3ca0a24c572194c2e9ea9beab1233e80f6e91991a1ca9b5912b928d5fe46b6e8a32e0fb051feb9b3473a33297543c90ffb892a4d02c078ec074b3f875 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aadf2a1c9bf13605ce8ab25dc624db8c |
| SHA1 | d5999c203d57cd4cdb26166cd835e6456d380251 |
| SHA256 | 9cf76d9d32dafc6f10c3afd883086a73eb85677ab31ff8f89ce9301d11353a37 |
| SHA512 | 2bdf406884081d23084845f6a276c6603b0653942a739b6eca022c69fd4c55a0135fd05634aa2b8905be49e4e77afe8e73862deaec0671ba5caaff88f91362f2 |
memory/2964-4763-0x000002DCF3B00000-0x000002DCF3B01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4fea877e229f41cb9bb20e58b71b3ff6 |
| SHA1 | bdf509a08399892b6646595a4b2aaa584982e96d |
| SHA256 | a7433d7189d8e981d12ee03a686e4bbcf2ca1e7a2126535db5271872d8003b72 |
| SHA512 | 3ede398a36c9a0743d9b3574a24c4233c78a3ce15939963f20d3dd593ef1ce3e8eacff01d939c1201fcc39b4950518fd8a8a7e9f7891dda50d523a627d4144e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2691f2faec18b4c1143a5944d11e28f7 |
| SHA1 | f42a28a7cd106e000121abac2390f900497794e0 |
| SHA256 | c15a9a84673de1dbbaebfd1a1781803368e1262855d7965a0c33e8ce350339cd |
| SHA512 | 6356f8a03463aeecfd05773b5b7eb7d6d51dd02c451b3473ee0f169b52b21d01f9bd97b01f6dfbf171c0b195ff2dbed4ea23ed020ee1ebc7609ae7fbbb6ae284 |
memory/2188-4876-0x000001C8CBA80000-0x000001C8CBA81000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34bd407a5a7997ac400e76064140f93b |
| SHA1 | 653d15fa3cd4ec921e1a6340c310fbcbc07a60c3 |
| SHA256 | 9a95ee279ec2b3058fbf463ad6370b457edca0a3a91d6e58f3c8e0ab17da8db2 |
| SHA512 | 2bdcf19d69bc77be8407263515c46d97433629f267c89a8f949668ad3b00dc4203cc059497016adab16a61a0021906b519b97feda363a1d473f97f6cf9202d88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7f35380afdf1c9f0d82c48147c4857a |
| SHA1 | a53f4a4634c70f295eb518b8d588010a7e14d052 |
| SHA256 | ef6ec75d60c44e6643dd76035b403deb2e26b1a0da0c1b246f0e8d8ce91d3b2f |
| SHA512 | ecd912cf54cc621eb204d6f33bfea6fa09cc6577f7c295c5a13fea9a0220fce15d1bbd618d1a4c5d1c1d37584cc4b94873aacc0241264979164382e55d8a9a8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a32d313e5e8873681547ec5803428c1 |
| SHA1 | 21da7237f310277386172137cbaf830bac27a027 |
| SHA256 | 2e3179a7ab9aa2a984460df6c15f8f8cfbeb9f64589a986999873f42e508a07c |
| SHA512 | 5ab5b657b136c297ce2fa1580a50da17646b95ec5c179f4194a82105b3db78d29b146d03bd5286026b0d449d6aeb4bf3136bb1be9169916c40836797b3cfb022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3556c523335550a3e79e2734b71d0d8a |
| SHA1 | 6e53409f22f33c68fa9f7f5b10888a3b9fd6812d |
| SHA256 | 736f097785573fa25eb3330e6a854a44cac08e69f99ed74461bd4637270b1729 |
| SHA512 | ce1f572895afde315e8337ac4f7ecedd15c7e551761afd24f9b1a9709bc038ab7926f9c5a89cbc766d0cff6ab3e94f9b39928cec50682bccecbbf9acbf01344d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1918b73adb491096abcca37a13ac393 |
| SHA1 | a4e60918a9da86f6c46b3fdc26c74430fc3d7b10 |
| SHA256 | 37b2bc79c3f3fd28992c85cea690f6815e20483aacceccbc8abae5575e6b1edf |
| SHA512 | ae479fb3c2289cc5be28c6989169c1ac178772480c35cb57f12e344e5f0844fa86d412b45a07065c27663c19d5825ead839e45b86c3ac93c5ef8db2e29270001 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 68a6e6dcc620caf15c5fcdfe84768c70 |
| SHA1 | d67bd0585be5e662fa52cf4cd569992ac0bb3007 |
| SHA256 | 7a3841eb03bdf18a8b57671725ee4c166502aa48e8c9da08d2ad0fd02b38e545 |
| SHA512 | 1e247df61b68150d5734f89c614d6362d611869b6618dc80033702bde5811d930f7c67efdd12a073a27c514fa95818c81d1dbaf1abac3bb924443491e1c49916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ec776f92aba47b3a8f1a13d8b4a0d7c |
| SHA1 | b1b194d6e775e2eae1812a9e09394de40cf1b490 |
| SHA256 | f038c6615343d8ff39425cf568f78df136ff8beba28b05f028f444a62c87e66f |
| SHA512 | df62510bb91a56cc627d320dd672946937f548efea9a869996a3b797a3e757a947f31617b973e870328d1db10db0ffa248330a7eeadb2f616aa755a6432531ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d2b5ff1bb3adeef3c2ce74232b7dc13 |
| SHA1 | bbd79bacd5bc2f686de0b5b66cdad80279acbca4 |
| SHA256 | c83219f8860a703ee729876e30b0f8f92dcff7fe74e56e34e0a9a0c7d4afee96 |
| SHA512 | 96345b74b9c3ff62a5c0f8cffbf0d4f32bfc6f69c28f3479929136545464543e1aea98cf57344ac152bdf98deb918b9849863fc052d74edddb1607c0487f080f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9cfa0ac5b3098601bf4d0c74695f0fef |
| SHA1 | ed0774ac506c4fb2f24910d53413af1989928069 |
| SHA256 | 1b9b863acb2bc0c2c86d79897c55df2ba4d8d18d1eda03dd3fd74ad49d892dad |
| SHA512 | 02e7cf309eaed4148a8fbcc9ef8543ead338bb6b905f235d3a030f9add65e4824a067b69d715d0f9f208c8eb42556dff7f300875ba445644472d564d83c93ccf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2433237fdaf2cd85ddf5811ccd6b6af0 |
| SHA1 | 0556438dd60785945e3ce1dad0fe05a0bf8edf09 |
| SHA256 | 46fa75394c27ff3c8deb86b8859b8d6e1e1409fb5d2e758e48fa1ea56522a5fb |
| SHA512 | fa25a426dffc533f9a66e531a79c0ba4eb60498452fc90c4f78d9f424261bd1d5292b5bc465496c6c9cdec8944f9233d8d645d0bbd1251fdc7c578ace80b162f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c136fafc868be34b4353a1b31a281b04 |
| SHA1 | b97f47f8131898d49ce120b36ac4241abaaf1208 |
| SHA256 | 46ad7aeb47cdb82b01de8875c989f617b7f682f952d82036b854965fe6d28d4c |
| SHA512 | b626807341dd97bc62f46cba88b5eb690ddc9802153da4d2469d5acc2d507bea1a96249872fb2d24128a82dd60034924e119e911744240e6b7a09def827b937b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00ede0b3a445aa022ebfa6d081f71a59 |
| SHA1 | 455ac97ce5d12bd3a015b825b3abe010eb40d637 |
| SHA256 | 24fcee1e86b925ecfe5e54bea16b4bdc52865b3e5b4016d1e5c65c7b809f5ea2 |
| SHA512 | 1c37756158b1b9390c19a787ece20efad1829de82995869ef481f05d364dfa149d22395746a3876cc4f249fba76fb47034b84358234cff0d5e8498f96e52af7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a1d565dcfc7b9eddb052cb29e0e7baec |
| SHA1 | 1a8b6f11004e010b0800298f2396eca2a6d7bcb2 |
| SHA256 | b4dbf2dcbe134228821cfce09e959da2ad496fdad2840fc68d24cf706d3607f0 |
| SHA512 | 877f3ccc9d43c3928c30ab56628e25c6c050a045b64cd596d486036d5ec997d956b6584b32b174622f1dde22d6eb3b9d28d39a0a34b970901f43c69eff25cb75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 568bbadfdb52b9c7d39168cc755ba5cf |
| SHA1 | 7243f04a412f8a51628708fdc028de76c60361e7 |
| SHA256 | 9a3f40bda59411a51f394ed0885e715e94c9babe6c90184020caf0c2eb5e8c03 |
| SHA512 | 550d9305507603faf15b61ba36bd4ae48b73d845df07b25031305606e49a74c374883b57bb1bcf22c41cf2c30b75afa6d944db62cfbfed4ac388fcd4ecbdffb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6905fd827d9c9892589ff5cdc24c8510 |
| SHA1 | cf9619ef05e60152aa2a5d1773c24837a00ac220 |
| SHA256 | aed28c9be3070aa0421b6e30f51c0eb7d1182d4b533cbd69abef667255428fb1 |
| SHA512 | 283d00723c2e699ebfa64618ef3e9e95f3c09b3f91b7bf545412f76ed0c98bf65701c43ce47ea281bfda8880d0e15965c9254ba8a7e8e7f3966ce0f12fcb78c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c3412c9f4f154eb822ad89f3a5543849 |
| SHA1 | 988a6b15364c53b52bbbc96a0642da76da4ef1c9 |
| SHA256 | 7f55e2767f01eaf63773e33b35c6c74b4289c2831c51bf5445cca457df273898 |
| SHA512 | 44bd97a9ec5ccf6cee27cae5ff1a9e63f78d19cbe268201551251b4ed016c6ce436f110e3e870ccf4efb416ccece8220376402bd6796cc80111c0256a8550551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63df3ced7cc27d5bdbdc8f7b554e110c |
| SHA1 | c50d8495749d88b5dad8838c28819170b4d78ded |
| SHA256 | 96707fa44b432db9e66cf2dbc685f597f846d4d26c9712831bb1843be6b72115 |
| SHA512 | a9c8035e91c86be9e2b653d1f034d0c559a02b2f2a09f30c74411694c5053fab9f98fb248cc6cfd5f0e6fdef592b221eecad5c060c39ae58b7ec8b8c92b522e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ae15f1e36996131ded401c2a27fee3b |
| SHA1 | 3acd504bbe9264e8a214f25dfbc36c7d46ab0038 |
| SHA256 | 658406b873fe211f934d3969a02905a8cae0e912431f90952d3db3b16eb01960 |
| SHA512 | 34adf20bcabdf82d62157fa8127b9f427bd7443e0d28d034e561c2b3babe87a9abeb16dc370c4129eacce9d73666ec9f7b6ce96bc9f88f081e0a5f5e951889b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5be35c8cce9ca44f28e58afe93b3fc8d |
| SHA1 | ed6d110817d81a70d504105ce032a7db9ab2f2c4 |
| SHA256 | c339bae722ca7e92659955dcca296dba16070ab9927ce89322e404215bda0108 |
| SHA512 | 5622573e35318e92c1642134d5b5352b677b7b8fb9e0888ee89f1ae9147f661ed7aad1b36dc77db063981e1745b82a977ef3dea68204340783aa1a900937d528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f84f8df313cebc6355f7890adafc58b |
| SHA1 | 619ebaabd5a943e0bc603833286da874494d356c |
| SHA256 | 901af963b21a5983077481c55974404055e0b94521ceeca816b57f51249ad83e |
| SHA512 | 80ada8124735d09c22ae755d98d0330c6635669efa84527cec1faad91040ab633f5f3029769244075d45068ceac327f8921568b7a05d5a8603ac90b560f54b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3bf2c0302c9820a7f4bab433f6a17edd |
| SHA1 | fb6984c516acb4995d030a3b5ef8481261527e06 |
| SHA256 | 7eb394bc1b389c43a03a378661daeb20e0a3451ff37a0b71e4d4aa43b4b07673 |
| SHA512 | bb1db1a00cd262e59cc7df5bbdeb62fc25a0616371862039cf941093875a75d19e631c86c5f6a2447601ba2db32025931d8f107569fbab6a4ea202662ac3bc08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 497735a9ae6c1cbaddba96f7b17cf47e |
| SHA1 | 909a6ceef77b7fd9c21dc6e5ea25633b1c3280e1 |
| SHA256 | f17e8b24a4cbf096eb6a3f19fc20ca1d6fe773081f098b20fb3b17533e0ef4ff |
| SHA512 | 55d3a9faad402a8529f5af1f1309a64f9ad57bbf0d7192a088b755e54e280d557ab9338dcc6737dc9e3a2011911f08359b4a2e5a55bb41cf1553969ed2edbdd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ff9241b6e6ca2510569128fb15abf8f |
| SHA1 | ee09007cb1c67e78a1ec11e10d76c296d3f4015f |
| SHA256 | aede6aeb3987e1233e6c9bf276786f1195e8e8c3de2aadcbf6087d1ae16073bf |
| SHA512 | 79576e304ab46bd1ccacb66edca1079f3a7271448af5a398117c686d53e4964259b7504ef8cab64a793f8d346b0c1322be3489fdb7ef89d6389262499bba6f8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b77a736797e6b5b8c143f6ccbeef6311 |
| SHA1 | 56335a33151533b1545682b952515a6ac71ae437 |
| SHA256 | 42ba1bbf46c314841ebd26bd22b0a0b41bd7e7c8c06316cd66f6f63829f6bd32 |
| SHA512 | b17006ffbab0d04307c747f4bf0944c9a1643a06096aea3ddd8178aac217623e8a573d749f43f64b62033b16dee537992fce987d4fea688f8dc869e44ad90b60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2a03843118b531fd0b6f9888367a655 |
| SHA1 | d61bd3cc7d6f6d5c686c16460def63af911cca36 |
| SHA256 | 7766bfcfcd31be921a4f6ebafe5fd1ab8156e191428af7ad7e16123180e36012 |
| SHA512 | c3d48d3c06656c5519411e732ff1e5b8700d4de4e8463a01adbe8314f3aa22afb7ba5a695aec63b51e51b9b2298c960af8b0ff0e90c0df2db9a7f435001db85c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ba1e8c8e57b4e631ff201e5cb1d8ce91 |
| SHA1 | 37e44c29d1d60a7d8125c1f32a6de9a23e2b2ca7 |
| SHA256 | dd08e45b7db9e3e8efad9d72aa63284bde323a4aa41bf24e252bb09a605912c7 |
| SHA512 | d1323ac861fc6249e22d58941258365288da4b4a1c9076e3f6b5ce146e569677aa6fd13a19b3845e22972f3e4d75732a4908804c27f41236d9c591c0aa35c2ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9aecdfd22932fa72f37197b3c25e278b |
| SHA1 | 867fa47d3d086a0f5bb4484f77455705a530f3e6 |
| SHA256 | 772c1b8c24c882b81e167032ff1bca5c703068a44aa82ea64eac33ba3941b717 |
| SHA512 | acf3869af4d039721dfaf92146827f79cb3c3cdcb27c38109803e3d9fe09596d0a818bc691a1ca7351e99be4651c850e8ea2c994982aa4e56497587a3b8394a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c488a16139d3bfa291a8a512efd7ef6d |
| SHA1 | 67b20e5c91222468aa88a0dc464ea7f73ea69f15 |
| SHA256 | 17985a1b43840ae4b3dc786d18e9865e992b78b5ecea1212fb566a0d8b80348e |
| SHA512 | 7fc0cec835ff974ce2a70bde24b4781f84baeaad1ca6f1ea91ce03874885de9b7afa6b697d7b0c033e241a4e611af8def0f1d446ec9af3ec89841841917e4a32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7c5643b03905c6400a9343ba181dfcd4 |
| SHA1 | 9ced11d9c25dc55122be7870388ca4e3d12a6e21 |
| SHA256 | 58db8b47d906b83d108ec1eca9ff3555a9878720f36b3d0893e71453bb553ebc |
| SHA512 | 66be033c9aeb774464b6b0328a00c7d1991f33799cec7c19a3450a38ea7b238ce3eb84ac2d142b5114565b563f70a97467860293f1e3d28575df90c16e51fc31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d6cc8c75c5710340f398569e83c33ac |
| SHA1 | a2cdacb8573527f0836914eeca41d2e1a0c0c1e1 |
| SHA256 | ea32e0e51592d20923a6516ebddec590cee22332da5f28a50947de1e905612ce |
| SHA512 | e9e32f9fcb0c5bbe8ff578240f67fdf5776598e442398e2cd36fd3f6796e1902be6f5947e34b55f3e491183013d94dbb3fc2f230b849c59b0237cc30d931e706 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a5df9c47df6fabf2df93ad492bbdc6e |
| SHA1 | 4ef41848d8a2497cebb1fbfd7977b05a22520630 |
| SHA256 | 062f7713b111852ba1bdf652ebbf047fc303f9b29f0db2e0ea092bae4a38edde |
| SHA512 | 50a8eb90e5f96f58ea8261cb580b90798f39fb4b9ab29d68c20ce63b8c736e55c888ff4e30e09d5d2aa9ef368678417577f6886c1ee3fc3a3be34f321f4943e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24ef4ce36533b690cbaf0414b2793f13 |
| SHA1 | 06651ee17512ce785be0d6fd4b44e3df4e26e2c6 |
| SHA256 | 5f60b1ffcbd987fd57a2c6d62111ee2b7a5841745e0bbf053bafad69fe336cea |
| SHA512 | 5b31c6cd78cad60fedbab29425b89b6b9740e796a021369e2ca3cd9822884a0c8e51fd5204dab29a8636aa8645217a672bff8f22dc64ccecb451fbe39553fbcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ff9494dbe630b5a5ffae96e88a06a0df |
| SHA1 | 2c1dc7df7fc41e7189bdbd4550732d87f1b0798f |
| SHA256 | 963fdbd84b7244ea472eb389439b89103a5ec029717a050e28d476df7323dbe9 |
| SHA512 | d69a37b27e6632b253165007cfa6b320feb7d8e45ce7e9fbe180503d92f4e5498a2256c2caa7cd03fcd0785b74555026b2791df101bd7c3416419369d59b56fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26ae8e1b075f241cdf7171a6dc9d2a8b |
| SHA1 | fcfc1b419dab6e182b7770169b0775b69d2c0110 |
| SHA256 | 17206c59304b755a40c5628879bf5120b06e1c9348cb9bb805c8385bb273eda2 |
| SHA512 | b39276812ba6202cd9de749ce10ccb1d355e2c2b2d94f7139ca4738c37abe9ef7ebf4a7ec322a4a2bdde674083334f94f04bf8bbb6cfc93ff1eb49e1b34f3801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8c3521ba3d3ec1559ba6e42a05c2a4a |
| SHA1 | 351a49b94d710bc94442ca529d3fbc4af3de1c04 |
| SHA256 | 3f54ed60845f6d122b0a7fe9640c486b193e53b809067ee58695082aff5f5f04 |
| SHA512 | a45a3d7c0a8b9a9486278fc8319b6030f652b12d02022dd445a36f4d8df36138765b94a38951080ab4ffc033f0f270a9495f0235517bf7b48b9d50b7563a5f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79904a954228fd7d7b45bd2a248b38a8 |
| SHA1 | 4774e9daff4b0644bf4754af9108b9f84f6073a5 |
| SHA256 | a0fa5dd66ae5cea260a26dd076af5882b9cfb51d5aca285cda8cfacb60862508 |
| SHA512 | 61e4e8c214b00205b2372311508a1d583f889bdba18cc2826b0cbd6ce10d8f580f0b468edf37cdd7a0fd8f3c16b76820ae5218e9f779076452d4e0af2e729b51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3ab84c9c18555b5d111661a64ff2a532 |
| SHA1 | f76b89b5222a20e4eec44c7893ec039a3f5d1a28 |
| SHA256 | 9aef17304076b30de8734e5def143f62d64572a59f93977ca3dc024981682350 |
| SHA512 | a082419727381baa2b2dabe9450bdf131ba1e9efa13bf2ca7f243011573e2466e7aff48192e598b6dfe49c6992f1106540dbe46a1fa740f50c0a33d60d0c5b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4cf27f38a5fb5778ffdb11d24ccc67c3 |
| SHA1 | fefe8fdf51d9cfd7722a0d8d4735cb52c65bf33e |
| SHA256 | dd1f9f6c8ca90a0d2bf7ea69bfa7b51293a52bb7aec089d693820a4d173f7aba |
| SHA512 | 49dddcf50a37d2ec27661e59b6eb6ba526a2d1265ef4638ec925b58acdd96352da42329b552ae980ea6398c0f4e57defde2b17c9e2a7f6244098b49cb5b162ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9afeb878da8a6ef043eb27d9dd28d53 |
| SHA1 | d5c54fb17abe2b4a2006b95890d755d28213a9aa |
| SHA256 | 94866090de033461d43390fe0768b21f77d55ba59d0e6368c27d0e7a422123dd |
| SHA512 | b034eefbe7ab1b7b421c264bb9d36b6d9d95596a975b08ae196c79927702ae798e0788f1c98727f73200a72e7a60e3e0e638e0b441f3ea7bafe38c72f25e5828 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a898003e-81d0-4537-a658-fcf434d809a7.tmp
| MD5 | cdc7a4282a95ca5d32801ba0e47c8273 |
| SHA1 | 59d9d31bf06337b18501b68905fd24aca709c62d |
| SHA256 | 8d9546be79162e5336eeca73fae443a010444469fba64e1887ca204d8b4736fe |
| SHA512 | c99d4f4393d2199bd4e9f002d5fa992daf1726af97b66d61d5842ffe0ccdb1cc4eb8395d0cfebcbaae4400e4789f847ca6c5b7f5e8dd4338d322c10a7ae52607 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ebda12586c3cc4ddda43587e3783dd99 |
| SHA1 | c3c4c8411be583ef16d6714b01b7022c09b606d3 |
| SHA256 | 02cf6f5c8c832ca25a56e5b519f42c772550f1427d360a2ed33b333bf222ab88 |
| SHA512 | 329a1377280552e7c3b07caaa2a3277f515517f7598feaf8e58243b02f846f0217fc99092437721d335d19165903c5d3a7f7e4ba57b9bbf3a74fc4aac5653568 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\de3f2023-35ab-451f-879f-9f31a29f7fe2.tmp
| MD5 | f9bbf18ac1d83e7d24efbfd91dd97064 |
| SHA1 | 93b3d63d665cad40750873817e3a651c27ed78b1 |
| SHA256 | 9cfdf32e17d59a236fb97cd59926c25058211e3001f205035106a166e725a7a6 |
| SHA512 | b8500cb313c999c890cad21d5d5dc93e38fc9dfa10834728fde21bd640f711f6d539c49042481ec2d633bccc4e1c6472471ce7f79522202b75b4900a0342537e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a086601a6df069e1c446d07717eaf67 |
| SHA1 | 9be23c1299530fc9ab8a87ded7a568608e2e1ad5 |
| SHA256 | c7f3dfe8a38d10322125a8eb69cd8e8b8f9f87f9641706212061ed6d0a8e36b1 |
| SHA512 | f0a4c9e1f6fbc3b62cd880e53a3e59d5e95f311b3486d068a8ee68e43e4e48db06a8aef857d91fd189b2c31518b062a9ca1db3f22ca55ff384a56b8b3ec2a1c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac9175fc943ce1022ec6ea02babb3f26 |
| SHA1 | c9e11240583d202c28c4ef662e26ae03e6961e14 |
| SHA256 | ecb7d51ea43a42a603d47c7b3ba1c7d9f1f9fe851e2550d1e544093cbaf9a93f |
| SHA512 | ea9ad8f819136d96f5e1df6e6ef4ee0b373dd2c1fc05f0b981ff03555f137a7ab58e386aac04aed7cafe14fb5f7b74c930ff1cd6a86ec4a8a1caedac54d294cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70727d31d60fc489731515f19691d99c |
| SHA1 | 9e41bb98e3c983e0d449a373999122fa04762fb8 |
| SHA256 | 19ba02aa2fc52d930acd59665c39a9e99e802d100de228330b2fa83e7a3cb02a |
| SHA512 | 292dd28003d50f7148c4034f507cae6e6eabe15f0d413d36869cff06785304e574d14797293221197b82d2a588cdd5bada19ee55dae93b00741dd7d28145823f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 87d5009b9d3eab6090f68223f4a5bf0b |
| SHA1 | bb330625d3e839d761135259cd8243ec1490df6f |
| SHA256 | b7108878ecf780453c244b887f37315378e6465e5100cfd7caa52a2fe908e23d |
| SHA512 | 3b8866ceac12c97439a2259c490f7e7faac655fb07ec820a1d595eddb67c3da3c0f78ace9f5db16763c2d625e2651a8a83cb7da9b520d15627098fd0fcfad19d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca97491b116ad0e77af10c9cf108650c |
| SHA1 | 2b7944f881ea200c064e520927e023660aa3e3b4 |
| SHA256 | d0b1f7bdd95627e79140950269685eb93dbaa1e040b9ef333ca6f134a145e6a1 |
| SHA512 | e672a69f9ed9f3594e497e5c59530b4164dfe5a32fa889bd1d05d4e82039741c3e09b973b59ee0a8a73c98c85d83e673b6b6789e7169d57422e12d2fe3002e48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f0214eff3eaae8a88dee099bd5a65bf4 |
| SHA1 | b9b6fa00584e4acb1abae95222bb00ca0811ea16 |
| SHA256 | 80026c2dc662ccd7443c9ef417d5f886debd07e221689b723c1a183db55ca68d |
| SHA512 | d17a554b4fc5b24af8e507107afcd936959f7c8697b668b98fe5ca46a4036084fd60f43e3912b88c866df2239bfbefe4b1474c98bba8024fc98c2472ea3f796d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c169ef6f45e8582e979cd077ece75e00 |
| SHA1 | e66440d61fc225fb3d07c211a503ef8504806af7 |
| SHA256 | 60dee6a054b4e66511921a3fac1988cee57f00928a3850863a0fe97af7bc6d52 |
| SHA512 | b6b35cec5bcc6c04cbb22ad92cb6c2b355a05641798a2a7dfd242e38ca8c91b1ab2599f5f7169f738c20796a1b6f8e523f5f3fcae0f68ed5a146d681fbbbbeb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 32ff5096cdb2d644ebbdae7657c0147f |
| SHA1 | 65225512f3e1e2e35397717edb080ba539bba746 |
| SHA256 | 72da66dbb8c74157ee019887706b095a682920fb29db2fe6504809ac72bbf473 |
| SHA512 | 70903e7510835bbd05bcc39317ba07ba1dcedab05163417330ec4833574970ffaf78ab78ab157e659f79d41f0c66844902caf159b9faa86e10b1bd2e30c3fbfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8367ea728eca294ccdf50169b86d6882 |
| SHA1 | 0a70373b2b581a46372d063919836e50d76a36b9 |
| SHA256 | 454bf7aac01cf02cfe9573f6816d4a9159e691de245ef23278f9d069fbd8adaa |
| SHA512 | d6922d207ba8a68f85136a8ea9a143797d85d4067b1a277cc6ee6f0a85d25ed10c87050551ab360abc833c1a3befbe6de43baf25a4f99468ba957ad7798b1cd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d871da971c22179098068ac3c99cd9c |
| SHA1 | bf7d7d5626b25a1de220b2a1e5a941ba1d039c40 |
| SHA256 | 366cfbf0886137b8e938934e6a74e4e907847e59f5f49ada691a88261f571132 |
| SHA512 | 5bb28c3e985ff9ce995b455bc1f6dbbb816a1252500a2c9a9b47df631b54876c0d60f751667b442e8c514dda6f135d3570a1f05e9eca3a2ff8aff606b26ca0a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dd4ff9a10895c6c5015b0741ce364e6f |
| SHA1 | 77813afde55dfdd470496c787c98bb00139dfcc0 |
| SHA256 | cd8575727c218e6abcefe044d0b12eed0fe9f988fff0b8309f5885d88ef019a3 |
| SHA512 | 86a6ad52981f5f79ecaf3f3ce2b187dd8f22c53edf8a0a208e6edc541841c37258c8d3ab632f2f0f8c6bf19aede153c85f29090c636ba931ca643057cb37a9a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 23987dc0b985d8e95a43f2a9be84493e |
| SHA1 | 6d388c958973edfe54eec46984b6ca39b2e47426 |
| SHA256 | f13fe70b4cca1aaaa30046d58ce7988983faca6de275b2571ef998b2b4edf430 |
| SHA512 | 9fa80f9d3119b1f54f66836be5627f650e86987e19f21d0358554c4a65a7caf46ff700f7c2e1337b995e2346a827cef14c77292b9aa77ce548c18ed56947da58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a70f846b88f01be4119eebaafac7ac08 |
| SHA1 | 38ab01ccbb6b5150093fc32effbdd1e483b2e872 |
| SHA256 | f7f075bb5911811a24a9dd6c3e60f11591f4d530c48b20f9e57d438736dcacb3 |
| SHA512 | d45c5f3ff3ca962927a456007ea89685f15aebf43ac43af6a5a4de138364c0cc2fa210695e440578f4201ca1d081664502e2d035d077a2edcbb1ebc9ca260236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8e3f8fac23420c9fbf504e876c8bd71c |
| SHA1 | 7f0571c6e83a699eef9e224fc11ef9abe1b05c83 |
| SHA256 | faaf9d51ec4fffc6483de2f75ff0ac23b3a131b6aea4656d7d77d28a040c050e |
| SHA512 | 5243c33ed8ed9c57b2ffd37e2090ba4d1d52be276acb56ee2b8a4325dc68d58ce1759bcbb6cb0d9c68c60b395b963387bb721b5dc29cfcddf51297b0241fd19d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bcc7b01192a46d968ecc1686fa501f85 |
| SHA1 | dd702372a36f5b8d7637573f326c7b5344ea8827 |
| SHA256 | bd89d232e28d9a2fd04d2b018fab60fa6f0e973e9f1de84d32422cdb069f4981 |
| SHA512 | 238ef9fa59deed2e8cfc651e441a79e6420ccd0a3b66c18867ae16a0668c4705abf34390a3eee353dccc2149eed2f2b8f9dc649ef9cde16bdc769ee47011b272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 47b95bea145a499f610b142e310c6720 |
| SHA1 | b4b03ca6674b1e6148d35cc8d6233fb59caa7dca |
| SHA256 | 40f34596678b8b0628b78e43a32f267ec49b3022d0be8c83903f8f22dc6d95a2 |
| SHA512 | aefeeb0d05d20e1d63a2e163acee76351e4d3ad491df86dbddb7db4a732c1fe06f8837d7be122cee9830ef9819466fbc8b68ce890c1e69668af2cc1fdf1f32a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a573c9d23563cccfa17838ba6da1cd0 |
| SHA1 | 8938a8d31033b9a33f8caff7d90ab0b046a05682 |
| SHA256 | 7e7b0167fd6d56538528aa091c7af4ed510c8451d6746a1dad652a55967a3ac6 |
| SHA512 | b01a695cb76dfb5d7b8d938e01f5690dac566b527d79d778656ff45aa762c8938c6bb47efaea9afa8e9e1c490156f91e61f1a55a811475487762f1c09babd9db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f34cd0fb071f8b11d98b2bea3a1c7f27 |
| SHA1 | 29686b11fc85937e6a9f78dc1cde05ab7a043ea2 |
| SHA256 | 3de5e8cc82008f7b036ef3188adb91038baa3b5d4413665e5e09ae3c5b37c8ea |
| SHA512 | 6fcaa38f6d69856d7d3fda03bd02d53241c2fe66c7820d529d4ba2a2830d89542c3f26bc27f3a4846effc93618748e74355cba271646a2ac87e38489acbc968b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f847d91fb3c92f290b3ef68ee70306be |
| SHA1 | 9c202181d1f6a15b3ea807106906fd703221b40b |
| SHA256 | 3dd6f2ec5e8605b8f2640b93d4f435a22de9173ca66506988ac8186d40039c16 |
| SHA512 | 7bd6790a528328afa951cc3bac08d80bb5468f6fe7fbf5b98f82534c7b0465c7982b8b1d1f24578ae894b823010a18bd3bc471c781bb1de4cd8b651d18746521 |