Malware Analysis Report

2025-01-18 21:45

Sample ID 240414-ptlvrabe81
Target Jolly Jack.mp3
SHA256 69078eba8b5498881482675fb4d43407389512ef0d59f6b088ac19e05f2504ae
Tags
adware discovery evasion persistence stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

69078eba8b5498881482675fb4d43407389512ef0d59f6b088ac19e05f2504ae

Threat Level: Likely malicious

The file Jolly Jack.mp3 was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan

Sets file execution options in registry

Downloads MZ/PE file

Modifies Installed Components in the registry

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Checks installed software on the system

Installs/modifies Browser Helper Object

Adds Run key to start application

Enumerates connected drives

Checks whether UAC is enabled

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

NTFS ADS

System policy modification

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of UnmapMainImage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-14 12:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-14 12:37

Reported

2024-04-14 13:07

Platform

win11-20240412-en

Max time kernel

1798s

Max time network

1800s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Jolly Jack.mp3"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2EECE12-9D1D-4DA9-BED1-FA0D945F7E9B}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=FA9AADD736F84A0D8E0AC6B3AED2F11E" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\rectBackground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChatV2\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InGameMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\notifier_glow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\TopBar\HealthBarBase.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperFramework\checkbox_unchecked_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MaterialManager\Gradient_DT.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\MenuBar\arrow_up.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\buttonSelected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DefaultController\Thumbstick2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\img_triangle.png C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\copy.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Settings\Help\GenericController.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MaterialManager\Texture_None_Light.png C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Slider-BKG-Center.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\Misc\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\sort.png C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Gamepad\Controller.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\MicLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\DottedBorder_Square.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\scroll-bar.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DevConsole\Maximize.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\clear-hover.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_10.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DevConsole\Maximize.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\refresh_dark_theme.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\VRStatus\ok.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PurchasePrompt\SingleButtonDown.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\families\Arial.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\GuiImagePlaceholder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\InGameMenu\TouchControls\touch_action_move_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerLight\Unmuted80.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Plastic.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\BuilderSans-Regular.otf C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarCompatibilityPreviewer\publish.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\Misc\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\Radial\Icons\2DUI.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame-10x10.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\avatar\heads\headM.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\button_loop.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\fabric\normal.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ELEVATION C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-8950870ea20941f9\\RobloxPlayerBeta.exe" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 27353.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 307139.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1060 wrote to memory of 1776 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 1060 wrote to memory of 1776 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 1060 wrote to memory of 1776 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 1060 wrote to memory of 4464 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1060 wrote to memory of 4464 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1060 wrote to memory of 4464 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4464 wrote to memory of 2472 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 4464 wrote to memory of 2472 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 4864 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Jolly Jack.mp3"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Jolly Jack.mp3"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36963cb8,0x7ffb36963cc8,0x7ffb36963cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6576 /prefetch:8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7604 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwNjk2REYtRjhBMS00NDA3LUFGMjYtQTZBQjY0QUQ4MkUwfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMENDNDY0OC04NkNDLTRFRjEtQjIxNS04RDYzMjk2NDI5Qzl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1MDU4NTQ3NDgiIGluc3RhbGxfdGltZV9tcz0iOTg4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2F0696DF-F8A1-4407-AF26-A6AB64AD82E0}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwNjk2REYtRjhBMS00NDA3LUFGMjYtQTZBQjY0QUQ4MkUwfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRTMzMEM2QS0xNENGLTRFMjgtODdGMS05OTFFQzRBMTdDNDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1MTAwMzQ4OTUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7c432baf8,0x7ff7c432bb04,0x7ff7c432bb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwNjk2REYtRjhBMS00NDA3LUFGMjYtQTZBQjY0QUQ4MkUwfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQjM4RTA0Ni1GNDZELTQ2MjMtQUI2Ni02NTA3QzUyQjNBRjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTI1MDg0Njg1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjUyNTE2NTI0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3MzY5MTUwODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFjMWZjOGZlLWYyNTAtNGEzYS05MWVjLTlmOTBlMzFiODI2NT9QMT0xNzEzNzAzMjczJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWpPSWNVSlJjclJoMSUyYkklMmZJWUI5ZlVWWlREcnppRmNsd2dzRGU1RktpUDdKTzJieGRZd3RLTlhRMjJvUEYlMmJLJTJiU0lkRXhLMnltSzFFT0hxRU9adXpzalElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIGRvd25sb2FkX3RpbWVfbXM9IjE0NjY5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjczNjk5NTI0MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3NTMwOTQ4ODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyMjc1MzQ5MzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5OTgiIGRvd25sb2FkX3RpbWVfbXM9IjIxMTc0IiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ3NDQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:9oxvqqjfxKGCwNngRsrE7g9q_9aVLwbfyRL74tK-tA12y2ZtgPOGrFFRAZ_Bsd7_lGXhqbFwGeHe-VMQ5Strd1y1DzjId5vdKZrFHSXrg5dXBuyOK8xy9ZGQDK7dAJ_h0PnrmMGWTFERT1suQuvR5PIZJUfp1405F0nssg4u86drS9HNHgxieo4VCXoy2sBa5JOGWy_8YEvhzZyt3Zw6Yx5wUSH-YMQm9Qq52KmuORs+launchtime:1713098401895+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6982ae59-28b9-47b9-be13-31ecaab7a0ce%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:NVHuxY9itJrK_VlDbUAWhfU9_zQ2Vio0MkF_l06wD4JIy_LGZFp5MqB0jApoiMthBSAr6kB-RIL_XsvuKou8HYyQ3z47g0jlm-v-DhVEl2V1QmBuSY5vjBDdGu8DY-kWwks9AW7T4gEEz72PiGY7uFJmMhFodacJrpAk8i7u9AFXPjrq3GN1QItNhXrg83TUXcEDtqCVczyd-d-POW0TvMn1yEEs771fKV4Dl1PQ3nA+launchtime:1713098599798+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd4c23530-a237-4bf9-bfe9-f295a549f119%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:21kpqYR5c2ESGZxC1dpuLdB27HlAJCo0ECTfTA6L0U12-abj4oDSLYMSdP6eCAEjD1_LlpOUmwweo0agx4c0vgD5wbNpf80L8qui5Axdbp4YJ_-sUXtWgHI7pNGNu0WuwfxeP9fvujkLMiEQ4txB0JkePCT9OnTXEcKtFWQAGfhq5vgNRt5mX_StANdc7N2zM6AO9t9jDL1n33xrJdK6XmY7idCi1BTBStBL10liMjc+launchtime:1713098599798+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd4c23530-a237-4bf9-bfe9-f295a549f119%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:9Go8X_2gNeh2aKL928zfZgZpLYsWv4bm5ggnqO9ONdnEVTBcTEhCAENvefDJmtB2ZQiXeZgi3-nScpCCesWM59Y7KLP3wJoVrbJ8qqPD-dq9swzmIFsh_4FGxS_3trAFtTqnatvar2PfQzD_fawB6G11OPDzQYMjvTGIchoK2JvXu4lBQjUA6O7SvpYZQfcGUFtK7_eHmsVFE9GteOzTxcuTeSngGoRVOOCtAia9Wa0+launchtime:1713098737390+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Df6c250f1-4acb-4f85-90ef-fca32dbd10b1%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2EECE12-9D1D-4DA9-BED1-FA0D945F7E9B}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2EECE12-9D1D-4DA9-BED1-FA0D945F7E9B}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{66C749AA-D21A-4572-B188-4D73FC66B4D6}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjZDNzQ5QUEtRDIxQS00NTcyLUIxODgtNEQ3M0ZDNjZCNEQ2fSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntEOTZBNjlBQi03QTdELTQ2OTktOTlENC04MUUyRDM1ODBFN0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDk2ODcyOTI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDk2OTQyMzAxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQwNzczNzA0OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzNzAzNjMwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUJ2TTElMmJGeEpRTSUyYjBLQ1klMmZVaFBaZElGN2JWJTJiNVpWcVZnT0NVT3AyTlFnVWJ3OTduJTJiMDllZGoxVnUwWTF4VWZycjVGeExGcmRsRmdFVGJuNFdLaiUyYmhRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0MDc3MzcwNDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzNzAzNjMwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUJ2TTElMmJGeEpRTSUyYjBLQ1klMmZVaFBaZElGN2JWJTJiNVpWcVZnT0NVT3AyTlFnVWJ3OTduJTJiMDllZGoxVnUwWTF4VWZycjVGeExGcmRsRmdFVGJuNFdLaiUyYmhRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjI2NjUyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDA3NzM3MDQ4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDEyOTUzMjk4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzU3MTkwMDM5NzY1ODAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntEMjY0QUM3OS04MkY4LTQ2N0MtQTM5Qy1ERTUxMDA2MDFBQjh9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{66C749AA-D21A-4572-B188-4D73FC66B4D6}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjZDNzQ5QUEtRDIxQS00NTcyLUIxODgtNEQ3M0ZDNjZCNEQ2fSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NTM0RkE0MjYtMUZGMC00RTk0LUFBMTItMTQyREExRTEyQzZDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTMwOTg0NzAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDIzODkxNzQ4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:5NTYgT_K9UEyhEhJRC8wab7VSuXyZVUIUr8fJVGGUXbnAVeEgoW1JoacbmdQ3UgvnKeIOUIeNQYW1omTDB9pUeznPvNeh65BFJDLUsVVjTYp32HhPzh_zS5CJZMSzB8j7hEvF0dRHDiWjEGVkXZAAvtqIr37sokZHZ1jVh2EyZ7IgCvYJ-oaX7N72TSMykoYzCvt4xrN8k_OORHbRsgdX4qmdtFFWYa1W_-q9MlrjxM+launchtime:1713098922382+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D26b6a400-23f0-4f6d-86d0-08552685b7b5%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:8VOKIm3pBks0eYvUsxKGRK6pdiQ6n2_aLULlDWFDSe1zRZYzMfy9pyXUNt1y40fiFcRAxd0R_uJPryhdpxj2FKFu-CdiJZ0etlzsXSsg6BeMZiW5NMShbiTA_8lOQ__Xvaxj6lgngK3IbFe-dc1DoHJ08bHXFuYy2CWI9rzN_mc4SGm6Z4w-OcXFyP9oNWvjqTqjubcvAPL-LPvYVdcvELkIqZ3agECNj_XSxq5Lu6o+launchtime:1713099067088+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D3df642ed-99ad-4882-98ec-9bff6445c5cc%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTFDMDQyNzgtRjRFQi00MzczLTkwQTgtQ0RDOTY1M0JFRTcxfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTk0OEYwOEEtRDExNi00Q0JFLUJGNUYtN0U4RTdBNEQ1MzA0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGluc3RhbGxkYXRldGltZT0iMTcxMjkzMTMyMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU3NDI5MTkyNzU5ODkzOSIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNTc1NzE5Nzc2MDcwOTc4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMDY3NiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MjQ4MjYxMDQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTFDMDQyNzgtRjRFQi00MzczLTkwQTgtQ0RDOTY1M0JFRTcxfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4NUQzRjI1OS1COUQ3LTQ1RUItOEM0My1BRjJBQ0M0MDUyNjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zMyIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNDM2Mzg5NDE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MzY1NDQ3MzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU2MTQ0MzcyMzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kYTAxN2RlYS0zNGY4LTRhOWYtYTNmZC0yN2YxYjk1Mzg2MDA_UDE9MTcxMzcwMzk2NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IJTJid2w1bTJiYVVUN2VwRDFuS0J1T2luVEt0cERuQVpzTmklMmZmWCUyYk5Jb3J1T25QYXZBREJ1YXBnZE14UHNmMyUyYlFWbldJeVdSV1kwaTI4eTZrZ3ljd3dRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTYxNDQzNzIzOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM3MDM5NjQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SCUyYndsNW0yYmFVVDdlcEQxbktCdU9pblRLdHBEbkFac05pJTJmZlglMmJOSW9ydU9uUGF2QURCdWFwZ2RNeFBzZjMlMmJRVm5XSXlXUldZMGkyOHk2a2d5Y3d3USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ3MDA4IiB0b3RhbD0iMTgwNDcwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjIxMzM1OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NjE0NDM3MjM5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU2MjA2OTU4NzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTYyMjcxNjM5OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ2OSIgZG93bmxvYWRfdGltZV9tcz0iMjE3NzI3IiBkb3dubG9hZGVkPSIxODA0NzAwOCIgdG90YWw9IjE4MDQ3MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIyMDAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff639fdbaf8,0x7ff639fdbb04,0x7ff639fdbb10

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=3 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff639fdbaf8,0x7ff639fdbb04,0x7ff639fdbb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEFCRENCRjQtMkE4OS00RDI4LTlDODUtOTQxNzFCMjhEOTA5fSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3QUJEMjlCNi04ODA5LTQ2NEQtOEZGMC02Mzc5NUUwRkY2QzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDsrMGpVbVllS3RaQUY1QzNnMjJwQkI1RjBSeWR0ZjFTSDdibndzbm9VK2ZrPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjU0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzEzIiBwaW5nX2ZyZXNobmVzcz0iezgwRTIzNjRCLTZDQzMtNDY3Ni1CNDEwLTk5RUQ4RTJCRjRFN30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzU3MTkwMDM5NzY1ODAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1ODY4NDM1MzA3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1ODY4NTg5NzE0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1ODkzODMzNjcxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1OTA3MTI0NzkzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjI5Nzc4MzAxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc3MSIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzOTA2NiIvPjxwaW5nIGFjdGl2ZT0iMSIgYWQ9IjYzMTMiIHJkPSI2MzEzIiBwaW5nX2ZyZXNobmVzcz0iezhCNDEzNUE3LTY3QUQtNEVEQS1CNjJDLTQ5MjJGNkJGMTdFN30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuMDgiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMxMyIgcGluZ19mcmVzaG5lc3M9Ins4MDdCNThFNy0zMkI1LTQyNDctQjk0Ny1DQjc5RkU5MDNDMkV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
NL 23.62.61.59:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.184:443 www.bing.com tcp
NL 23.62.61.184:443 www.bing.com tcp
NL 23.62.61.139:443 th.bing.com tcp
NL 23.62.61.139:443 th.bing.com tcp
IE 20.190.159.71:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 128.116.119.4:443 locale.roblox.com tcp
GB 128.116.119.4:443 locale.roblox.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
BE 2.17.107.67:443 js.rbxcdn.com tcp
BE 2.17.107.67:443 js.rbxcdn.com tcp
BE 2.17.107.67:443 js.rbxcdn.com tcp
BE 2.17.107.67:443 js.rbxcdn.com tcp
BE 2.17.107.67:443 js.rbxcdn.com tcp
BE 2.17.107.67:443 js.rbxcdn.com tcp
FR 3.162.38.18:443 static.rbxcdn.com tcp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 18.38.162.3.in-addr.arpa udp
US 128.116.99.4:443 roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
BE 23.14.90.88:443 apis.rbxcdn.com tcp
BE 2.17.107.241:443 images.rbxcdn.com tcp
BE 2.17.107.241:443 images.rbxcdn.com tcp
BE 2.17.107.241:443 images.rbxcdn.com tcp
BE 2.17.107.241:443 images.rbxcdn.com tcp
BE 2.17.107.241:443 images.rbxcdn.com tcp
BE 2.17.107.241:443 images.rbxcdn.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 23.73.139.17:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
FR 3.162.38.51:443 static.rbxcdn.com tcp
GB 23.73.139.17:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 aws-ap-east-1b-lms.rbx.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 8.8.8.8:53 aws-us-east-2c-lms.rbx.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
BE 2.17.107.152:443 c0ak.rbxcdn.com tcp
HK 16.163.212.88:443 aws-ap-east-1b-lms.rbx.com tcp
US 18.217.161.32:443 aws-us-east-2c-lms.rbx.com tcp
FR 13.249.9.25:443 c0aws.rbxcdn.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
HK 16.163.212.88:443 aws-ap-east-1b-lms.rbx.com tcp
US 8.8.8.8:53 3.95.116.128.in-addr.arpa udp
DE 3.121.72.41:443 s.ns1p.net tcp
DE 3.121.72.41:443 s.ns1p.net tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 8.8.8.8:53 41.72.121.3.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
US 8.8.8.8:53 t6.rbxcdn.com udp
BE 2.17.107.137:443 t6.rbxcdn.com tcp
US 8.8.8.8:53 t2.rbxcdn.com udp
FR 18.155.129.124:443 t2.rbxcdn.com tcp
FR 18.155.129.124:443 t2.rbxcdn.com tcp
US 8.8.8.8:53 3.32.116.128.in-addr.arpa udp
US 8.8.8.8:53 137.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 b.ns1p.net udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
BE 2.17.107.152:443 c0ak.rbxcdn.com tcp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 js.stripe.com udp
FR 18.164.52.58:443 js.stripe.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 sea1-128-116-115-3.roblox.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 8.8.8.8:53 aws-eu-west-2b-lms.rbx.com udp
US 8.8.8.8:53 aws-ap-northeast-1d-lms.rbx.com udp
US 8.8.8.8:53 aws-us-east-2a-lms.rbx.com udp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 18.132.88.108:443 aws-eu-west-2b-lms.rbx.com tcp
US 3.15.246.202:443 aws-us-east-2a-lms.rbx.com tcp
JP 57.181.105.228:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 8.8.8.8:53 badges.roblox.com udp
JP 57.181.105.228:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 58.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 108.88.132.18.in-addr.arpa udp
US 8.8.8.8:53 202.246.15.3.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.115.116.128.in-addr.arpa udp
US 8.8.8.8:53 228.105.181.57.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.network udp
US 151.101.0.176:443 m.stripe.network tcp
US 54.68.143.41:443 m.stripe.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
NL 23.63.101.171:443 setup.rbxcdn.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:51372 tcp
N/A 127.0.0.1:51376 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:51379 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:51382 tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
FR 3.162.38.113:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 233.69.68.104.in-addr.arpa udp
FR 3.162.38.113:443 setup.rbxcdn.com tcp
FR 3.162.38.113:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 113.38.162.3.in-addr.arpa udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:52052 tcp
N/A 127.0.0.1:52055 tcp
N/A 127.0.0.1:52062 tcp
FR 3.162.38.106:443 setup.rbxcdn.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52166 tcp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 en.help.roblox.com udp
US 104.16.53.111:443 en.help.roblox.com tcp
US 8.8.8.8:53 p20.zdassets.com udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.18.70.113:443 static.zdassets.com tcp
US 104.18.70.113:443 static.zdassets.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 111.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.70.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
US 104.16.53.111:443 roblox.zendesk.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
NL 23.62.61.176:443 c.evidon.com tcp
NL 23.62.61.176:443 c.evidon.com tcp
NL 23.62.61.176:443 c.evidon.com tcp
NL 23.62.61.176:443 c.evidon.com tcp
US 107.22.91.90:443 l.evidon.com tcp
US 107.22.91.90:443 l.evidon.com tcp
US 8.8.8.8:53 176.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 107.22.91.90:443 l.evidon.com tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 107.22.91.90:443 l.evidon.com tcp
US 107.22.91.90:443 l.evidon.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:52683 tcp
N/A 127.0.0.1:52695 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:52706 tcp
FR 3.162.38.106:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.35:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 35.139.73.23.in-addr.arpa udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52815 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52980 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
NL 18.239.94.108:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:52994 tcp
N/A 127.0.0.1:52997 tcp
N/A 127.0.0.1:53002 tcp
US 8.8.8.8:53 108.94.239.18.in-addr.arpa udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
NL 23.63.101.170:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:53322 tcp
N/A 127.0.0.1:53325 tcp
N/A 127.0.0.1:53332 tcp
N/A 127.0.0.1:53427 tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.43:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 43.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
GB 128.116.119.4:443 presence.roblox.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
GB 2.18.66.74:443 tcp
GB 2.18.66.74:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 20.189.173.27:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.177:443 www.bing.com tcp
US 8.8.8.8:53 177.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
NL 23.62.61.161:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 161.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 c17aaf8cebe1af5aa96dbb52b717bdb1
SHA1 e8c11d8c6b1d387c37bde4d3feb072aa3712d127
SHA256 18afdf5c26c2fd10ba027f82e8030b086bf3cea3ba7a04b2b7b885f8d6777fa8
SHA512 dfca2c831523c030ac843bdbfd8bf3659ddaf9211d8f6dd7ed80deac1d2aa445fe4edd84cd4580a7c54b2c0ac7930aec0043c4327fed70ad9974f1579b22b173

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 189f9afb0ddeebccf446c000322a7823
SHA1 0a227d65112dc3bd21b98e439ea7c522d4b38ccc
SHA256 6e6edf5a7a2fd104040c5d52401eaa1568ea6ca02d38c0e2c122e3d903fda062
SHA512 7f81576b50abaf09e934682a5c76da96791a2ea76300416eb7a649d3d5014ef96d38d593ee7b0e7dce807bfdab086a2015fef62e3e7623cf46eee24e85c5e012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f3f6e86c8b7bdc605f5559df800bfd34
SHA1 862d05bfba760ae8adcbb509216dc18ead59a6b2
SHA256 5dfe9be21d4916615025055f1a70151362bdb404b40f074685e39b33ad545a78
SHA512 de576ebf0cbe1c5e7639c42517253796cf4b5770298271ac2e6958404998f2d6b8e3378a535f2f316f4020fd8e60b5cc9c1b6b5171d307ca3215afe8ac47a7c3

\??\pipe\LOCAL\crashpad_4864_PFRYVQQCCFPQBFPN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74176bac4b6d430fcf6bf1212ce9baf7
SHA1 3ad9b5b10213085d68ca2e0d59d0855010b8de3c
SHA256 97f398ee78fb44a8668076c65d8844a7cc5ffca66b1c830cac3a6f6c3b605eee
SHA512 da441364ef3febe08cab004c52561892e7805eb0bd908352c9acce617363d0ce1e731700cd48298c7d5e5fd4cbf7d144e9cf36423061ccb260b25c500c67bffb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 51559bc636a135b82173b4be1264a6d9
SHA1 488764c1d641b7e45f42e5f776e2767bd68d0594
SHA256 b169dbf098d12ab762fcaae3642f8327ad39ac266eea0f988d4419ff513f4186
SHA512 57a5b41dc7c54a30c20d2e3c1112e8783e65c580cb2f8b332a1f2df2d09539d47bbf764b4bd6ce40a20c8cc05b6bcbf15ce839f7d8c9370088df9662012bf9a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abc3e7f76500ca5829bd410a7548fcf3
SHA1 a20e42a654cddd09e4593ee0ec94cd85c9c85933
SHA256 465d3f446e7d1ceb402fde52400f48107ca9bc4afd0987d28c3518ac0b9248e9
SHA512 b6466a88186cdca2021ca9206f8579b7291c751cac9e950ba1e51490719db23b13470e01dcf479b1cf27939317635155577dbc67c4e21933a3562acbaa23f4b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 534dab6516e61d9eb57cfff942c57916
SHA1 9e1fe8d5c6f57e5c96598943276cfe449f27b70a
SHA256 f483af0326b454454e3d32abd92cc9a2d0745205a3b966ba8e3a5ecf4157349b
SHA512 fae0365f86525247a6a7212ad3d93678062998ca9afbcc0c215c4667822d0366b6de448e956c6566256c44a498120fa20918fc0d94e16b7ccc60ee7464941bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0640788050b60dd781aa643dad7033cd
SHA1 f27229cacc232020c2145b4cf29b6143895a41b2
SHA256 8d540b2615dcedf28541b2403529d01094204865bbac65e5dbce51fe6023e7fa
SHA512 fa6b822738aa9f9f71eb9d8370e026a81d18de3d156a3a6699fb3b07ccd9891f259d8763d63966ef1e645ee22479396afc1a970f2644c3039501de983e514ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583479.TMP

MD5 3fc9f27e5af1559b0fc8b12ac2d9ea6d
SHA1 4c547e2f8e9f7908ec0962630bdd9fa09cddf95f
SHA256 dabe3c9b23afcedc4dcd23538b2c14431b6afdcaa82fef34a58626d56bcd4e44
SHA512 1c54b99694e5c9a0c57200fba98c018e539d568ffc07a289b9a712032ca0d515177fedc2d80f073435220682beb313470c122822bc3fab76566467e3d45e4acf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9b8bf13d1009b78dfed61396ef8b10b
SHA1 b9a01ce09bb639ec7b8b21166a8d3ad43d9d7fcd
SHA256 8ace7f418a47245ee76ec8a11add14ffaed8393e9328cdc9e3ef42747121ee35
SHA512 58c896178dd4b8dc6271e49f97043e3fbf23f26351549c0ce0f88babb67f58259ae8c10a77368a3db11c1585be7aa6d58abd06658c718c83b694b843fe5c1612

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e83b9f126b65b901354b5fd860a41a51
SHA1 84136eb47f44503fa5092d5bbfd6bd803de5069a
SHA256 9ef95641554c731b78728f3d6cc9058a6431ff955f88014589bdfdcd5d2272ef
SHA512 a349b4772add575a3e9340d851905e127b21c533827ddd53f3cbe21dfd16f50fc3f2456874625e391be6feccf2c3116c7771232cffcb377ca9143a55195a0736

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8bd488d0079346243924eacdcc56b1b0
SHA1 b0a928081f610cd2d804d5786c23f9388119b607
SHA256 441d3d6a9e02ce94f769f6bd1cac1ddb570a244661de4c141e41ff37ccee94d6
SHA512 c5875e0840deb38d3b71d91885776709d5216f40ecfb8e47fd9d026ded012f24f9f364564f277f5a2e72b960d2385e283bc7377ec1b27f914b3d521a93e740f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1303c463dbe5362b1af92b3329036c6e
SHA1 77647093360f4aafce12bd54ab227d30c7020f37
SHA256 6adced5382796e75bbdaefb8a30662595e82d5c17dda3b0d3591bba215cf71e9
SHA512 0544c10256696f24544d15982a2f4d6ac4e3c96d5701936240d30743c522646622507d7d456ac3838aa05d3bba89d35433185169b9299a32cb8c4404ad0ba390

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb46c43c0c7dcd471db1cafd50b40462
SHA1 9ca7ed309438b21c0eebe926d77d2e9e2d1fea54
SHA256 70e0e1b32ac4f963b6641ddb8010d4da82b8326ab47807a637ce873871f83eb1
SHA512 ec5a343bb903882854244ec1e834dd20dc813e5808a2992d4abbbd1aea98875d1e17676c85e8ca16629f82ad83c8e8abded2af828085c2a4ccb438087fbe0815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1583f081a8effdef01cb14f4dfb7de32
SHA1 bbd11f7938f72405d4db7861ec71493de39db8d7
SHA256 3594bfa8f85eace92ad9bf725080057723e1f1ac332813d88c7b3fe929e84a4a
SHA512 8ee6661b4b0ecb4f8d7b591a80e8916e0a544132d50994ee64cabe9bb615fd6c8fbe22825a3eb2d87f5a8e94dbf7da21c5a2b4c0fb41c1410d72eb415558f547

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 5b431d6f7e2b9ad35ba13b2d16cb21e3
SHA1 db0a9b00ca39f14ee5be3269b8527bdf65ae2fc1
SHA256 63e00add8cd4078903228714758131588a3f1165a916bfc66e1a82076558acd0
SHA512 f27f5b3c9c23adaf50ff44e0b2af4dd121038ed4bd5ebc0b8d63094b4266a151edf94214ce85990d8e545f1f4b8b288539b7d8003979deb24629825f5b966183

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e51dafe414a652360bb13068cb89f30e
SHA1 70cf874ffedbb7dc2422530261193fd6a0b6271c
SHA256 58e87eb01269c20618026620782ab6409efe3fc42607a9d9c380823b661d37e7
SHA512 bc894af738c4270b0293b2b49e897c74e5a8777c90a6f11a158f5c1e8b3dd9179f05a884e3d9768fe1f1b1979f92df9b19e2df5c05cf21d36949e092051f072a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7bb31faa1365e639b288a2e2ed865f7b
SHA1 22bfc2317f439408f2122dab3b62d935b5d26b07
SHA256 44992bd065db8330cf991c3ea59c2cb7c80d5dd5ecc906c74bfdd550f9ab9392
SHA512 76caaa30aef37b1785ecce1cdfe022c312c5a96455160127a9b0c91870d28863185bb9f9b0b1fd3058fb9a1c75710db4eacbd32d68f23a0437d1dc4e84b7e4a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b4461d41263a5a5faf622ff360235a8
SHA1 850dde475a645ae06f2a005ffd59ed2d167c3018
SHA256 30678ece2aed229f5437f03ca203729425f74a74f24fcc217821875edb4e7395
SHA512 89a27399e22acfd27ed5fd17885814b8cfbc43feea47c70bac71ee0d12810224bb1a5b48db509567b79321d9c1853b6843cb3a7fb9dcba80d10f0cddcb316271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 d170269951b86f585f899d21ae50e782
SHA1 e981cf3277587be2e230a211eeb4a64a77aaaf97
SHA256 ca08d2665294fd7036d1c5260dc3c7a280961e4097651ddf2cf950925a1f988f
SHA512 a1769e21b012fb39d9b625ce8d8173d306af510a05c3a377f9d6b7a4894ee53933a191aeda48a7850e7d057ab3d97a49854045f514aa75584da5a5fdaa5d670e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b91f3ab325c0a77ae61f97e434d2a1a7
SHA1 f2629f5fe9a7e35e595fa7d07d63d6eea7e70a9c
SHA256 63401878c9c14c184c3a5edc78a7bcf123493bb0bec9c2c036734e109c731267
SHA512 ed87386314ebe8bc39e7326df5babc79064f9f2c9a31fb13316ce5b9990d951e8193ffe31c95e1ca47d8e7457afb965c3545b56f40ed801e841736e898fd3e5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7538f9928003a3659d40f5618624b351
SHA1 0b9373d8f04852e13bf173a0d0df12314c609a77
SHA256 d97c30e39485ef269b576957d2b991abc4c6c1c836827fb5e75f10b61273ae85
SHA512 112724bf7c2b68168dbe33e625ca2ad2d2959dc9ba41e34057092c547e534802ab73c2d72ffe6776ee1933fda9d8385fea6490454512a7b2fe37da0eac9d9549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35918d98112d17025e3dad25ec5ed836
SHA1 7088e81ca161733b200aaa7e4af1e0a8f23afcb5
SHA256 0b6397b85b64e1edde679b761d720b7866805556792825f1b0ea2d46807b1698
SHA512 a7e59a24b4a48b95f6689719c63a74b4b8c58b10f8dba8660110935e18fda6fed10663a9367b78f20e2ab01757df266adee33950f6e7a705d758a1370facc4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07235c76b7506ebffe08aeead5915495
SHA1 9a5862330d4a2970624bc467c4258da83ca3abd8
SHA256 4304dcf9a9facd7b0cde35d7c090927662872bacbbdaefff0b9edf13e6175fb0
SHA512 d3d7d5eafc72d5cf253b108e6b5358a16f04b9205af980666a6dd99aa6a3d5d4ce3a2ade8cf72aede47dd824fd6b019671adaa7858279b276d2a7c95202b0cab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1a95531642f52b6200c4ebb5bbf5c4e0
SHA1 20a638ef389fd3073eac5949078f5474b935505a
SHA256 b31d702b7096a2f24c81ac74954958e3d8e4415c01f50215f60063baab04ebf3
SHA512 e34c8b76c6d034258f680f87a2d5221f8a1bf907a6df55f5f3a409c1ec69a9d06e663b91a0daf5c71e7f8b6cd131ff38c8670fcf021837d1a1ea01e15656a73b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b7cb6f823aa3250660a5889e757aaef
SHA1 1ca3cb191a881aaffc99406f0ce7ba270709d4e1
SHA256 9c1ce4526f9ba1afdb27c8c103a3b5de7b9c5e9e508cabf7a4bbe4804083ab48
SHA512 3806fd62c36059b007fe548ce10a108aa6a898bc7604c0d3c86953640ba0f01bcd78e193d7e2a3015cc634aa7a5b4f3391ca13eae9a836544052d48389a9c99a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b34f0da41a19ec90a7de9b0b43e5274b
SHA1 7116402f3a066de079e98b744c949b796162bfb8
SHA256 a2a7c870240cd20e3cdf5466aec86d4068039894eab617c9545b5dba2e5dfa8f
SHA512 23e4cf84015abb277070025366cd5275bee3faf0fd2ea0542e9d20722a03341e938157a9ac2578dcf029b895d6d436b2cea167818cb90d967d69c8a728c6c97f

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f98ec040b9198d245c6b2532781b055
SHA1 481d4ba2bd0fe03ee9c5c10deb1558a319cae676
SHA256 7d38f5d92703c50f4ad6682c4cc17fb260f5c587aebdc53c69410a94a0c0fb64
SHA512 a20ff2f545c17743ad1d9b7e975f5e77b302ec210506f18fb5909e1153c35f57c1c1425b94a581f416853cd7b3858fee9a4df288c2a4480c4afd28536763d4ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7be13a015d4070afd83bba43df619c2c
SHA1 7b0a5b8fa68b9fbd7a6cf69e03abadb98e1d67a5
SHA256 aa2c12e62d522fb9f1467fc0353ae327bdcc73d16528572584490a556119e5ee
SHA512 4cfc8ebb4a2f1438d03dc4d517d2f74854539b572a04d868536d7f49a59a8e2e772068c61abfaee105ecf8c693f8fdaf9b028337b222941d23315184f0c5266a

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 9fb66ffa1e1f4dedfd16eb3a8170bafd
SHA1 69b5d57ddda6b97adde820b9ceaddae9c33d53bd
SHA256 7953b28b736795aaa54e6cd5cb591e794e2f770c1045ca2e33af5ff19f480eaa
SHA512 4b141802e7a4cb6bd4a7498d30086a9d83c62d37f2137f4910ca7d3fb7009079d4dc59b95050849cfc720210b0cb44bf588d15c08e3ba830aae19c0a27e8e6d5

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 4f9d28edc0c431adbfcc19d8fa47702f
SHA1 37a6e145fec66acce633199ea7261bf5dd3d855b
SHA256 17e5cfe0cd5e01c1cf679b2fb7da7f3eae6cac2481c41f355c23df375ee0b48d
SHA512 bb7a5f33e2ef384347f8ffa09381aee5609a5b4997a205c972e7d431effa8c89f47e065b41f3acd86c2a395e0fdcd2fa656b57c84c3b94bb2fbde52ed2284dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 823f8801600af74787fee9b7114dc52c
SHA1 b476fa1faa70c098f568e29b5c7dea964e99cbd7
SHA256 c70b2e68f9c3be958687b15cdabcc0628d277ad664922e128580714f685099d3
SHA512 d2e4959ada2394d41799e5256fdf42bdebad6d4ee5def18e87b31da0563dbc11c605ce580ebaa58290d1cc0b8ab1c475fecf46c9de018595c1a0cd5d080c11e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 623d43062e17c96356621545859e3f5a
SHA1 d72bbc806d58ea03b425b6714f0ed9dc9dfddedf
SHA256 0424240dc292b5949c459548145a1f2bf4dddf2f1436e84b62095acd153e28dc
SHA512 b32a06e132de296c4241c754161dd55896df18fd2b7fdc68d5904fc59c36fbc0bd63fefde0128723464708d0856f576fe4e894a11db30f2ab112f39eca8ae46d

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f3b8e82c20c4bb3f94a2d7bcd2a82cd1

MD5 f3b8e82c20c4bb3f94a2d7bcd2a82cd1
SHA1 89618596be7cb90317eaaf2d09b05d522d008260
SHA256 7de6a5a45227b0f21ac7dd50af250e37f20b8bf2d6f4aa53a7f643d77515bd07
SHA512 82f15e37366efd29879add4f50cedbdc27d4eb885e190dd54c8e89787b51d59ccc21473f431292da679c7e8aa7cf2d0ce7219e1503d59a0f356e078f9feece55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 020875ee1d64cf0d66107145bcc07288
SHA1 99338ae09cd7f1c01718c9e2cf90a6fbccefec1d
SHA256 6277e9c3269de86f4705891a023532bdd9ebdeba6d5413fae4ef0d138f52e70a
SHA512 7f1dc08d00c174a18718c8cb91f069e978429623254f5980de61f333432f5b5b969c52d33e1c89c739b22fe6297a5505ebcfa8903c21a1aadb5c41f3cb7d0838

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 fdb8a3e7b6c2f72a7c553a66bfc240ae
SHA1 d8d6316d4fa8eb6aebda1a147198485df9e4f8e1
SHA256 c20cc6598488c60ce2b7f48915e9077c8c8389fdc3cadd58625f6d036efd3e2b
SHA512 b9e7c48aa3491a416929721b5817a376c76fe7bd4566ec39094f8414da0026e188342ad85714b0a7869952b29fc3381ba81d584b0479092c1b8cd8248ab4f1fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3bb6e21819ea21ad97344526b7c0527
SHA1 0c58f42374b1ea67d49a0b3e011e174a38566fff
SHA256 fabb6faa77825d5fb50572170447329489692297e4da8d5cc2b0f321366d7715
SHA512 958f22b32d4302744d7a3f9425e3b144e3f12836bec555bc180ef8d2e156a74ca571d2dfbe52fc639c9bdd8d4c6580edf8848e2a2c1ba2836782eb4796257689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f5d48d3-ba51-4315-b0a6-88c1f7a618cc.tmp

MD5 17cb728fd4d41034586ecfa8f717673b
SHA1 91e0e55adbcd0a0d8cbd89d5084215c31d2aa1d3
SHA256 761b585e06d5705ba0cf67681ae12c8a76a119df3177023f5f11b5afa5ba5a35
SHA512 ed7b4f0460f1962f5aaf0cabbaee662e19647dbc7b978bdd9b11aefa545eb50eb97513ed2116e36c4c030e5c57ee553cf9f8e2c063cb47d1eac17cb7e034599b

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe

MD5 300df46436ba5d076b227c32967ada91
SHA1 de9d47ef0c61fb04b7309875e2f03c8fa37d19f4
SHA256 1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b
SHA512 ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 41d5a25e6c0eca477959628b1af4b3c5
SHA1 b96c6066ca7b87f2de31a972239c0c0278163691
SHA256 475c7240cd21761ee842a7ca80ad68b9ef31ecfe04b82936769341b2894cc4e9
SHA512 de23fe342d31c4e26a646d8564f35366d12904e8c5d34b1e44f87203ef3a0810aacac543e25a7f897cc5107be78bf5f7bf98a2746282cbe5b66a689ca2cf98f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7473f204b79a74245ff78e1a096ae1ba
SHA1 b63c163f38ca7ba2d57bd4639c51092224cb9cf3
SHA256 7efbc88f5c90c465dd6041ad684ee9c61301936a01ee6ad21087e6f62c1f2bb4
SHA512 06890f6abe6be97bdeb8748c46146d35eec506e6a10b1224ec27a8ddcb33a5bd6762e74659344f07d944a447e62b3061bc466456b9c35c089c709e1c97eda6e6

C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe

MD5 31ddc9e1c11a44b88cf96c45b3551ffb
SHA1 811ccb9706f656e29d089e30a2ee1650302394e2
SHA256 46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da
SHA512 67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fef0ff25a811383ce5a91be5fc15d63
SHA1 9deaa632c3ca08d87b2fc29ca2ecf49f011b6c34
SHA256 ae1e9de0595605436d6336ab92b1e94d58adee3741e6d2adbac2e55a29b898d5
SHA512 1142478826f2a61fe2c95625e69df8f720366c8e1760b2162214e44aab3b1647c7977222e11d1c519f2873757f98fea678bd9c2a0794198337e495408a108fd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4a1214d0f2d408221d0fdcc73d1fdcc
SHA1 abf8effe943c61ae5fd4f0545c8b4690c17f8392
SHA256 bf30106642aac2ea643c96e5b206aae92ab0b79c9b65d8391dadb1540a49504b
SHA512 e0f795ab23b524d4bb98d8ed89820bbb936a29637214b441ebf21e4c9b3b5a8eb590911b300dda643c2f49b7352c8f08e755ed868fb563187b459b4f2b6408af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e29bf4fe49ecc63d070d6ffc200d66c
SHA1 926550f96c441395eea2d98b8fd70ec47ebd09c6
SHA256 f62dad52720cce6f901cc2d8d0b7b1d9c4663959ee5561344d498a3914c9db79
SHA512 9207175b3c44efb37e00b7af30b845cb6c51584b3786387ef586a1063a6883558753958e9380da13ce716fc84104d367a3c72bc786904f9be0010dee1e7476f8

memory/2280-1876-0x00007FFB45BA0000-0x00007FFB45BB0000-memory.dmp

memory/2280-1877-0x00007FFB45BA0000-0x00007FFB45BB0000-memory.dmp

memory/2280-1878-0x00007FFB45CC0000-0x00007FFB45CD0000-memory.dmp

memory/2280-1879-0x00007FFB45CC0000-0x00007FFB45CD0000-memory.dmp

memory/2280-1880-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

memory/2280-1881-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

memory/2280-1882-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

memory/2280-1884-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

memory/2280-1885-0x00007FFB45DA0000-0x00007FFB45DA9000-memory.dmp

memory/2280-1883-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

memory/2280-1887-0x00007FFB43D20000-0x00007FFB43D30000-memory.dmp

memory/2280-1888-0x00007FFB43D20000-0x00007FFB43D30000-memory.dmp

memory/2280-1886-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

memory/2280-1890-0x00007FFB43DB0000-0x00007FFB43DC0000-memory.dmp

memory/2280-1889-0x00007FFB43DB0000-0x00007FFB43DC0000-memory.dmp

memory/2280-1892-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp

memory/2280-1894-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp

memory/2280-1891-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp

memory/2280-1895-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp

memory/2280-1893-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp

memory/2280-1896-0x00007FFB43EC0000-0x00007FFB43ECC000-memory.dmp

memory/2280-1898-0x00007FFB43130000-0x00007FFB43140000-memory.dmp

memory/2280-1899-0x00007FFB432A0000-0x00007FFB432B0000-memory.dmp

memory/2280-1897-0x00007FFB43130000-0x00007FFB43140000-memory.dmp

memory/2280-1900-0x00007FFB432A0000-0x00007FFB432B0000-memory.dmp

memory/2280-1901-0x00007FFB43450000-0x00007FFB43460000-memory.dmp

memory/2280-1902-0x00007FFB43450000-0x00007FFB43460000-memory.dmp

memory/2280-1903-0x00007FFB43450000-0x00007FFB43460000-memory.dmp

memory/2280-1904-0x00007FFB43470000-0x00007FFB43480000-memory.dmp

memory/2280-1905-0x00007FFB43470000-0x00007FFB43480000-memory.dmp

memory/2280-1906-0x00007FFB43470000-0x00007FFB43480000-memory.dmp

memory/2280-1907-0x00007FFB43F00000-0x00007FFB43F10000-memory.dmp

memory/2280-1908-0x00007FFB43F00000-0x00007FFB43F10000-memory.dmp

memory/2280-1909-0x00007FFB43F70000-0x00007FFB43F80000-memory.dmp

memory/2280-1910-0x00007FFB43F70000-0x00007FFB43F80000-memory.dmp

memory/2280-1912-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp

memory/2280-1913-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp

memory/2280-1914-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp

memory/2280-1911-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp

memory/2280-1915-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp

memory/2280-1917-0x00007FFB43ED0000-0x00007FFB43EE0000-memory.dmp

memory/2280-1916-0x00007FFB43ED0000-0x00007FFB43EE0000-memory.dmp

memory/2280-1919-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp

memory/2280-1918-0x00007FFB43ED0000-0x00007FFB43EE0000-memory.dmp

memory/2280-1921-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp

memory/2280-1922-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp

memory/2280-1923-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp

memory/2280-1920-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp

memory/2280-1924-0x00007FFB43830000-0x00007FFB43840000-memory.dmp

memory/2280-1925-0x00007FFB43830000-0x00007FFB43840000-memory.dmp

memory/2280-1926-0x00007FFB43940000-0x00007FFB43950000-memory.dmp

memory/2280-1927-0x00007FFB43940000-0x00007FFB43950000-memory.dmp

memory/2280-1929-0x00007FFB43970000-0x00007FFB43990000-memory.dmp

memory/2280-1928-0x00007FFB43970000-0x00007FFB43990000-memory.dmp

memory/2280-1930-0x00007FFB43970000-0x00007FFB43990000-memory.dmp

memory/2280-1931-0x00007FFB43970000-0x00007FFB43990000-memory.dmp

memory/2280-1932-0x00007FFB43970000-0x00007FFB43990000-memory.dmp

memory/2280-1934-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp

memory/2280-1933-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp

memory/2280-1935-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp

memory/2280-1936-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp

memory/2280-1937-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp

memory/2280-1938-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

memory/2280-1939-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

memory/2280-1940-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 95416a613e8a15c1971560b0de9f241e
SHA1 834c68416dee330b80bdbb57da692ee735d01e20
SHA256 7a1fbf461103d6fec0167e1765e2c41e8f4694f0819d711e2acffde7bacb685f
SHA512 c7ebe3a38db62947e05fd244873e7d6c3aa51fb635466134719159bfe0c913056e0b442465e1abd0291a7e054a9e39642c613f2805b8683d26002290721386aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 663e1c01117f5f7a23decd2dd247c1cd
SHA1 6fcf2a8b2627dc4b61cd295cc68954b7785473b0
SHA256 3b4cea3a6f0590b3345aac2a31396d16ecb52c5584118873e77e7039ef07501c
SHA512 d41fe8f624c5637413f43486949e6487294592ca2c3a51e7b90074ac8f7659d56760c9270a58367869ece1516182a9bf4545da30c011c8abc5f02755ca0bc441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4e01890cdc6f7555bf9f8f13b1df7617
SHA1 47ced740e96762548518ee00ce85871933d061dc
SHA256 0a73bd94bf4c0400d344d56604532ef1520f59c8a0f9ca96fcb372d374fe3325
SHA512 219e617ed050f7fdaca4b3873e2b7acbff459ab6fb3d94e1e20dad7b23d49629a29114ff6802eaa7916c51a6eb1f79bca7fa51a6d70c4e135b34039e91825b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6dbb713da3b40b4cdcfaa32eb7859e29
SHA1 76d137f6914699607d40adb0da35edb983a00848
SHA256 bffbbb63eedeaa4ebc67650c34ea0ef5b6b2dae613d10824cea48905fa47ffb1
SHA512 e11667eb961e48f74eb8274bd8091813d78b0a1ee0c3caf3a71ec61db610e69632ca58f077407ac1f5b7090d3c2a1a51d54070eabfc8338ceab75b0a00521f1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cfb512ee7b71eb2b5b242f5b6e0b954
SHA1 8378d98232d0edf805bea3032f0071ff7296a847
SHA256 89b813258d6dc235cbe34971c766757e912da9c241c854a0c3afdad54af170d2
SHA512 34380ccf976a5b6c6264c0e902fb18b812f548ab874ece2344b9924eecfbe90b0308f06b85f673a14507163676d58ec686c43af1f0b42cd1cfa567718942045c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f34a3dc9226f777e80b2f1187aaa413
SHA1 f3324100ebe180daae5b2f15d09fed09179ef7d7
SHA256 d8b6fb1a659ea8d1d50a9c4a2f6a19ca8405a0dc58b97da32e211d8b217c5db3
SHA512 a238efb25b70fde25116d5e9e4addb66dc154d6ba806a53eac25dc2a9386ceeb7895b4cda3e9418b51de4215c676b0e693719c3a8149ed6fac745eb09374f40f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd6622ee58f818cd40fb1407cdb93a29
SHA1 d03481966038ccb7923f2f707128acecde4e3366
SHA256 af1424b5d0aa94003d96d3d8dfd7430ee5c0bb32a48a7a1638c7b043bc27fc95
SHA512 5dfdc6ff0c41b60a94172880715e3fbe45d7849f89fc5b1f944a4eee68244c69be83bff8b5f89b02c18afa26c7fcff74c0e3a202d7346c99262e604d04d88e71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e31566a395e1ef5f0edc3d5279a2f284
SHA1 8213ac124924d71cefc2782dce5d4af28bd73e98
SHA256 6241aabd52b17163baadcd8ca948654a59eb596541f8ce95892d8be62850e52b
SHA512 42b472b2e848b0db1cb7066eb1be64aebc16ba0148cfab37cf58efbce5b2f15ed8050a19aa84f7b5af86ff708733045018530d14a9d89899ce570f604eb88dc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 715e29de6537eba8e3408c7fd0b2fb85
SHA1 05076e546fc0e49aeaead802aff7224c57b51848
SHA256 0b36f2f8fd4df16685353006de07867e2bc7b2340cc5eb8257b37cbbdc9e6ddc
SHA512 f2e02897ec987fd4e078fdec91fb706157d3aa89f16cc07a28dd086d2756ff88e31aadc37bde165b3726628dc7a21a69a1f9f4326c8d6666062ecaef36e6095c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7cc9b7659bcc6c8aa290897be5c71eb
SHA1 88bc3ea815c4fd06ad55b5875f1a5df6d5a80a02
SHA256 098ea41bbe4d405da1d1fae7d028d4cc006e75445dae7c7152c624f726d15d83
SHA512 05e1a60be59a2c459a8b98053f11f4a63c62199435b07a7bfafce7f223736f01f5fbf9785e4fb71daa2e16253a070ea0eae804b43eb9cc9aec734d44fbb467c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3fa4bf95122e0bd324d664f67eb89c7b
SHA1 bf52c6f8e87fcf22719710f1317ae29dab85cae4
SHA256 adc6c0da32b2a924ada44ea51504db452b8b9476360c8b59fa64b3cd9953b0be
SHA512 d301c1d95ab52d37689199123378448bffd56f0d1be8f823dcc0787115e5fc6524164f71efd447b6938e86097ac1e563e30aa7bfb86f202d2ffc0afc0e972068

memory/2612-2196-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d315f958e28abd20c416b9bbb09635b
SHA1 d77e93332cce60d60afe75000286557a7ddeab39
SHA256 99e4fac496289eb0723d8c8d7e2db5a1f6b74d6e4920405270c61febf1f745d6
SHA512 ba0a3034504340518c2fe1601b33867d0684c3e50293a691476ccad50515b586ec8ccb17292b0aaf8fab6b2deb161c3f5771e3e82e02ea17720f5f727e654028

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c804ed42bd21da971013ed0c0b323c5
SHA1 65f2a4a6a34ef512e3c220653c305b2f01c0ae24
SHA256 81ededb4d1f85d647ccfa2eca17323596e4f5c416b4f4052dee3c08a27cfd2be
SHA512 21a0257901cfd81d1b327e57bc13148c447d4c08cc81dfd742de9ac7265f470ba2efb40bdccc983444404c14854a75dc978f4233bb8369c1ee74240bf14004e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4ef3af98b467f2a0284cff1bb5cba7f
SHA1 0390a96351ca357a646b7c40abe029165290dc41
SHA256 01001f24902fc91cc63be8a6348d6e55f61c47806b4125365f0ecdf51c82c71e
SHA512 05cb18c7db4ff3128e1ee0cecc00fbcf12c3af17eb75a5141b60db3087cf1ad031237bc1b59c92fd4187b0e2351b956662b6e5e5067e4244b3427fe939d66f4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f9a34abf23e69dd5d638548ddd6cc68
SHA1 95843fa672bb719f5cf5890bb74b02fd5b10e790
SHA256 dbec12f2708d8f2b7af1911a4cc90ae79688f52cdde54c18e1c75c6f030d8722
SHA512 dbe9d8adebc887bc47629d2666d2d556bfb79218e55d02a2049f468191f15a6e4979086ce31eaaac3aac47263ceaeaa2003de533cbd2f458298b79358dde0d69

memory/3268-2315-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

memory/3268-2336-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2fbb048b70868327268ba6d2c8f86eeb
SHA1 2629e47c2458dc933b75ff6ecc14cfff1d94a58c
SHA256 d3797600ac6db1c7a3940be82fd4fc40a64ee1df84668cbea431335bb1dfb4fb
SHA512 26d92be00bcc0cfe4336cefaa2713411b1bd80fa9ccefef164c9b814cc1405880ac96fb83912db1ae436d68184896c2fb07ea5cba14834684f7f149d6a7b7b26

memory/3268-2423-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18c1f7dba7daf64adf2ce7d568ee8017
SHA1 201ec8532094b4d0097e1f728051f8bf15fa8a55
SHA256 d9ef323140cff1c3bf33be03efddce0c6a5d7ad16e546a11d5b0b2c6e7cca690
SHA512 cc637ebcf4cfdb85a28554f1d2c38ebc7fd853c38a2849a86586c3bb883bc053d2dce620801a39af44b29e96f06efe931bc8888edd9b933a20d70e9cf12b5f47

memory/2664-2433-0x000001D370170000-0x000001D370171000-memory.dmp

memory/1644-2513-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2322eb01a547ec4e825ee8ed5f975858
SHA1 d67adbe6afce0d2caa1441c20a566928d38cfec2
SHA256 f6af73af913e0854b20792b6b33bb77588732873d715892ac94649650b0b20a7
SHA512 47ed522bb17a3778a93088ce482c8d2cfdd64a80023a6025c1be315829ae7e7ff3185af3f4290cfd763bba27166ce48795f877cb72a196f8b9467f736492d7b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a908bf2cb07ab0e7d15936927705ebd8
SHA1 dc1096f1e7e0df0f2bd919ce9c05e9f4d5d3b7a0
SHA256 1e82545eef6f829eb56ed62de8b35b0a1d90ed87af312a4e9424972615520a9e
SHA512 f364bbd47d9b3c38bb4b9149f11f19912684c266db021212079843ca809d1a127bc85b39d046b833dd3de3e15bac778f57999ae09ff552c2a958213be28caea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0449e2c011768ed39c5a70ee4e7c4146
SHA1 2a32908c0b8ee78656c51235e138c4bccb2c76ae
SHA256 a7aace791be6c5bf48aa692f696588c283865e13710d96ded070dc8c7d747a47
SHA512 e71f8932db145b13b78511070fd7aa24f61d03bea64bc2dd8d9ff615e5b409689a92cd2e1e1181cc8da64556070ef6eb033667012d59fe5f0415385ceeeafb54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8335722a1d4976e91647fa0d04f4ca18
SHA1 25d48179714be1610db07c7c1edd8c1aa2b3e800
SHA256 47cd24d21a49f7bec6625c7d044bc8596ab68e383145850848bb187a986dd3d0
SHA512 8e447fe131edaf2e5b6cb3ce5bc5f1561d669069287202dba2aa6bd8ef6b84f5534932e725041f27bc0df6c99738de892a3e4622b2f5ec5272545333725b5ce4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8fbf6196b221d3502fad829da56263b1
SHA1 ea897b83f097f657e0d4a864bb66978f99b1fa63
SHA256 a55c2bc455c92b0a7e3363fb188fa4a12eb7d2e929a4e45d43ada8bba7b4067a
SHA512 ed2cadad92cfc053507fe44bfb49e2c14fe0e157ee9e91619e955b946829fb7d98279d59a2d3e39649e2d0d679188ec1bd91c599951cf607db14414c134497c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 86a81adfab9a3f0c763bb753b871f7e5
SHA1 f85000d7374f12f3574a36cb6618a4a8f886ee4d
SHA256 fbed4da0f2139c4f0dea7f1da1fa0b4ba7dbf10599d1534a918da726e343e612
SHA512 b3ec582fd1a6b1275da156b20ccd013d48ad7672ca4b1a7da9477f8eda33d117f5f5465970a6d1f4b0c0fceb558b191b40265266c5df77ccedf0f2389c4aa38a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0056bf60890b64473da0df083b96cbba
SHA1 df5e7c08fb4a5961dd9f37bed81ca24dd6e4c356
SHA256 949cd6ab511cdbed36ad586ef662169f5ec14a83086ef0de9d1359908bddc8f4
SHA512 b7bc28fa8fde565e746aeaed85f411b9c811c05c64c4dcb14161397584eba1cea5e7e12d1bb0011ae744a6dbc94734578b5aa8a9a65e67e2777510616b0cd1cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b37a82b167a5725856b2d7120a822c9e
SHA1 d6c4825782d706ff95e94144d2e66db115fbd1ec
SHA256 16a9f0a56d8ffa1f25163a79f63eb3713522aafae14fcb84c0994de52490ae41
SHA512 d94d90632ae2f3691ee5512b501838607d0b795cbe89b6030e0df9059844b8166f3054963e0ef59b381b76e2840cccb9c5483ba64d309396814e9b0e4af7c7cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9bd87127a6d809a5116a6dfb427185a2
SHA1 21e6cdee0ce8048a621f886c74dcb14c7b4def16
SHA256 1313d94e86ef0a586f5db3b1873aa728956343713cf170332d2fa3d30b866e3f
SHA512 4da31a253c8646c9caf06e703d9d68ebd044010b8d47ec44573da9fd0f5183ba5e746a796e5b81e2d7758d187ee48e936c1109848a0c5f1e3a6c437971cdb0fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ec67c7bc7296431dcff91b01e6604bc
SHA1 6b244273bc579957ac6280b0bfbb6b59c707e50f
SHA256 8ec382aecb8d18e874fbf0bfd841f4ae6cb5e688d55374057f1dbbf9f023feb5
SHA512 ab12125a3452f12988a6dd76578460dd0fe62975ba69010e458225f4d559cacd75683445d40cc38647b4f25e443824897828b8f05fc0aa7a716558ebd9aed2de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07526145ca693617752c537e0b18e38a
SHA1 3ad7b107c7dc5052c4caaf11a2e20f84d0ba14bc
SHA256 8fb6b8d7ff11089e239dcf8f567a85e70e7ff7a84581894b680ceb72e8de67bf
SHA512 d3b85626dcecfb25d704e444a3b91e3a8f983d2a2689235bd0ff29cc380aafe1473575f1fcaf4b44e18add2bbe129c06195afa53ec3574ed25c6f531820a6a6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1d058ab1b38c6f4ef8f81bfc56eea5b2
SHA1 08bf41b75799adb1db0aa3346b90ddec115f6a56
SHA256 d2831741f94466bb76385d3119d1c1fc791909e5da9de82a44aec9144b1b1219
SHA512 c38a92a28846797e9e6a7df231948d631cd3fa5efe2ff7cb1908296d3912e5e936acedc9a570e5cd154ffd0847c69bc8e371e3d21369ef97ce890a1904bf31cb

memory/908-2812-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 77cc00f083669b8f1da76a830ae2c503
SHA1 9277979b988e83a5357a9c37835f8ee90ce6ad82
SHA256 981bad89b168320e4818491a29593e057e533e00c47fefe55222dff0aa636d56
SHA512 e64091d8a26bbb37cc60a253c72db5a5b7e5c798624c280646d6b699824f2c37fdc9fe9b77aa20199489df369a0d27944978e6fdeb91cf631320a82a42be5a61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1083017a986f6e8b1c7846d2c8d355a
SHA1 eeaa80e39a14ebc2e607d8dbbe5ee9a2ae32b4d6
SHA256 83ca72ddd4ea2bf95e38aea201eb239fcfd2b6222ba91af3edf52d81e310a0a8
SHA512 4cbffbda8e9fa353ae75fc309456ebab4fae933813c46d9e1e277f2d89b1af6f3752ed536c3af56763ac379b0cdc80553a5db74832b752772514c592b128db6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b5f3fefd073cd2ac6e82e5fb39de8cc5
SHA1 9c46bab9e7659422dfb2c742c076c36b7d0a4cef
SHA256 a0cef20708ea47aa9830e0c721ac3487641fa1c6db8f8219bdabadeba5f17716
SHA512 7742300200d14596ec7455bd6ccf593630fa9b61800bd8858f63c75b118dccba16b31f7855e8e03e7ab90280c285252574cd1450b1d76c081ecf0f02a490c13a

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4dbc3a9493b307090a166c09ef2b2703
SHA1 5c2e2b7e2bddba8c9e329c7fa80d96e4b98f520c
SHA256 ef05e42cf2218da9090b2056abec0d12f66f4b87e722ed32d2522870e712c2a9
SHA512 b9d016cb55c72d2ba38bf9b982c945c5e32400ddd0038d90176ef96f67f6501022b4dfac90acecb5cff46782309a8f7758430f09ea0279a57393370ba8891458

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d6beb394a6c81d81c0dd80d6a9b28697
SHA1 2a57033c2bc7fe5ad4c05c4f8767eb767cbd72ac
SHA256 2fad23a69227f5b8b7a65a8ca18e38400c25691bb8a0caba21e8bee2a038e0c7
SHA512 6e711c5f76f2c78336de577b6f51205da38501d41b023af70a3488619dc39ad71265fa34062d526e2afb65b38bcca0ee3227ac0024bb6edd21f9f90d955813b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8084421f68fba6fa9a49ca5fa93c68a
SHA1 94410e5a9a3c9ed3206085d6a0fb05eb9ad3421a
SHA256 acb80ff5e3007d936cf75692514980ebf0f892579349b4fd757486da57d2a60f
SHA512 54e6c2c2e3e6b196023ded07f1a6b7f9a99a940dda56992073a8d9795b0788851ccfaed907f64e980b6108add0f6e430f5827fb60d12cc254eaaac410be8df75

memory/1236-3088-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

memory/1236-3109-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58419f0a1db6d4856bbf6b3e36073101
SHA1 5ff4e2b1598f8342111809679240ec9d6c7b2def
SHA256 3d4e95dfee6c2aff09f4a6dec0ec40c084742f90b98fe1f8a9590879fe705b23
SHA512 7e9dc5eb3bb859070fbb44022ecca5a91657de2af79639e8715e50f47f057006fdaaecca596c206e2ef9be61864eae6f568687292e5b6a597d3dc8467a0e28c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54592ce537113958a79126744db96d29
SHA1 0019958048a6cb956b269dfd358138808bb1aff5
SHA256 6a37fa21d5a95e4bdffb28afe7f0470b5b5225b9373af0e30065c5023f2ef476
SHA512 27c7da2bf60e89e3e472f81ea693ecfcb447b2a4f80f44b8faea4dc6ecffdf84d326224fbddf3f8bc04862ba337e8e880ca1aba3b76505afdd697261df441c45

memory/1236-3186-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

memory/1412-3189-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e181391c4e7c3f4ea1b59e3853ae181e
SHA1 a5005c1b05d673c19dcf31cc49609272f98c67f2
SHA256 2e32efe756e2a42841abeac70f369e4c33f517a3bd959a71b369917841eb95f1
SHA512 87014a12e30fd296e152b040fda25743e22bbff0338e72313610a73230fdd1f0fa8c0aadba08ffac1e9549eb5adcdcf47c648471c8df912dad23d041898cb174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b347924194403c2c15af6a81e9216a2d
SHA1 b45707cd7e373d251ce0370fcd1dfb377f38c207
SHA256 88128a809501d4063c64ef154730a236c65452ef52379b5b4a80545683c6e5d7
SHA512 a6d6c3ca2b4a62468d8c9c0591e3ea437b61788c3cfd33fa8d1bcef403d2e9a1ba955954c32be4a53654bdab1dcd113c6fa88f8f8c3ea42f40ea0e723e998a82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfe33dbf190570b4ea6133158edbb47e
SHA1 b2368d696098b960d930bdd44d4b459a31555abc
SHA256 0426afca87ffb3db7b43a4b0e06ce439422bef0501ce3ad1edf06aae1d292bb2
SHA512 7f18039319b625c6c9b26d7dab8a25054e93e6e3dca5998f17b2e2ce3a6128ab425bfed11cd5156b069aa7bfc01d28f6bb69be3c8233ca706185adb23ddd2df6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5148929eabaeb3eb5ca7bf2efe22f640
SHA1 6cb0e695fa71c7d8e7c70e6f3dc2ce1896b11d6a
SHA256 e51373a56b2bae32c1ae410a1f8b1c90fb2989de1a134d2a2c26e67d66c4c89f
SHA512 654629087a2f16a3e748fe025356c54168f314af42e25ac86973cc7cf9385de51a07c06bd7ad5c21095efd6e01f6715a1f1ef55b172bdfa9d9d1a69ff88b63c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 937c57856c758cdf90325ca63515e26c
SHA1 86147f78770cb705857b98d95d5e1bcffa10f1f9
SHA256 54d076393fe9f85e0fd88cc403c080fb1c81889312eab2a5ce3cee65081b7b63
SHA512 88697017933bc94cd9b1c8aafaaddc1c3b510abda1ab118ec7a603fc990f3a324a075d99765f997c665001d194294c2b66b78e318b69bedb8d6813421f6484e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea52160289892c1ca4b3f555bfa6a9d3
SHA1 4e4acc3cb2afc95c31f2745b58c1e496a554d992
SHA256 7dcc3f03d37d8ab29bd3c6285c0d29445b4cd3d31babaf4d2d4fb1a7383fd33a
SHA512 1afaaa8ddc7b12926b2ede0e0824b53be02f30687e10ab9c39cec97ed420f2edf464c27af9b9dec729974d41f49b3e29a9e5254820eab4758b762984c5b9494a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b076819652eba327c0993efcf746d6c7
SHA1 57f18d00cdfdd2330640c9443864fadbb3ec3126
SHA256 42d3117723d82895e206669d76fecaeeb420693c983d556d1e412e224604d7b5
SHA512 a08c2cf5bfd69cae596ae760c5257508ac97a9c924048acfbcc3c7e4f9a3e3933670acc4c05142fa5e89195e6e9aafd4b469a184679925c31042a1b8a15a1ff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d8499e189e4fc91b608a16adcbb99e3
SHA1 f40f00c2bd199cc28926d96339b50a24c76f40a9
SHA256 353521a54838e000158c164af184c03818338921a9d39077743c929bda6f48e3
SHA512 57d6f9314d2f824c351ba2d675557bf119c657dc749fd78e1bf348e08442265622e2e67d58be45aa814b44a18338669cbcddb7cd0f0ae49d02d951aab3b95946

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f3ec9348314d53aaef8ca41af5417f2d
SHA1 f52a627c422a954ddf6c4021026aa03b3da42258
SHA256 16ab4c231e35943a4135e9730a07f3dcb4f16f71bf2138af44cc0c260637c325
SHA512 7f61fe920340b21c1ac07ec1be2ad1ee6e89a09341bcc1af5a1c7b73e6345826c39ff4acde8bdd885a32febfe6379598c651549263700ae5d4fb6000e3b5dc90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25b6f66fa977f33c0a0c5af7201dae90
SHA1 97f114f9c22c9d6a073056d0f0b2570328bc5da3
SHA256 4ecbc81b2c2717708ff7f7949330ec54b323a55fff0de1369c188441468e388e
SHA512 166dae04a8e771e6147b52db07605d8c5a2b61636ce093c925ab1be712adf57531bd27776de3f101dff94cc93c6f285a2b9d74fe41193f8961c9f61274e972c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b12e44a5ab681feb201539641b7eb2d0
SHA1 a3cd828c8b0a6c3190a7754e8d20cc0644d97abe
SHA256 a1905d4f871115100b54f55265627502fc059b39ef9be3a8e4b4489aac16a717
SHA512 c0f9b9e0d2e676d44505ac0cee3b741692dc6f7f6f7c9e7a7e0fbcb0abe91888b2ab2f47c70faa34bdb79e192a12237f7137d50896949602602077945643bb1a

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\AppSettings.xml

MD5 431a6eb20932ec1c56682a1f60d231d3
SHA1 40bb32db040cabade103c21ba5b6f811dfb0773e
SHA256 d5de39863fe721668ce1e115e0fc55a7c733747daff6235d27dad3d160c84dbb
SHA512 0969b9484bb7c661d4e0452ff1c77396796333904b39f24c56d5a92ac4ed4ebde9b8981a985c6950b4af2852e8d9599e071a51ce4f9ef21ead778a2fdc76fcec

memory/3392-3399-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1324e988e898a8a93520532136b13ebf
SHA1 d9406a6e97d3d6527d6bae2b3aabaf3021c265ad
SHA256 3da375111b3c0d8ba5ab2f73f69661bb53ee070779d3afb4ea85c5548861791b
SHA512 d9c51df9d2ad96eeea9819e42158bbc3dce2b417274cba1eea9d9337fa4928d7fbcd341c9c646fe82a66cfa1e92cbf6051a96b8f9928836a90c1aa2a8afd8b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9784c96c84e505674ba97c4a2b938b8e
SHA1 0d4b07afd6190bd398cf3ee47f5814fbc21e80bc
SHA256 4b51fbec3ee8a875975b3f968f788105ead57ad885f67c2e4ca1eeaa5e0259b2
SHA512 b25aaaed81910b8c93c57ff2a759943bb2bcd50af9038f2a98bedb21f741b780484e9a4ee38f22bd0926d0f1248eb808a3aac58e0cdbdeb060bb95e7ec3b5a0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4faca7a8bd533d7a1a08f0aa2747fe5e
SHA1 4d6c9928c8f86d030b907216a6495ca69c552064
SHA256 dfef553b30692f581b08ce9e6bfca06fe741c02d8d6e3d1964169617dc4bf57b
SHA512 b9df855d5cee95268c64c4b0d3b811a39b3974ba736783ed4513dff7ad51e17caa1eef5f49cf17474f4fcf52f61342cf96efdab348de4862e46cd18c85659c3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 173a0ae0a0f7f5e467a1c498c3cab864
SHA1 724a494fd7a0306c2cdaf0b0acd5cdb4e6f49822
SHA256 1929a800f9942b9ea7a01aa2145006f7a3fe5f0ac6f478494a8c72451fb6a3d2
SHA512 e43e522f977816e4df7885a4498bb75b09ee8262e534d9d1234a6077fe6caeada973f3059ba5eeb4f0534e665dc22b18a0ec885d1a8196cd473a1999aa0ee839

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3eb978657659d789c43f57854bec3ad5
SHA1 bf8f86b53bec87db9947b7734d1b3a9be5469bda
SHA256 b47dd9b409563307b42e25f436f9cceaf5149bfa6f4a102d02f6628e69356ff2
SHA512 a8c7dd527c817d7d857ec3f359dd6ef73acff3c8897ecb704b8b894b21cba6541e9102d49106dc11afc02f98e63b7a498ad0907dc396d2f678e42ce9916fcb0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a332fd141d18f56a4c93c7ad8965519
SHA1 b859f579a492e2b1a1615a721bd8f7a88806f800
SHA256 588f84d3cc118d92bf58116ea0a0d12bc7cde1422d523fa162c69f0c5e36a7ac
SHA512 78e24632e29806ada348d5172d8d5e816b1e593063229a803fe40424e79f8e0c827df0c2282646aaef1e1f306b4c441393dbd514d28a0b226f01d469d2db701c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 68e05f088746d7ec2f4c96cb5c2abff4
SHA1 fbf2d5f617d59b2bca8b34fd8dce8cac1d6d8aa8
SHA256 2ca40391a761c80b08f92a6893569329f52a48506f47fbc321785bc9734084d8
SHA512 1799f06402db71fdcc31adffb78f8287558a659424593830f411c6b5a6a4a24c6e61c25e9ed458832bbca3ccca494266296cdea30534c73c85e1298fcd0ca9b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca8788204778cd5b15038e224f7bde5b
SHA1 e1e5ed11b8e7333aa46e64ce63e81f9e926eb054
SHA256 50a4588b1b5f9c0f729fb4d935890e36724d829000048ab67d26879b6fed84f8
SHA512 19c37279079c5e2b5463d3db69ac09d5d256e5a7265ef285f651b3ed8e341e3ba11e859aab8a581d04498ac01f24d86dfb14220a38b8181ba38ec70556db9511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4663325fee0848985e8bf664830f1f76
SHA1 84a4004b864b4ca232316f49d0b98579a54bab5b
SHA256 34d8e4f102ee5fd9237d67b6412c3c342eb44f9500bd8ea0782486584e71d311
SHA512 e5241b33f852b25353a380f211c6f268a88eacb89dfd8dc0b607b14f5b184297fb61071b2ac85cf8fcdf7a1849e488f64b93778a1157997ce03adf939059d903

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d769d118b088f68ee58e875d3fb3bfb7
SHA1 3fdd4a306869644b706036619e7696d02fb291f6
SHA256 9502702c1db34369a5c9a4a9ce8bd02c12ee2fcffa0bc9141e8fdab205ee0d38
SHA512 dcb3f08cd2c64f009a69a0bfb524cec422018c58601d69c08967520571b7b85696f2def7cf0fb8c5cef73d2baae060dc56e71c435362e5ddcd401e6126e0d340

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c5c399c14a4d211d60f13be02d773b2
SHA1 a195da257b45b78e697bca5835a0e2cdc42ed80d
SHA256 1bb69a714d12c922b68d5f12bf14385e8b64feb0deb71a5be5fb86525a2dbada
SHA512 22a8cd881fbf46ad29989650a2c1ee06d7e8c21b4296079d1bd5b759b56e0b54cc97dfa13eb242a68807ff8ffb5eecf29ebae60067aa08cb9e398e6ab24e4b04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26cf2dac67c045f2663c3793911ec094
SHA1 127576c1d208c087d77c6c9f5a5ace2f25dbdb2c
SHA256 a151ccdc62f872b3959810656e3a81490d26cec71734fab1af35016763e084f4
SHA512 ae96f832ce504c600c728da0bc74dca90cad99d38cb18b7b529f9b5a74809c41c494d3812fd9744694580c66baacc6b0913941af0189b8c0ef5e8bf9c6ad9d77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce41ddfe-1c06-4c96-9cee-530488d3551b.tmp

MD5 1c26e09a2977228113c325ce26ee8e4a
SHA1 e22fdab224cfbe31199ecebcde3c7b176505ff96
SHA256 3915500261f6e4abbee787db03277163f1766cfd424cf4a497a8f1a1769088ff
SHA512 aad7015fdd8e5acc02d7ef0e2c0896fb4d7cb02e010c208fb06b30a3266e63dd3fbe22a61c465f010447ae5ac2bbdbe3e8658b7144825d8f45a415ae6e6e297e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9875fbdd91616544b4fe997793dededb
SHA1 28c9a4a6629b172ae4aa2b345e57a115c10252a9
SHA256 cccbb95bda84e2d0c56ee7f3077888cd7cd6f3ed493d8dac29775ef8134e5e84
SHA512 e419ccbdd650bdc4fd56606405078c1cd6f314951e5f208a9ee487ee43a3aad3b4b0bbb087f73e01a6efc8d9e30d6515bd6477506c02bbc6dd74105d7d8683c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff56404628ce36a332e8a01f0337628c
SHA1 6b9b82764ad2af253cdd61fa3abfb8947bb390e3
SHA256 300b4bb6fbfbf519fe3225511c4f5175a1c4c5d03ed2df03c206877f6a4db8e7
SHA512 99cb4e6d5403c458417fa8537e59c947563404a996c2081d307a215d003616ce0975e9d39b3dd5b8462bae62ff4eecb911a41a02ae13b8cee37a3fc2715c0aca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e746c8fe6337c3ec819707aa0f7990c
SHA1 b3a9a69d0c0aa7bc7da6688abbe59e21bb446ab0
SHA256 d0c2e1330f50301fbbb8da0619452268d2263cf785ee6340c7cd2e0fc552e67d
SHA512 a39ffdbde1a0d8c5ddcfbdc4779689ea9080237b28f64a6ef35d6d319577e197a2a75b12a97c54e9c74d50a8b94eeed607db44ff89346ecd3fb56d211466fc48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 851811e418c17a48995f69a6a84f6b07
SHA1 cca8439e744cf0830212d4a2d8eb71fa9fe1b9e2
SHA256 b19e8dcf47593e2525ef415147358f77f9ceb24134f3783e256b45a3d68f44a7
SHA512 f174ff140de4b57790eab9f3cdc3ce1902e212d59478af4320a25a061b853a136ed447edf55f7b15388c0a2186f1b303d78059dd8aaa55e2c569422998972e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d10b1f3fd5d96ecc7d3836871e822978
SHA1 5284eacbc0ccb40059334fbf19e38cb312789b02
SHA256 22deb0d80bc5731f6a9f28ab3fc954286cf2d953c530aa44aac99d5a9fb04e4e
SHA512 df6034154f50045e96c1e16ba78da347b3b01b5af3701412be4e844ce496a1cfa527702d333e91b57455a74988c0be1cf35c08047d1afeae2a895c6b71e009c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7289b7a5b747ccbb1379f133e2753bd5
SHA1 aa0bc9647b4d0a2a7b1792d1ab73e63e97363e8a
SHA256 31b36393a5e301e2d4c5fb36cf294b4fa5dc80366453d5014810ed10403fd9c5
SHA512 c736a4f5286d839f9ec741c9863ea63e382a22518f7d1de8c95d786b1d561b69774b682ff98dd007287924d20eebabd2fbb6cd057a0f9b51f6b7303c5658925f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98d9e54ca5638ac955e4a9b839c9f0ca
SHA1 81ecb18ac0e3c33165adc75dbd381625048b2a53
SHA256 98173bd8cc5f87fe4e18e8ac628e2a7548404c71c0c72e71838431c6313ecce7
SHA512 f93e6f961ac70ce0a30685576830d463fc1c649a2aae9724b1c8ab967252374f05951ddb09fcb1e33ff458b129fd9c57efe3094cd380f00cab845695a3294c66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d442a380b409a7c0ba609536888d9e40
SHA1 14fe122784725c61ea13f578ffac45c4268ab7bd
SHA256 9a503c9e4b645845b0bc0672e3aaca7c1b25c367fe3f19910a150eea51af1de2
SHA512 5ec2ac586c3c21ad476e24ba48c82743e7ee04da41bc9f33fd78512c5af8c141e881792b631dfc9c8dc5f75604d0865c256fd37b94e4a30e21c0f9fbb4877caa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3afddbcf9b7dfb64071bcda99b8e1256
SHA1 c5acb6460a7d5d83fa5a9f92fcfc41aebafa464a
SHA256 d5c7d2000375bf5c795420181291e1592b62208bbcdc11ae11a221e1c56ef960
SHA512 5c1ba21253b12a260421422efb5a95136412d6a8a92203dd8e238c502c28bdb9e324e0a97c054762baff15b5f397b5158ff60f4ebb510e20b6b303f80ef44e0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d11b011966a23d6be0de5ea292004947
SHA1 fe0086629f09a74d4c4fdbe5cf3dc76807c02895
SHA256 694f75d20faf46d47f39bfc57e323ee86370b7fc2b86becf6ef473c5ec904229
SHA512 acd44af5f29864884718132ff0f22bc85f5b11bf5b591444b2178c28e4fc2d041fa551f7b0c33aea2be495bb7eeb4a1dec071cc31a57eb33d6bd3ecc1aa8a593

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42a1e29d850f0cb1046d9f491be7ad14
SHA1 941611b07e625d5c64a48cfd1aa9acde9c3d7389
SHA256 560030902e288a922502e5e321d758b480a2ab5564503b91333578bf6bc13a7b
SHA512 a9d187c5dd24ba6fbc95a58cce9278d1eb0304da2422464e647e70c9bb444ee6c57fa8ffe4199bfb002b6c5308127717040644011a1e01b6a3b5f682ddbc5a89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15ae16c375b81069a16aad80ff60c123
SHA1 8e85da76e3a512b4d7aa5b3ffb37e2c2da988045
SHA256 6367b6ca9cc888a13ef5b21e6c384e11045e949bdee2cd08b05f2657d60c10c8
SHA512 f4ae0d27fbb7b322aa99796a5cf01bc684ee78af3c93471a62a5f82936739d70fa885e9331290a7950b0190cffe17bc5b293f2ce743cdadd60befa857ebc18d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f73e09a56704b50ec34eed3a24a79057
SHA1 2beacbfa505a0fe84d5ebea28c7c4763b367590d
SHA256 d3547fddfc439df7fe1056b16e230840468d23f3a2cbdcd8bbe0dbd98bc1afec
SHA512 4fc9d19ea42ce1a7b2d8dfd087bf18685067a047d7368ee1ad0e549288cc2087d7447f249e4f7f4cf6419d0b4c68df88f4342bf8e6069ddff38af638faa6acee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27e05183029fa4d638c5c2b7b43a8403
SHA1 868aeeaabea522ed011448202a1fc068d5117891
SHA256 bc80945dee30f8b7d4065f65991040b056befd51665424b8b8316eced88c2a13
SHA512 87f4f65db923f0bf7bb4c978c8df520bfa77c9d7af4516f519dd844a0242a4258a7573929a171c0f61fb155c15547f625a81b25e0b082ee81119c5f3bfedf300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 033a0113a57681b2eb100d92c85c46de
SHA1 a4c26d641cfaabd2d3d68aaffb490c8d2705a16c
SHA256 4b859303ce3d864da9063db262b951ce675ba68b5a559bde1f45c0dbb31f11d5
SHA512 6f85220c7e8516875c40182c81817779b5c172ec6a79228f73603e0b5062025e4c9efde4476d091da137a4bc3d39d1dc60b895fdf0e3dd45df4e4e69535e2608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f0bda4a9f8d9780d1d772d44af8b3e7
SHA1 fc1aee2f90e2b6e37139cdb0551c0e468da0a2a8
SHA256 a7847213b164d774fd0e383fc04e779b8b0d81cc92293068e993adefcf69b346
SHA512 a2337790e3e20af095fad211d6a845c932296236aa9f1af9eddbdd6de30840c02a39760af594dbfcf07fbeb9a6049257abe88543d1ebf7411265b29e4dddd84a

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe

MD5 09fc5490d32c867927e960f673911ebf
SHA1 2ecbee3518fb701959d2539a88892391250dc010
SHA256 9014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6
SHA512 cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58c2606d5ff68302b61f970e5e1ce4d0
SHA1 06aa712a4e487788ef04b3cd97463db3261dcd3b
SHA256 225609eed03976f6412ee9c741502a7b112e584911570f0fee05c4b64ab67bdc
SHA512 df69175c278f437d2ae294fbb759cd0d95cec4c22d2db26a19e8abd03a05d666e79b7467db10ca1c22343edec8b4df01d209e460df3cd72490f3015a7c129afc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9e0f0e0ed01f9821939543618013920
SHA1 a0a4259035ef74ac4c5156f03e640ba452a344f3
SHA256 2ba28677336e9c497c1a548f71fdb9c7f0f3cb182e836b9f0528e0760d96e83f
SHA512 2dd6925b10f9a8dad2b9d368a5dfdf7067ffccd9bc61ab9ac4922c5b3e164f0008b9793df1817c0db3af0f4bf3c2510a021c88fc5cfc26880b26cb41e45496d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f604a1b0d36b47851b01f2eced4789d8
SHA1 48fad7e189a1d49e45fe3fa3e7035c81675bd434
SHA256 dbe3b914d9b89e9e22ea9190c1ed8f33515aababb452d2e13d0afe52cf62044a
SHA512 da3e55483f2d286b8ce31e1d93c621ba9ae625273e8f6386d1fb6b68feb8524c9312dd70711b416e653b008307650b519c0ecdf3c177f3c6fcf96f6cda32910b

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\SETUP.EX_

MD5 2415cb112f130a1382726afa58a0933e
SHA1 74ac041e6dc607e476dfeaff2d2bbf2b5c004b5c
SHA256 85679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179
SHA512 a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 95e259f596721c71763887c85d815c97
SHA1 55f02282de937bff3b8b3a45d5e8034ffe1a3399
SHA256 9b38bef251513b795db72bcdae896a14c47eab7fa0a03f5ca17959c84688c123
SHA512 a788fd84395360920f0425139b65d074f31c0e0dfe3c1fe4a497a9236ac41b34f8a8f86ffd101b61d0bf46546f2fa312fc7c1ce92e5cda42064efa0ed1fe05d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dada3fe652cf4a1d33359672fb39239d
SHA1 0282f628f12a787d32a19d92cac8ea2dabc355dc
SHA256 ac0935ce12ca85d520d193506a70d9fec71b51fa7a66250ce91ce47957390ea0
SHA512 73e35d2a0303f185027004896cffef545d429212b4ae6ba5038265ef7466e762a94ccf313a284d7949b826d532430295cecd103a94393826dbfdb901b109e276

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16c024f02ee8e88cf33a7f35f7ab06dc
SHA1 5a30924f406be6683f2e0a89ef0baea879cbc8bb
SHA256 091693061ddd27cdd162aa48391fef0ec5da012b1f79c60646b95836154f4261
SHA512 0a93b70a2a06eb81648c6bcfcc4d27754be9bcf87e28ea6b7c4dcc339ca50d32121847679d2b11e5d9d6719ca055843bb69d2d1a59edf1fc0a47cc0cb608d09f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e4b4aea63a21c8f87e0fb64b73eef21
SHA1 1957f38ba4187205af7e53489f5ef6db2915f5ae
SHA256 7c06f1a5c2cb996959a22817900e596b659256e50929f5197c95a33b28d33c9f
SHA512 2a1517d02d302c9008b437b87149ee5aafecf8d3580f1e47a0eeedb0cb83da9a7b6a8a61bfe38d80892f2c95a4101f0607e5aa9466aae9646db840c0b02286a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bff6c54c8fbe028c2efbe655899d4e2e
SHA1 3747fa4ae04de5673e299bc3d5cd05cd41535e40
SHA256 41b25962d5d183f8f3676e9ea7a66f410bddb9ebc1ee90eda9c9a69e7880909a
SHA512 4206112075158c5092f10022baa670dc657bfb55972e1ccaeabcb4d61135cc5f86274595a710dbb8e1c8f1ac169775021a26fa9631daef5d9c53ade4d446c4a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d30dd4b1318f3ee3b50d128362ff4924
SHA1 198793522c84744d31cb34ab769920b428f200d9
SHA256 84d39b5ebe72d0c382c7ffcaf19a88118e72fbddea0f81a5c3fec41e78550008
SHA512 4c5de57f5a937b9e52e9220e4043e01d5a467dbed74f3a8b35cc2876533c42a92d0779f0f2a6fc654a87bc595ace2319f99a24e20ffc49bf9fac2bcbedeee564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7843673cdc3a78abbda3494c015bc1d7
SHA1 fa41425ca5dcec33ee80445cf028169ab4754e04
SHA256 75228c20c33b2089edfb9c54dc82983da533fd319ff929b9b1c2a6ba4a9c94cc
SHA512 6a92d9df3eba4406930e8f26a425c7987a450f07f8f3f8a41a2efcaaf7c7ce877604e4589a4c2a3f7d3c9a1de74339abad25a8c3459a374909252280140eb171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad611a9e139db63f5d2fac96cd39dead
SHA1 51f6a99d5773379c8f99eb9cc07465390993e9ff
SHA256 21bc1093031e5e5e0eab2594cb4642ba0a1147f02b7c4733b72dedba68babc1b
SHA512 fba6c2f47ccd383c074b04df84bfb82357bcaa79e44cb1a06d19d5691d6daacf10ce8a2320156d0883d2b13f65255c189a2b846c5443a1f1baaeb98b46346862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b78e7d5680b5844cf75512acf65f8b3
SHA1 2f4a2eb8e3f865b1d4497865d72a007b0b87201b
SHA256 34881d14c4675979a2cd286e6191108defe5ad53aa3a11fa902baf0647b33f1a
SHA512 a7a23ace28e18db5892f0c238d3c2d7f3f8e217ebe58e3badd45b976daef6ec2d37a438befd38fbb2b44b2c368d6a33d83ba041a6b6f29ef577231d709d8d8a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9979828dc5d6519e6e29b921b59ac7e5
SHA1 2c8eb2022aee8b42e226345788d52b2cb38e2a9f
SHA256 92c0c3ddb4b81ca0171259556c1403ba8f9cbbdca6893cf6f9d3e0f395567ff1
SHA512 7473cdb5f100722ada611a33f266208327646cc218026bc7c17548af119a5a21ca7d91abc9739c08821bb58fe10c2d570d4be3fbd92101e132d546656f3e6159

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a04167ae65ef311dadb331eeb162de2
SHA1 549fdf617ce860507833dd827786744ba722bdf8
SHA256 2ef899a7d0c881f9f1e212c7451fdd1e37f09943546c33818b8cd189e38d2478
SHA512 58f7c5281689e6fcc78eb693d11f9fce715ddf92ec365b2ddb6049216e70dac3bd1d5b806715decfb8a31aa18479344ffb51808fde4aecd6ab0090a5e4672b45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 169c702b36d46119319bb837a4b77ce6
SHA1 79b75b0e2dbe1c0136769d84a993eb656c3ec92f
SHA256 1173f6666293a7aaf637af5c218d0f2dfd6187d73f9de242dbb482ae8a389a79
SHA512 418c5afb496960342a152f819f697b18a246311786bcc019b74f020b43bb1b31e38898cdc82d72c2f19c0442c44c0b42c4d48c8b40c2b6cb1f68d8ee93a1ba12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c40ad487b7b5c32df8177874416fd0fa
SHA1 3112d7ee0494942ff8bd9cfa2b6401c8dceb5f73
SHA256 f2ba9c38d8acbcd8bb2880adabbc5c4afc96c162fa770f2cd5635a24aff76436
SHA512 961ebe4954ab6b09f22498f0a5275913cd44fc2f406ee9d03743a8648e58391b6ba44ea9cd448388a8a02bf5a7584ff0be6886dfc4295cc114102254eb88652b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c021b4b83935539bf55a6fc3cb635c6d
SHA1 d91e17635e7d63856d31af5f8afbcbd8638e234e
SHA256 7a7b3197d26051f1136a5b0ab3e196539266eb32f33ab50eed30e8c58567c108
SHA512 8d2cafedcc035b210101c092431610061c75e5cedac4a890c790008e96194e5a45f0adf58bbd435d08635f43837e8bcf040184e535e41ee172e1dc406cecae6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b607164cd6805904cec50734fe999ea
SHA1 f855987353badd95379e6c62b386f4514df3d1f3
SHA256 de7a30a36d77cb586bcc9927605eb3a04452d4044229050d23ff26a7bcb32c77
SHA512 b4e628bdbece86d7d6e62ecf58cc4dcfc13393b72e65f28a5a55bde800a34f4b1950def45efe511fb1aa80fd35ddeb6f4a95a309525e5375ea890075bae7536d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e8f0ce5372b5f21ddfac4757910c86a
SHA1 a809c577537f50d23dc60ce42e1f486ce9b495a6
SHA256 ba360812af3604bfde0c03c4aa370caab728a6f9fb862f991cef8d11e7633715
SHA512 328d2b0d4de3e146e2e38ab15e63b70d7b917e7ed9e70917c9e9c803fea8b882e2a5769d428de703973f0ddb672e87d5b541034cd42bc4c3d36c8d492b813174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6afa9cda49b70e66152dd5f4c77f9e58
SHA1 4b93ab3a9c5f47f66d20264d6f36dc8dfe25ac91
SHA256 2a83e6adc79ed3d2ca940ae3291858b93d5afea4cd9bbd027b7232b737ef1e88
SHA512 a40c4c9e5f3964a8e9c877c4f5fde67bdcfbf3c139538d002d5b55b64020befc97397ddd3f7a532c1105f8130228280b498548e10ba40e2e069373c4cb793e75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1586f451f4072732b999a54fb2f9d6d8
SHA1 1399a1890e38beeec9efc5887cacb5f5684dca2f
SHA256 204bc603d8f8fbc60657bac301bf119bb922df8a0b73b2f8efcaa9a0a3fa91a0
SHA512 562e31cb33cb8f0a0bdb37aa5b75ed120a512cbbcb0c25daea92baed4cee2539e2cc3033000289dc37309f36ffe90d9b094988e8237b93a054086404aa447c04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b17e0c5ee3c1e9382203e9fd915f8775
SHA1 ef514b6f104a6c9892bb265622c5da5ca50494f2
SHA256 29809e489e890d48c53b19a27064d53cf88d7b52b9a8bf1a93f7e1d7de504f83
SHA512 29ce5c9dc8c818fc6b6f9e6b4fbae3a4de9eba738e4178c98928a948e7d7bb9bc8184778276db7d41953aaa4cc45f681dc4e3f9635d8a353637060e5bf2ad437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7474785b19fb683d8723e00e0a9e5504
SHA1 6ad6fa012e5c7d96c55186cab222401bb8d20ac9
SHA256 a495356e8a49447af8e666e0d535b70507f3e384ac6cf6155a3d0476e8e72e6e
SHA512 476aecffa69e00846d1f16028a6f1f1a7343e90d7c3a5737dae1f74936338509f448794fa17d5fbf39a7619ff025ccaded66e00c97a2b5d941611711ad17e224

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7cc9658532ad03d1aa734c1b58ba82ae
SHA1 b2916288f52b8ab50844aaf405c16d7745b1bbe7
SHA256 53d4ea64cab08198b9c4a007f83d177a915090caa668b97ea7d1f817df3a07ba
SHA512 3d0ae85746df3e58c9452563493fab99c19cd13405ff61adfe5b1385d43f45365769a334e7f59fde8a17aae961ba92a967970114eade0d5325cd03f87e88730e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38df3a784a333faaeb2393d45621a078
SHA1 d761269a0c4ff9545ba1853c75a69037d48d0b25
SHA256 14f180d15d9db1e599f2b57f489b919d3c36d54c0d34734c2fd38d77b1671255
SHA512 5c199b778b6ce70adbe2e53f6b1ab14b7c525c0b18392e1cdf1d828dcc6a4828ec574ca846e0a76b1946f8b5f7148186c75430e0e4ef4a971b5f7208485d570d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b48838c1a25c595a91e5935c284f0f30
SHA1 5f455dad28d87eac29f4de4f10d13e06930571a2
SHA256 9f92ed9acb3d665d55afcd48498398ea98ea37bb198540fec568637b15a2d055
SHA512 f7ddea97e2005cc3efaca14ae2411cb5d3707fea0e6cef60aedf412686896215df29edd0a92961f76d3225a662ed042355dff5c83d5f8384f61c8c87dccfa9d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b484b6985bde6764c971939a4446880
SHA1 f568f8a8c0b41791267e75506dfd14545c13bbd2
SHA256 750968b392a49ac698220cdb2a0240c39fda7640633615a11c2a33045537fb0e
SHA512 0b21372ee4b5508e0d540ff754988fd00ed10aa5d73f217859b87ffc871e76e5d6c78fa716f12d47e96b26dc7ca09786e5c30d797b8b94f9b0905ff1111b6366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14436d31e9456a8bba52aabc1697431c
SHA1 812c1bc0b8f74d6d295138907d6b794247f00be3
SHA256 a288fd3021e40a385a571c25291e69114176685775937a4e135f30666dd16165
SHA512 2c00131aae51d90df0e5d69623be62e1129a464b459dde98b905765bd3f97c3d4dcbec7387338725c88ba8d8bdea4314216ffc86e743a0ae8ab51d30e604feee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f74e1aa203dd5cacb2b73540b4e75870
SHA1 d7e56ef8c5b7d83a3a5506a4e8f6850d36d25849
SHA256 6fc6f40e7bf2d72037e83ae7a9610638da5a453f8ca7bda42cde95603013e74f
SHA512 bcbaf1160fccb60e34eba9b5bc572d4556c44ea8a9ec222d79aa4d071e1a24fd75ee91712a06c55b9d5f22af77d7d527c01d0230e456789f899d5a5f6b603ae6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b00ef430d182f17eca24dfc9c2fee3a
SHA1 208cf776979ddb101778d35ba0a85e6ffa0f72f7
SHA256 0997da5cd0c1f0f754640d8d748813e8b558d6491c48086d2d00580680f74ddf
SHA512 9ed09431a0f50218140238bf120c2d6915086767b1112b6e15e90b237ae12944b446955d926d41c1054d782b5741f1f680347f6e497a0b9a10469b2b40bb9d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7ecb18d99d96180d346dea643ba9053
SHA1 33311a7debbe7c1e2ab39f80accde531d94fe349
SHA256 a956c693a3bd6370d740556ad7aa3efef9469dc42e172d9aff53f1dc273bd1a7
SHA512 ec5d34b03036f7d9ea0d82822737a12cdb34aaa8624aeb2d4dc53a8a696643f9f50569e5051e590b127956531b490063b59ba8d49f01650929a1a6548f9f6feb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 691934c3c4d4ba148ab86bf17c2a3193
SHA1 bc2e4f7688d914e6b83a06f85b53b023af18259f
SHA256 a987b2ea4b34a4f736c517355c6ac98600955b675c09fc6b0592c52be7fbad36
SHA512 a465ce6d789dc8c3a9090680df0d7e5a896653aab1487021e45ebef0597b451271d025ce4f76a823c3339704af8e87948e4f31038c87546a304ec56dccf5e797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e89ce11082a1f73c5c16ee493b79e46
SHA1 5187daf6153719538e4f8549a2d5344eed295b83
SHA256 44289cd4060507cd8004c53b7fab8e12fc5cc3eb08d2a0757eafba7c2b25c977
SHA512 3e7c8872064970ca5e01788a43dd81da00643dd7a33efa18996fee00f6eed21799b4af7800c9354c5c33e919be4a3884d4f4a0e473b646a6fedb850ae56e8c35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26302a997901abc2858c8d03766edb85
SHA1 83c9874ba18fc90fc22edb7a3f5413a8c7e46889
SHA256 1d662f28a47d9e790196e0e90f1d09cd15355f04db32cdd82fb71708ba9e8cb7
SHA512 a5cd41ef53f5135fe4038067182378eef47249f34807268919e5838fb3f1dac34cdeaf0b25874cb34f70de31ed27f45d29d53b6d7ef7c6a1e93855de9f4a78f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22276426-fcce-4a68-a215-d42a08e0dec0.tmp

MD5 d58a843aa86a5d5589fa8353ce203caf
SHA1 fc9423817f23b4af1ba23fd5302cca7877814b70
SHA256 202b8e952dfef3e44dd7f2032a4f4e9e7bfa8b77dc54f32ebf74d9fa06a76852
SHA512 3828e82ed29634fffe0fe90403b605b60c3fc39fe41149cf49029420547708803d196f9aea341d05fcd5859b79812e9e8eb39c168d50f9c771553eb85ac94a5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 971eab5ac1abae1243a2a7a0f393cb6c
SHA1 b5b1ae7db56ba20bfcc4bf598049284056203a7b
SHA256 9db2414741d4ca4cc215de68d96484638e9616705311582f829107d34966bfd3
SHA512 44498401b1b4790eca6179662954fbcd1fc1baab72189133fb30769b5b55498ef7c3fd8ebc1d5693d2d78117ca20b2eef3bbc3b9706a55862df93701d618f324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03c3b5017335267938649793145644d7
SHA1 5ba1c501cccf4b8372e467026bfa8fae968d09d9
SHA256 b7241f5cde70f353706ccea2f23a9cb6710fca2ed7863a738f874957271b9bba
SHA512 41bca10646fa5d85613b8742ae9a3a827d936db4cfe219535bff4a93251370bfc242da9408f2d06fb36901fefa9273bbf2e9154769c95ed59c82c39d66d3d97f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3416ff99ab388b0f95215eca684c94f5
SHA1 04739abcf01f6cdebf81946c82bd23dc98dea9b7
SHA256 50ea2560cfe0cfe9d8c6ed64a76b086513e9dbb99f723e9f6e0e8d5d58d52c50
SHA512 58276d40351c6fe15386b2ac19b6ba2c5e7e0b50d73160b61f3346317a757409a6ef205654f447dcb7281718534f26c654f9bfe7d46cd5129bf0905e7646854e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74efd833a46c5bff163a825bb13dc0a0
SHA1 a0c27083847d08a247cc415669decf1cfd8e3dc4
SHA256 ea5e69cb03e4192af7de3bca4b1ebc221716ccaa706db6ffc617ab4ab0726709
SHA512 222ad57c5a894cc92b25ab04d3791c97777bea669504be228aeeeef47cdc436cba6ca09a8de6badf14c38f695634625042c07df3a807bd48f484bfed032d2b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 34a100619d3c3f03a5df276376ddf529
SHA1 57c45015cc79f8a84bca37e9ba71500599698b56
SHA256 19166c8b07e928a146f0f28ae698c06ae337653539881b92909839f1113200d6
SHA512 a1b4018eb761a19e4f60a19fbdee68ac5ee46ce7fc5dc893994faa35f3d58b9e8d01b2361f294a8ee33a793f1cdb92f60a8123a35fe239c1d945abed5466bb8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f29612e6b44ec2a4e8fbb29763a4b66
SHA1 c14dad0f04ef13535b854125f1e4aaf5a5027b4c
SHA256 b313d864557392b7b10c598dca2074c91f5a6c6345943115f762d71fb1f6fd9e
SHA512 b8d7e3b98fc2e13384a6f1e6d031502a93d4b8ddc19ac53443fc184bb657cf0fd66179f637d406d4bf15eee1eab60ea017aa3d82fbaac1dc32c4cf9200d87974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a66762d2ade8dd67599aa0763181924e
SHA1 ccf40f3fb4df9de842527dee7e087b4915456574
SHA256 4835851356ad94f90203c379729d6b976db0f208c0dcfcad2a654797f062d75a
SHA512 aa497b79881ef70109afa25747571834ce98071ccfd51c1a5d6ff388f3628d7fe75a0e550c0b7cd26e39859a3276879b1bd8e5628769a1b6f37ede8a99daa127

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90ed399d1773289ab0d4a44156597b22
SHA1 1f62af850f531f0e93b6eda3240f269c9c2d9f1d
SHA256 2738f9d922f11bcdd137e711086841e4691755853912d507c2cc2aba9e6e0b6b
SHA512 3ab0ae5c70fd2b2c5364b111b03f69e3db77dd94495b069160908b80d2a7f86654f13774331cb61d487af818852d0edaa6aa16dddbd3bcb46b5bd6bef77da3b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1a9687af7054e1bd72e0d5c6e73081f
SHA1 a692647781ad02c6c66245bda03ed1d242cfff2f
SHA256 7900624d5802b14e253c2720d698cf99b3f050f84f41442555e2d3f55a1a55f9
SHA512 ab25e7e56645627717ea2909933ab538c1b2accaa4b138c7b213a58fcae6c4cb7e22dc9bd73e0e03209b7476a3b6006e8dceba949c479ea8fe11b0d5c9968fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d29dc831352263c8fa4ebff7d878cc7b
SHA1 2c8eb6f5d1f6342c2c4f211708edba5fc56dbba7
SHA256 ce276635f3daab86542a31190450e07b8fde946ef8054dc70d5f4826478778a2
SHA512 57fe941ab7eee355c485a60eba2e6687a9f745e5f5c88a3001787ae21af9566e3ef35a69c06986e07fcc3f0d8a778455162864cf30280d802db1c652fa43fb93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d04934e77506c26e36995a2ec796b8c
SHA1 73246b8913c8e5b032337ccb7ceeac8059d433ab
SHA256 b9b4a4bc5d4c88c1fad5cfa1897f66582540303e35dd0e6de38aac5bc7aa1c08
SHA512 ea1801b6130e8f91eb8c2a6af63b298dd4da5ecfbe4d423af4dbef51828587f493f169c57e52e8f74ce772809ddad8f5e1fbcdc46a89c82a22c64689af61df3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f3b450f42f7b0c7416a2b87795830f65
SHA1 bc56aadd9f56a54678d236cf268c677ac7454ac1
SHA256 8846bba561f8fd1b207c4447bae8de40856a448dbd182b461d16c56dea72b33e
SHA512 21ec306f711d0389fb560e1580e094dc0523ceebd268186b10ee02d5ce6bb6ea52db989afd3ab0592a86badef19f1e7caa52e4d8cecc8b8e22d09c7f0aa5ea81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5dc3ee775496c4f6417cf3f1977c99f5
SHA1 cc57b28156ab5906d5aec6705ab9158688daffa4
SHA256 411b2ab8cd54ffec0f60d630d3648613c78606dcff4af9a3d70cd24f4acd02ff
SHA512 b097a3e2f2fdea221751594d4d52a147209401998ace0a733cece53bd6cc2cab5b900a89d5a48b53c4a14aa11b461e692502c6e7f939af5f6a45d077ca243269

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b0d1da7cd92d4d74541222b39eae918
SHA1 f7a6a2ec60aeea38c9db7d17b3608ebd5bc569c4
SHA256 cae0f802bc4866bb6007be5f03e27dbcb75c8652ddd48ee58b70e5190c25a6c6
SHA512 d27dd544854c41b5e47f6ab4ad3b2b103a14084ad436c38482715233af6e1aec516b7de92a973449261a9424e2da627cda82a31bff5ed9da47b830d41b519858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f4d745266a124c64faf7cc41fdd67be
SHA1 f2725034b0fef80ee793373e811246d2a079c253
SHA256 0e4e0f6ebd52920273655fae1538a8981ea486e0cfbe7b5fa09af62efeefa775
SHA512 62f48ea414205233c2f4ade05394dbeb35bfd0af0271e22dbbc39316ec890abce1925122e2993c986d4c27909b527fe2066a5e1d621110bb3e8d81d348a7be33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5882eae0212527631135979ad8d6f217
SHA1 caad64eb59316469ca6c96ada9875fd665b7632c
SHA256 4e0a97bdf6416ebac6c4e26919ede4a3ddbcd17795da02278754c7fd794068b1
SHA512 f129cd5a8186ce51f0b5937ffbf92ba46015ac44fe076f15b85feaa87b21b752b08c60dd55becfa05c0a53d73efc94af8661f0fbc0dff2775e18621c8734c298

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a4b5f1e27ad5cbe80e00e26156be442
SHA1 857dd6810a8ba7fb0bf70b7887177f39e4473c58
SHA256 5b22c3249d8b677e983908607ecda3ae191a4fd7773b9643bf9aec70bb408e82
SHA512 a0743502e17219932a8cf9dea25fa791e46cea29a87ac389e9ac67c02153a385bb2e0711b0784fa9b48551a68d3f91b28f676725463a0d256458c99a1268d143

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dba47bc551ba941ee490f008afdb4639
SHA1 de54f9bff578f1e9f61216a9749b4f7484b05615
SHA256 4bfbff237e1670e946dc1910ec506fa655ddc72b0ebf7c9172a53f95d987e058
SHA512 70313f976e93edbd205880ea7f2af8cd426e73dbc9a402d0729b619c055d0f60c39152d01ace83f2a811e8e136021ad0a4ed8b11ac4bcf3c2142cf8fc4f50719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 263382462cc04777bf5516ecc1d23727
SHA1 58f2ee32743d1c3ad3f89d6d16607a6188958820
SHA256 3086099ccf3e665c28b4387164f613a59b177850a94da967c9349759447baea4
SHA512 66d1144115ea3b79ac366bf06392927b1d45decf1115cee0673a3e86536ffd8d1f8541fccf4fb341357958529c139b5984ca62fed5b4a4ed8140807a30d24564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00d02e4056b7f58c296ab31cf3d0f219
SHA1 37cc3e71787d3f0f63bbbe87eb4cf62dfcda1e37
SHA256 2bfa7ac0e21f5351a32bc248afc493053148146900ce2548d2f5f4d539ee0f0a
SHA512 b4324799b00cf8e3c4222f94652c007159046a1bbf440db63ba8782897ea5e4781460dc29aa1e1039ff644268137283630f2bbdc400012ca39b88fe9da22a335

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 623965c8af8b975b646b8d0fe89bd54a
SHA1 4470d8443743b0772a4281b288d45be51dcc381b
SHA256 a9bec5063d4437627bc89f144e20395d1b5ae1e1f1a3d079c5a905dfd4c81ff5
SHA512 87391a67e6c08f81a4c2f6141c3c9cf00e06066ab5a27442ffe608b110c8f0ea9442adb40ead25a79811247acbfeaedd37fdc070daf51934f18eb3901eac1be1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 732ca3f9ad2604225ff63230ee88907a
SHA1 ec2b0475879a5b1df174ee17676b01186de6a9b8
SHA256 00e82869f43e452da5d8887f846af988010d720a31a98eae79f4e70e3958eef1
SHA512 d955a1555bbab5579ff5ca8232a790f627e9966b296018e56f29a2a1df75b7d9dfc9a1704e95c6732d91f377727b8917c984836e664e20f0d9a39596f248c8cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea69a72e57985a2b5fbe417a4cd62e0a
SHA1 a562cd7a5f513c026dd34e06b824f791f3263d91
SHA256 f09bbd681e5463febd723e8c8e3d85c3efb18fc8a548a56d0722c75b14b5b5c5
SHA512 46591627340ecb0a953719eb8b8a08c7bd6475db51d2b362fb3c19ba9cafeb57e692e79188522f55205e1408d2bb19ec13f0e65d92299f4d8c7f6bc8d3570408

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c3ea2ba4a608ddb970cb17b7b0dfa61d
SHA1 43b24ec720bc52cbf57931e0bc81d5c3aefd7c1f
SHA256 d5975659c00523d47c70d04c1e0275bc815789552b6d29b6a3c97f61c67e61e4
SHA512 a5e6aa190c22b3a7f487d9c62b11dd87cf2e4c721dcd0b8a8cf502ff86915e9f664611cb0d2ce15d1ea8f4c7de8b90ad8c3b36dea8ac4b78fcd2f6e9333fdc17