Analysis Overview
SHA256
69078eba8b5498881482675fb4d43407389512ef0d59f6b088ac19e05f2504ae
Threat Level: Likely malicious
The file Jolly Jack.mp3 was found to be: Likely malicious.
Malicious Activity Summary
Sets file execution options in registry
Downloads MZ/PE file
Modifies Installed Components in the registry
Loads dropped DLL
Executes dropped EXE
Registers COM server for autorun
Checks installed software on the system
Installs/modifies Browser Helper Object
Adds Run key to start application
Enumerates connected drives
Checks whether UAC is enabled
Checks system information in the registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Suspicious use of NtCreateThreadExHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
NTFS ADS
System policy modification
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of UnmapMainImage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-14 12:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-14 12:37
Reported
2024-04-14 13:07
Platform
win11-20240412-en
Max time kernel
1798s
Max time network
1800s
Command Line
Signatures
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=FA9AADD736F84A0D8E0AC6B3AED2F11E" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\B: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\unregmp2.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\rectBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChatV2\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InGameMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\notifier_glow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Emotes\Large\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\TopBar\HealthBarBase.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperFramework\checkbox_unchecked_light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MaterialManager\Gradient_DT.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\MenuBar\arrow_up.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\buttonSelected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DefaultController\Thumbstick2.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\img_triangle.png | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\copy.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Emotes\Large\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_2.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_1.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Settings\Help\GenericController.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MaterialManager\Texture_None_Light.png | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\identity_proxy\win10\identity_helper.Sparse.Beta.msix | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Slider-BKG-Center.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\Misc\[email protected] | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\sort.png | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Gamepad\Controller.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\MicLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\DottedBorder_Square.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\scroll-bar.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DevConsole\Maximize.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\clear-hover.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_10.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DevConsole\Maximize.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\refresh_dark_theme.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\VRStatus\ok.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PurchasePrompt\SingleButtonDown.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\families\Arial.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\GuiImagePlaceholder.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\InGameMenu\TouchControls\touch_action_move_1.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerLight\Unmuted80.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Plastic.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\BuilderSans-Regular.otf | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarCompatibilityPreviewer\publish.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\Misc\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\Radial\Icons\2DUI.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame-10x10.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\avatar\heads\headM.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\button_loop.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\fabric\normal.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-8950870ea20941f9\\RobloxPlayerBeta.exe" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 27353.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 307139.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe | N/A |
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Jolly Jack.mp3"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Jolly Jack.mp3"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36963cb8,0x7ffb36963cc8,0x7ffb36963cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6576 /prefetch:8
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7604 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwNjk2REYtRjhBMS00NDA3LUFGMjYtQTZBQjY0QUQ4MkUwfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMENDNDY0OC04NkNDLTRFRjEtQjIxNS04RDYzMjk2NDI5Qzl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1MDU4NTQ3NDgiIGluc3RhbGxfdGltZV9tcz0iOTg4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2F0696DF-F8A1-4407-AF26-A6AB64AD82E0}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwNjk2REYtRjhBMS00NDA3LUFGMjYtQTZBQjY0QUQ4MkUwfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRTMzMEM2QS0xNENGLTRFMjgtODdGMS05OTFFQzRBMTdDNDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1MTAwMzQ4OTUiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF9990ED-1025-44A7-9E85-79F93F2F040E}\EDGEMITMP_81DC0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7c432baf8,0x7ff7c432bb04,0x7ff7c432bb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkYwNjk2REYtRjhBMS00NDA3LUFGMjYtQTZBQjY0QUQ4MkUwfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQjM4RTA0Ni1GNDZELTQ2MjMtQUI2Ni02NTA3QzUyQjNBRjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTI1MDg0Njg1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjUyNTE2NTI0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3MzY5MTUwODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFjMWZjOGZlLWYyNTAtNGEzYS05MWVjLTlmOTBlMzFiODI2NT9QMT0xNzEzNzAzMjczJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWpPSWNVSlJjclJoMSUyYkklMmZJWUI5ZlVWWlREcnppRmNsd2dzRGU1RktpUDdKTzJieGRZd3RLTlhRMjJvUEYlMmJLJTJiU0lkRXhLMnltSzFFT0hxRU9adXpzalElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIGRvd25sb2FkX3RpbWVfbXM9IjE0NjY5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjczNjk5NTI0MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3NTMwOTQ4ODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyMjc1MzQ5MzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5OTgiIGRvd25sb2FkX3RpbWVfbXM9IjIxMTc0IiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ3NDQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:9oxvqqjfxKGCwNngRsrE7g9q_9aVLwbfyRL74tK-tA12y2ZtgPOGrFFRAZ_Bsd7_lGXhqbFwGeHe-VMQ5Strd1y1DzjId5vdKZrFHSXrg5dXBuyOK8xy9ZGQDK7dAJ_h0PnrmMGWTFERT1suQuvR5PIZJUfp1405F0nssg4u86drS9HNHgxieo4VCXoy2sBa5JOGWy_8YEvhzZyt3Zw6Yx5wUSH-YMQm9Qq52KmuORs+launchtime:1713098401895+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6982ae59-28b9-47b9-be13-31ecaab7a0ce%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:NVHuxY9itJrK_VlDbUAWhfU9_zQ2Vio0MkF_l06wD4JIy_LGZFp5MqB0jApoiMthBSAr6kB-RIL_XsvuKou8HYyQ3z47g0jlm-v-DhVEl2V1QmBuSY5vjBDdGu8DY-kWwks9AW7T4gEEz72PiGY7uFJmMhFodacJrpAk8i7u9AFXPjrq3GN1QItNhXrg83TUXcEDtqCVczyd-d-POW0TvMn1yEEs771fKV4Dl1PQ3nA+launchtime:1713098599798+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd4c23530-a237-4bf9-bfe9-f295a549f119%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:21kpqYR5c2ESGZxC1dpuLdB27HlAJCo0ECTfTA6L0U12-abj4oDSLYMSdP6eCAEjD1_LlpOUmwweo0agx4c0vgD5wbNpf80L8qui5Axdbp4YJ_-sUXtWgHI7pNGNu0WuwfxeP9fvujkLMiEQ4txB0JkePCT9OnTXEcKtFWQAGfhq5vgNRt5mX_StANdc7N2zM6AO9t9jDL1n33xrJdK6XmY7idCi1BTBStBL10liMjc+launchtime:1713098599798+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd4c23530-a237-4bf9-bfe9-f295a549f119%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:9Go8X_2gNeh2aKL928zfZgZpLYsWv4bm5ggnqO9ONdnEVTBcTEhCAENvefDJmtB2ZQiXeZgi3-nScpCCesWM59Y7KLP3wJoVrbJ8qqPD-dq9swzmIFsh_4FGxS_3trAFtTqnatvar2PfQzD_fawB6G11OPDzQYMjvTGIchoK2JvXu4lBQjUA6O7SvpYZQfcGUFtK7_eHmsVFE9GteOzTxcuTeSngGoRVOOCtAia9Wa0+launchtime:1713098737390+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Df6c250f1-4acb-4f85-90ef-fca32dbd10b1%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2EECE12-9D1D-4DA9-BED1-FA0D945F7E9B}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2EECE12-9D1D-4DA9-BED1-FA0D945F7E9B}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{66C749AA-D21A-4572-B188-4D73FC66B4D6}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjZDNzQ5QUEtRDIxQS00NTcyLUIxODgtNEQ3M0ZDNjZCNEQ2fSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntEOTZBNjlBQi03QTdELTQ2OTktOTlENC04MUUyRDM1ODBFN0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDk2ODcyOTI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDk2OTQyMzAxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQwNzczNzA0OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzNzAzNjMwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUJ2TTElMmJGeEpRTSUyYjBLQ1klMmZVaFBaZElGN2JWJTJiNVpWcVZnT0NVT3AyTlFnVWJ3OTduJTJiMDllZGoxVnUwWTF4VWZycjVGeExGcmRsRmdFVGJuNFdLaiUyYmhRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0MDc3MzcwNDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzNzAzNjMwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUJ2TTElMmJGeEpRTSUyYjBLQ1klMmZVaFBaZElGN2JWJTJiNVpWcVZnT0NVT3AyTlFnVWJ3OTduJTJiMDllZGoxVnUwWTF4VWZycjVGeExGcmRsRmdFVGJuNFdLaiUyYmhRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjI2NjUyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDA3NzM3MDQ4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDEyOTUzMjk4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzU3MTkwMDM5NzY1ODAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntEMjY0QUM3OS04MkY4LTQ2N0MtQTM5Qy1ERTUxMDA2MDFBQjh9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU4A4C.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{66C749AA-D21A-4572-B188-4D73FC66B4D6}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjZDNzQ5QUEtRDIxQS00NTcyLUIxODgtNEQ3M0ZDNjZCNEQ2fSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NTM0RkE0MjYtMUZGMC00RTk0LUFBMTItMTQyREExRTEyQzZDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTMwOTg0NzAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDIzODkxNzQ4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:5NTYgT_K9UEyhEhJRC8wab7VSuXyZVUIUr8fJVGGUXbnAVeEgoW1JoacbmdQ3UgvnKeIOUIeNQYW1omTDB9pUeznPvNeh65BFJDLUsVVjTYp32HhPzh_zS5CJZMSzB8j7hEvF0dRHDiWjEGVkXZAAvtqIr37sokZHZ1jVh2EyZ7IgCvYJ-oaX7N72TSMykoYzCvt4xrN8k_OORHbRsgdX4qmdtFFWYa1W_-q9MlrjxM+launchtime:1713098922382+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D26b6a400-23f0-4f6d-86d0-08552685b7b5%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_RobloxPlayerInstaller.zip\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,5719961882009954074,7995078036039764773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:8VOKIm3pBks0eYvUsxKGRK6pdiQ6n2_aLULlDWFDSe1zRZYzMfy9pyXUNt1y40fiFcRAxd0R_uJPryhdpxj2FKFu-CdiJZ0etlzsXSsg6BeMZiW5NMShbiTA_8lOQ__Xvaxj6lgngK3IbFe-dc1DoHJ08bHXFuYy2CWI9rzN_mc4SGm6Z4w-OcXFyP9oNWvjqTqjubcvAPL-LPvYVdcvELkIqZ3agECNj_XSxq5Lu6o+launchtime:1713099067088+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713098320486013%26placeId%3D16389395869%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D3df642ed-99ad-4882-98ec-9bff6445c5cc%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713098320486013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTFDMDQyNzgtRjRFQi00MzczLTkwQTgtQ0RDOTY1M0JFRTcxfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTk0OEYwOEEtRDExNi00Q0JFLUJGNUYtN0U4RTdBNEQ1MzA0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGluc3RhbGxkYXRldGltZT0iMTcxMjkzMTMyMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU3NDI5MTkyNzU5ODkzOSIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNTc1NzE5Nzc2MDcwOTc4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMDY3NiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MjQ4MjYxMDQiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BF3BC802-2DCD-49EA-AEC0-92143AD8D2A8}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTFDMDQyNzgtRjRFQi00MzczLTkwQTgtQ0RDOTY1M0JFRTcxfSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4NUQzRjI1OS1COUQ3LTQ1RUItOEM0My1BRjJBQ0M0MDUyNjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zMyIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNDM2Mzg5NDE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MzY1NDQ3MzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU2MTQ0MzcyMzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kYTAxN2RlYS0zNGY4LTRhOWYtYTNmZC0yN2YxYjk1Mzg2MDA_UDE9MTcxMzcwMzk2NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IJTJid2w1bTJiYVVUN2VwRDFuS0J1T2luVEt0cERuQVpzTmklMmZmWCUyYk5Jb3J1T25QYXZBREJ1YXBnZE14UHNmMyUyYlFWbldJeVdSV1kwaTI4eTZrZ3ljd3dRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTYxNDQzNzIzOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM3MDM5NjQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SCUyYndsNW0yYmFVVDdlcEQxbktCdU9pblRLdHBEbkFac05pJTJmZlglMmJOSW9ydU9uUGF2QURCdWFwZ2RNeFBzZjMlMmJRVm5XSXlXUldZMGkyOHk2a2d5Y3d3USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ3MDA4IiB0b3RhbD0iMTgwNDcwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjIxMzM1OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NjE0NDM3MjM5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU2MjA2OTU4NzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTYyMjcxNjM5OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ2OSIgZG93bmxvYWRfdGltZV9tcz0iMjE3NzI3IiBkb3dubG9hZGVkPSIxODA0NzAwOCIgdG90YWw9IjE4MDQ3MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIyMDAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff639fdbaf8,0x7ff639fdbb04,0x7ff639fdbb10
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=3 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff639fdbaf8,0x7ff639fdbb04,0x7ff639fdbb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEFCRENCRjQtMkE4OS00RDI4LTlDODUtOTQxNzFCMjhEOTA5fSIgdXNlcmlkPSJ7RTM3MjhBQzYtQjczOS00MjQyLThDQzMtQ0M1RTdFNjlDQUU4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3QUJEMjlCNi04ODA5LTQ2NEQtOEZGMC02Mzc5NUUwRkY2QzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDsrMGpVbVllS3RaQUY1QzNnMjJwQkI1RjBSeWR0ZjFTSDdibndzbm9VK2ZrPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjU0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzEzIiBwaW5nX2ZyZXNobmVzcz0iezgwRTIzNjRCLTZDQzMtNDY3Ni1CNDEwLTk5RUQ4RTJCRjRFN30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzU3MTkwMDM5NzY1ODAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1ODY4NDM1MzA3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1ODY4NTg5NzE0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1ODkzODMzNjcxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1OTA3MTI0NzkzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjI5Nzc4MzAxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc3MSIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzOTA2NiIvPjxwaW5nIGFjdGl2ZT0iMSIgYWQ9IjYzMTMiIHJkPSI2MzEzIiBwaW5nX2ZyZXNobmVzcz0iezhCNDEzNUE3LTY3QUQtNEVEQS1CNjJDLTQ5MjJGNkJGMTdFN30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuMDgiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMxMyIgcGluZ19mcmVzaG5lc3M9Ins4MDdCNThFNy0zMkI1LTQyNDctQjk0Ny1DQjc5RkU5MDNDMkV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| NL | 23.62.61.59:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.184:443 | www.bing.com | tcp |
| NL | 23.62.61.184:443 | www.bing.com | tcp |
| NL | 23.62.61.139:443 | th.bing.com | tcp |
| NL | 23.62.61.139:443 | th.bing.com | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.67:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.67:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.67:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.67:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.67:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.67:443 | js.rbxcdn.com | tcp |
| FR | 3.162.38.18:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.38.162.3.in-addr.arpa | udp |
| US | 128.116.99.4:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| FR | 52.222.201.77:443 | css.rbxcdn.com | tcp |
| BE | 23.14.90.88:443 | apis.rbxcdn.com | tcp |
| BE | 2.17.107.241:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.241:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.241:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.241:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.241:443 | images.rbxcdn.com | tcp |
| BE | 2.17.107.241:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| FR | 3.162.38.51:443 | static.rbxcdn.com | tcp |
| GB | 23.73.139.17:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| BE | 2.17.107.152:443 | c0ak.rbxcdn.com | tcp |
| HK | 16.163.212.88:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 18.217.161.32:443 | aws-us-east-2c-lms.rbx.com | tcp |
| FR | 13.249.9.25:443 | c0aws.rbxcdn.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| HK | 16.163.212.88:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| DE | 3.121.72.41:443 | s.ns1p.net | tcp |
| DE | 3.121.72.41:443 | s.ns1p.net | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 41.72.121.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | t6.rbxcdn.com | udp |
| BE | 2.17.107.137:443 | t6.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| FR | 18.155.129.124:443 | t2.rbxcdn.com | tcp |
| FR | 18.155.129.124:443 | t2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| BE | 2.17.107.152:443 | c0ak.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| FR | 18.164.52.58:443 | js.stripe.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1d-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2a-lms.rbx.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| GB | 18.132.88.108:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| US | 3.15.246.202:443 | aws-us-east-2a-lms.rbx.com | tcp |
| JP | 57.181.105.228:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| JP | 57.181.105.228:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | 58.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.88.132.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.246.15.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.105.181.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 151.101.0.176:443 | m.stripe.network | tcp |
| US | 54.68.143.41:443 | m.stripe.com | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| NL | 23.63.101.171:443 | setup.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:51372 | tcp | |
| N/A | 127.0.0.1:51376 | tcp | |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:51379 | tcp | |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:51382 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| FR | 3.162.38.113:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| FR | 3.162.38.113:443 | setup.rbxcdn.com | tcp |
| FR | 3.162.38.113:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 113.38.162.3.in-addr.arpa | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:52052 | tcp | |
| N/A | 127.0.0.1:52055 | tcp | |
| N/A | 127.0.0.1:52062 | tcp | |
| FR | 3.162.38.106:443 | setup.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:52166 | tcp | |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | en.help.roblox.com | udp |
| US | 104.16.53.111:443 | en.help.roblox.com | tcp |
| US | 8.8.8.8:53 | p20.zdassets.com | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 111.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 104.16.53.111:443 | roblox.zendesk.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| NL | 23.62.61.176:443 | c.evidon.com | tcp |
| NL | 23.62.61.176:443 | c.evidon.com | tcp |
| NL | 23.62.61.176:443 | c.evidon.com | tcp |
| NL | 23.62.61.176:443 | c.evidon.com | tcp |
| US | 107.22.91.90:443 | l.evidon.com | tcp |
| US | 107.22.91.90:443 | l.evidon.com | tcp |
| US | 8.8.8.8:53 | 176.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 107.22.91.90:443 | l.evidon.com | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 107.22.91.90:443 | l.evidon.com | tcp |
| US | 107.22.91.90:443 | l.evidon.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:52683 | tcp | |
| N/A | 127.0.0.1:52695 | tcp | |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:52706 | tcp | |
| FR | 3.162.38.106:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 191.2.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 23.73.139.35:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 35.139.73.23.in-addr.arpa | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:52815 | tcp | |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:52980 | tcp | |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 18.239.94.108:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:52994 | tcp | |
| N/A | 127.0.0.1:52997 | tcp | |
| N/A | 127.0.0.1:53002 | tcp | |
| US | 8.8.8.8:53 | 108.94.239.18.in-addr.arpa | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 23.63.101.170:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:53322 | tcp | |
| N/A | 127.0.0.1:53325 | tcp | |
| N/A | 127.0.0.1:53332 | tcp | |
| N/A | 127.0.0.1:53427 | tcp | |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 43.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.7.47.135:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 2.18.66.74:443 | tcp | |
| GB | 2.18.66.74:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 20.189.173.27:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 177.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| NL | 23.62.61.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 161.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | c17aaf8cebe1af5aa96dbb52b717bdb1 |
| SHA1 | e8c11d8c6b1d387c37bde4d3feb072aa3712d127 |
| SHA256 | 18afdf5c26c2fd10ba027f82e8030b086bf3cea3ba7a04b2b7b885f8d6777fa8 |
| SHA512 | dfca2c831523c030ac843bdbfd8bf3659ddaf9211d8f6dd7ed80deac1d2aa445fe4edd84cd4580a7c54b2c0ac7930aec0043c4327fed70ad9974f1579b22b173 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 189f9afb0ddeebccf446c000322a7823 |
| SHA1 | 0a227d65112dc3bd21b98e439ea7c522d4b38ccc |
| SHA256 | 6e6edf5a7a2fd104040c5d52401eaa1568ea6ca02d38c0e2c122e3d903fda062 |
| SHA512 | 7f81576b50abaf09e934682a5c76da96791a2ea76300416eb7a649d3d5014ef96d38d593ee7b0e7dce807bfdab086a2015fef62e3e7623cf46eee24e85c5e012 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f3f6e86c8b7bdc605f5559df800bfd34 |
| SHA1 | 862d05bfba760ae8adcbb509216dc18ead59a6b2 |
| SHA256 | 5dfe9be21d4916615025055f1a70151362bdb404b40f074685e39b33ad545a78 |
| SHA512 | de576ebf0cbe1c5e7639c42517253796cf4b5770298271ac2e6958404998f2d6b8e3378a535f2f316f4020fd8e60b5cc9c1b6b5171d307ca3215afe8ac47a7c3 |
\??\pipe\LOCAL\crashpad_4864_PFRYVQQCCFPQBFPN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74176bac4b6d430fcf6bf1212ce9baf7 |
| SHA1 | 3ad9b5b10213085d68ca2e0d59d0855010b8de3c |
| SHA256 | 97f398ee78fb44a8668076c65d8844a7cc5ffca66b1c830cac3a6f6c3b605eee |
| SHA512 | da441364ef3febe08cab004c52561892e7805eb0bd908352c9acce617363d0ce1e731700cd48298c7d5e5fd4cbf7d144e9cf36423061ccb260b25c500c67bffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51559bc636a135b82173b4be1264a6d9 |
| SHA1 | 488764c1d641b7e45f42e5f776e2767bd68d0594 |
| SHA256 | b169dbf098d12ab762fcaae3642f8327ad39ac266eea0f988d4419ff513f4186 |
| SHA512 | 57a5b41dc7c54a30c20d2e3c1112e8783e65c580cb2f8b332a1f2df2d09539d47bbf764b4bd6ce40a20c8cc05b6bcbf15ce839f7d8c9370088df9662012bf9a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abc3e7f76500ca5829bd410a7548fcf3 |
| SHA1 | a20e42a654cddd09e4593ee0ec94cd85c9c85933 |
| SHA256 | 465d3f446e7d1ceb402fde52400f48107ca9bc4afd0987d28c3518ac0b9248e9 |
| SHA512 | b6466a88186cdca2021ca9206f8579b7291c751cac9e950ba1e51490719db23b13470e01dcf479b1cf27939317635155577dbc67c4e21933a3562acbaa23f4b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 534dab6516e61d9eb57cfff942c57916 |
| SHA1 | 9e1fe8d5c6f57e5c96598943276cfe449f27b70a |
| SHA256 | f483af0326b454454e3d32abd92cc9a2d0745205a3b966ba8e3a5ecf4157349b |
| SHA512 | fae0365f86525247a6a7212ad3d93678062998ca9afbcc0c215c4667822d0366b6de448e956c6566256c44a498120fa20918fc0d94e16b7ccc60ee7464941bc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0640788050b60dd781aa643dad7033cd |
| SHA1 | f27229cacc232020c2145b4cf29b6143895a41b2 |
| SHA256 | 8d540b2615dcedf28541b2403529d01094204865bbac65e5dbce51fe6023e7fa |
| SHA512 | fa6b822738aa9f9f71eb9d8370e026a81d18de3d156a3a6699fb3b07ccd9891f259d8763d63966ef1e645ee22479396afc1a970f2644c3039501de983e514ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583479.TMP
| MD5 | 3fc9f27e5af1559b0fc8b12ac2d9ea6d |
| SHA1 | 4c547e2f8e9f7908ec0962630bdd9fa09cddf95f |
| SHA256 | dabe3c9b23afcedc4dcd23538b2c14431b6afdcaa82fef34a58626d56bcd4e44 |
| SHA512 | 1c54b99694e5c9a0c57200fba98c018e539d568ffc07a289b9a712032ca0d515177fedc2d80f073435220682beb313470c122822bc3fab76566467e3d45e4acf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9b8bf13d1009b78dfed61396ef8b10b |
| SHA1 | b9a01ce09bb639ec7b8b21166a8d3ad43d9d7fcd |
| SHA256 | 8ace7f418a47245ee76ec8a11add14ffaed8393e9328cdc9e3ef42747121ee35 |
| SHA512 | 58c896178dd4b8dc6271e49f97043e3fbf23f26351549c0ce0f88babb67f58259ae8c10a77368a3db11c1585be7aa6d58abd06658c718c83b694b843fe5c1612 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e83b9f126b65b901354b5fd860a41a51 |
| SHA1 | 84136eb47f44503fa5092d5bbfd6bd803de5069a |
| SHA256 | 9ef95641554c731b78728f3d6cc9058a6431ff955f88014589bdfdcd5d2272ef |
| SHA512 | a349b4772add575a3e9340d851905e127b21c533827ddd53f3cbe21dfd16f50fc3f2456874625e391be6feccf2c3116c7771232cffcb377ca9143a55195a0736 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8bd488d0079346243924eacdcc56b1b0 |
| SHA1 | b0a928081f610cd2d804d5786c23f9388119b607 |
| SHA256 | 441d3d6a9e02ce94f769f6bd1cac1ddb570a244661de4c141e41ff37ccee94d6 |
| SHA512 | c5875e0840deb38d3b71d91885776709d5216f40ecfb8e47fd9d026ded012f24f9f364564f277f5a2e72b960d2385e283bc7377ec1b27f914b3d521a93e740f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1303c463dbe5362b1af92b3329036c6e |
| SHA1 | 77647093360f4aafce12bd54ab227d30c7020f37 |
| SHA256 | 6adced5382796e75bbdaefb8a30662595e82d5c17dda3b0d3591bba215cf71e9 |
| SHA512 | 0544c10256696f24544d15982a2f4d6ac4e3c96d5701936240d30743c522646622507d7d456ac3838aa05d3bba89d35433185169b9299a32cb8c4404ad0ba390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fb46c43c0c7dcd471db1cafd50b40462 |
| SHA1 | 9ca7ed309438b21c0eebe926d77d2e9e2d1fea54 |
| SHA256 | 70e0e1b32ac4f963b6641ddb8010d4da82b8326ab47807a637ce873871f83eb1 |
| SHA512 | ec5a343bb903882854244ec1e834dd20dc813e5808a2992d4abbbd1aea98875d1e17676c85e8ca16629f82ad83c8e8abded2af828085c2a4ccb438087fbe0815 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1583f081a8effdef01cb14f4dfb7de32 |
| SHA1 | bbd11f7938f72405d4db7861ec71493de39db8d7 |
| SHA256 | 3594bfa8f85eace92ad9bf725080057723e1f1ac332813d88c7b3fe929e84a4a |
| SHA512 | 8ee6661b4b0ecb4f8d7b591a80e8916e0a544132d50994ee64cabe9bb615fd6c8fbe22825a3eb2d87f5a8e94dbf7da21c5a2b4c0fb41c1410d72eb415558f547 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 5b431d6f7e2b9ad35ba13b2d16cb21e3 |
| SHA1 | db0a9b00ca39f14ee5be3269b8527bdf65ae2fc1 |
| SHA256 | 63e00add8cd4078903228714758131588a3f1165a916bfc66e1a82076558acd0 |
| SHA512 | f27f5b3c9c23adaf50ff44e0b2af4dd121038ed4bd5ebc0b8d63094b4266a151edf94214ce85990d8e545f1f4b8b288539b7d8003979deb24629825f5b966183 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e51dafe414a652360bb13068cb89f30e |
| SHA1 | 70cf874ffedbb7dc2422530261193fd6a0b6271c |
| SHA256 | 58e87eb01269c20618026620782ab6409efe3fc42607a9d9c380823b661d37e7 |
| SHA512 | bc894af738c4270b0293b2b49e897c74e5a8777c90a6f11a158f5c1e8b3dd9179f05a884e3d9768fe1f1b1979f92df9b19e2df5c05cf21d36949e092051f072a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7bb31faa1365e639b288a2e2ed865f7b |
| SHA1 | 22bfc2317f439408f2122dab3b62d935b5d26b07 |
| SHA256 | 44992bd065db8330cf991c3ea59c2cb7c80d5dd5ecc906c74bfdd550f9ab9392 |
| SHA512 | 76caaa30aef37b1785ecce1cdfe022c312c5a96455160127a9b0c91870d28863185bb9f9b0b1fd3058fb9a1c75710db4eacbd32d68f23a0437d1dc4e84b7e4a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b4461d41263a5a5faf622ff360235a8 |
| SHA1 | 850dde475a645ae06f2a005ffd59ed2d167c3018 |
| SHA256 | 30678ece2aed229f5437f03ca203729425f74a74f24fcc217821875edb4e7395 |
| SHA512 | 89a27399e22acfd27ed5fd17885814b8cfbc43feea47c70bac71ee0d12810224bb1a5b48db509567b79321d9c1853b6843cb3a7fb9dcba80d10f0cddcb316271 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | d170269951b86f585f899d21ae50e782 |
| SHA1 | e981cf3277587be2e230a211eeb4a64a77aaaf97 |
| SHA256 | ca08d2665294fd7036d1c5260dc3c7a280961e4097651ddf2cf950925a1f988f |
| SHA512 | a1769e21b012fb39d9b625ce8d8173d306af510a05c3a377f9d6b7a4894ee53933a191aeda48a7850e7d057ab3d97a49854045f514aa75584da5a5fdaa5d670e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b91f3ab325c0a77ae61f97e434d2a1a7 |
| SHA1 | f2629f5fe9a7e35e595fa7d07d63d6eea7e70a9c |
| SHA256 | 63401878c9c14c184c3a5edc78a7bcf123493bb0bec9c2c036734e109c731267 |
| SHA512 | ed87386314ebe8bc39e7326df5babc79064f9f2c9a31fb13316ce5b9990d951e8193ffe31c95e1ca47d8e7457afb965c3545b56f40ed801e841736e898fd3e5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7538f9928003a3659d40f5618624b351 |
| SHA1 | 0b9373d8f04852e13bf173a0d0df12314c609a77 |
| SHA256 | d97c30e39485ef269b576957d2b991abc4c6c1c836827fb5e75f10b61273ae85 |
| SHA512 | 112724bf7c2b68168dbe33e625ca2ad2d2959dc9ba41e34057092c547e534802ab73c2d72ffe6776ee1933fda9d8385fea6490454512a7b2fe37da0eac9d9549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35918d98112d17025e3dad25ec5ed836 |
| SHA1 | 7088e81ca161733b200aaa7e4af1e0a8f23afcb5 |
| SHA256 | 0b6397b85b64e1edde679b761d720b7866805556792825f1b0ea2d46807b1698 |
| SHA512 | a7e59a24b4a48b95f6689719c63a74b4b8c58b10f8dba8660110935e18fda6fed10663a9367b78f20e2ab01757df266adee33950f6e7a705d758a1370facc4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07235c76b7506ebffe08aeead5915495 |
| SHA1 | 9a5862330d4a2970624bc467c4258da83ca3abd8 |
| SHA256 | 4304dcf9a9facd7b0cde35d7c090927662872bacbbdaefff0b9edf13e6175fb0 |
| SHA512 | d3d7d5eafc72d5cf253b108e6b5358a16f04b9205af980666a6dd99aa6a3d5d4ce3a2ade8cf72aede47dd824fd6b019671adaa7858279b276d2a7c95202b0cab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1a95531642f52b6200c4ebb5bbf5c4e0 |
| SHA1 | 20a638ef389fd3073eac5949078f5474b935505a |
| SHA256 | b31d702b7096a2f24c81ac74954958e3d8e4415c01f50215f60063baab04ebf3 |
| SHA512 | e34c8b76c6d034258f680f87a2d5221f8a1bf907a6df55f5f3a409c1ec69a9d06e663b91a0daf5c71e7f8b6cd131ff38c8670fcf021837d1a1ea01e15656a73b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b7cb6f823aa3250660a5889e757aaef |
| SHA1 | 1ca3cb191a881aaffc99406f0ce7ba270709d4e1 |
| SHA256 | 9c1ce4526f9ba1afdb27c8c103a3b5de7b9c5e9e508cabf7a4bbe4804083ab48 |
| SHA512 | 3806fd62c36059b007fe548ce10a108aa6a898bc7604c0d3c86953640ba0f01bcd78e193d7e2a3015cc634aa7a5b4f3391ca13eae9a836544052d48389a9c99a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b34f0da41a19ec90a7de9b0b43e5274b |
| SHA1 | 7116402f3a066de079e98b744c949b796162bfb8 |
| SHA256 | a2a7c870240cd20e3cdf5466aec86d4068039894eab617c9545b5dba2e5dfa8f |
| SHA512 | 23e4cf84015abb277070025366cd5275bee3faf0fd2ea0542e9d20722a03341e938157a9ac2578dcf029b895d6d436b2cea167818cb90d967d69c8a728c6c97f |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f98ec040b9198d245c6b2532781b055 |
| SHA1 | 481d4ba2bd0fe03ee9c5c10deb1558a319cae676 |
| SHA256 | 7d38f5d92703c50f4ad6682c4cc17fb260f5c587aebdc53c69410a94a0c0fb64 |
| SHA512 | a20ff2f545c17743ad1d9b7e975f5e77b302ec210506f18fb5909e1153c35f57c1c1425b94a581f416853cd7b3858fee9a4df288c2a4480c4afd28536763d4ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7be13a015d4070afd83bba43df619c2c |
| SHA1 | 7b0a5b8fa68b9fbd7a6cf69e03abadb98e1d67a5 |
| SHA256 | aa2c12e62d522fb9f1467fc0353ae327bdcc73d16528572584490a556119e5ee |
| SHA512 | 4cfc8ebb4a2f1438d03dc4d517d2f74854539b572a04d868536d7f49a59a8e2e772068c61abfaee105ecf8c693f8fdaf9b028337b222941d23315184f0c5266a |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | 9fb66ffa1e1f4dedfd16eb3a8170bafd |
| SHA1 | 69b5d57ddda6b97adde820b9ceaddae9c33d53bd |
| SHA256 | 7953b28b736795aaa54e6cd5cb591e794e2f770c1045ca2e33af5ff19f480eaa |
| SHA512 | 4b141802e7a4cb6bd4a7498d30086a9d83c62d37f2137f4910ca7d3fb7009079d4dc59b95050849cfc720210b0cb44bf588d15c08e3ba830aae19c0a27e8e6d5 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 4f9d28edc0c431adbfcc19d8fa47702f |
| SHA1 | 37a6e145fec66acce633199ea7261bf5dd3d855b |
| SHA256 | 17e5cfe0cd5e01c1cf679b2fb7da7f3eae6cac2481c41f355c23df375ee0b48d |
| SHA512 | bb7a5f33e2ef384347f8ffa09381aee5609a5b4997a205c972e7d431effa8c89f47e065b41f3acd86c2a395e0fdcd2fa656b57c84c3b94bb2fbde52ed2284dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 823f8801600af74787fee9b7114dc52c |
| SHA1 | b476fa1faa70c098f568e29b5c7dea964e99cbd7 |
| SHA256 | c70b2e68f9c3be958687b15cdabcc0628d277ad664922e128580714f685099d3 |
| SHA512 | d2e4959ada2394d41799e5256fdf42bdebad6d4ee5def18e87b31da0563dbc11c605ce580ebaa58290d1cc0b8ab1c475fecf46c9de018595c1a0cd5d080c11e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 623d43062e17c96356621545859e3f5a |
| SHA1 | d72bbc806d58ea03b425b6714f0ed9dc9dfddedf |
| SHA256 | 0424240dc292b5949c459548145a1f2bf4dddf2f1436e84b62095acd153e28dc |
| SHA512 | b32a06e132de296c4241c754161dd55896df18fd2b7fdc68d5904fc59c36fbc0bd63fefde0128723464708d0856f576fe4e894a11db30f2ab112f39eca8ae46d |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f3b8e82c20c4bb3f94a2d7bcd2a82cd1
| MD5 | f3b8e82c20c4bb3f94a2d7bcd2a82cd1 |
| SHA1 | 89618596be7cb90317eaaf2d09b05d522d008260 |
| SHA256 | 7de6a5a45227b0f21ac7dd50af250e37f20b8bf2d6f4aa53a7f643d77515bd07 |
| SHA512 | 82f15e37366efd29879add4f50cedbdc27d4eb885e190dd54c8e89787b51d59ccc21473f431292da679c7e8aa7cf2d0ce7219e1503d59a0f356e078f9feece55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 020875ee1d64cf0d66107145bcc07288 |
| SHA1 | 99338ae09cd7f1c01718c9e2cf90a6fbccefec1d |
| SHA256 | 6277e9c3269de86f4705891a023532bdd9ebdeba6d5413fae4ef0d138f52e70a |
| SHA512 | 7f1dc08d00c174a18718c8cb91f069e978429623254f5980de61f333432f5b5b969c52d33e1c89c739b22fe6297a5505ebcfa8903c21a1aadb5c41f3cb7d0838 |
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU4D37.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | fdb8a3e7b6c2f72a7c553a66bfc240ae |
| SHA1 | d8d6316d4fa8eb6aebda1a147198485df9e4f8e1 |
| SHA256 | c20cc6598488c60ce2b7f48915e9077c8c8389fdc3cadd58625f6d036efd3e2b |
| SHA512 | b9e7c48aa3491a416929721b5817a376c76fe7bd4566ec39094f8414da0026e188342ad85714b0a7869952b29fc3381ba81d584b0479092c1b8cd8248ab4f1fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3bb6e21819ea21ad97344526b7c0527 |
| SHA1 | 0c58f42374b1ea67d49a0b3e011e174a38566fff |
| SHA256 | fabb6faa77825d5fb50572170447329489692297e4da8d5cc2b0f321366d7715 |
| SHA512 | 958f22b32d4302744d7a3f9425e3b144e3f12836bec555bc180ef8d2e156a74ca571d2dfbe52fc639c9bdd8d4c6580edf8848e2a2c1ba2836782eb4796257689 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f5d48d3-ba51-4315-b0a6-88c1f7a618cc.tmp
| MD5 | 17cb728fd4d41034586ecfa8f717673b |
| SHA1 | 91e0e55adbcd0a0d8cbd89d5084215c31d2aa1d3 |
| SHA256 | 761b585e06d5705ba0cf67681ae12c8a76a119df3177023f5f11b5afa5ba5a35 |
| SHA512 | ed7b4f0460f1962f5aaf0cabbaee662e19647dbc7b978bdd9b11aefa545eb50eb97513ed2116e36c4c030e5c57ee553cf9f8e2c063cb47d1eac17cb7e034599b |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe
| MD5 | 300df46436ba5d076b227c32967ada91 |
| SHA1 | de9d47ef0c61fb04b7309875e2f03c8fa37d19f4 |
| SHA256 | 1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b |
| SHA512 | ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971 |
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | 41d5a25e6c0eca477959628b1af4b3c5 |
| SHA1 | b96c6066ca7b87f2de31a972239c0c0278163691 |
| SHA256 | 475c7240cd21761ee842a7ca80ad68b9ef31ecfe04b82936769341b2894cc4e9 |
| SHA512 | de23fe342d31c4e26a646d8564f35366d12904e8c5d34b1e44f87203ef3a0810aacac543e25a7f897cc5107be78bf5f7bf98a2746282cbe5b66a689ca2cf98f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7473f204b79a74245ff78e1a096ae1ba |
| SHA1 | b63c163f38ca7ba2d57bd4639c51092224cb9cf3 |
| SHA256 | 7efbc88f5c90c465dd6041ad684ee9c61301936a01ee6ad21087e6f62c1f2bb4 |
| SHA512 | 06890f6abe6be97bdeb8748c46146d35eec506e6a10b1224ec27a8ddcb33a5bd6762e74659344f07d944a447e62b3061bc466456b9c35c089c709e1c97eda6e6 |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe
| MD5 | 31ddc9e1c11a44b88cf96c45b3551ffb |
| SHA1 | 811ccb9706f656e29d089e30a2ee1650302394e2 |
| SHA256 | 46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da |
| SHA512 | 67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6fef0ff25a811383ce5a91be5fc15d63 |
| SHA1 | 9deaa632c3ca08d87b2fc29ca2ecf49f011b6c34 |
| SHA256 | ae1e9de0595605436d6336ab92b1e94d58adee3741e6d2adbac2e55a29b898d5 |
| SHA512 | 1142478826f2a61fe2c95625e69df8f720366c8e1760b2162214e44aab3b1647c7977222e11d1c519f2873757f98fea678bd9c2a0794198337e495408a108fd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d4a1214d0f2d408221d0fdcc73d1fdcc |
| SHA1 | abf8effe943c61ae5fd4f0545c8b4690c17f8392 |
| SHA256 | bf30106642aac2ea643c96e5b206aae92ab0b79c9b65d8391dadb1540a49504b |
| SHA512 | e0f795ab23b524d4bb98d8ed89820bbb936a29637214b441ebf21e4c9b3b5a8eb590911b300dda643c2f49b7352c8f08e755ed868fb563187b459b4f2b6408af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0e29bf4fe49ecc63d070d6ffc200d66c |
| SHA1 | 926550f96c441395eea2d98b8fd70ec47ebd09c6 |
| SHA256 | f62dad52720cce6f901cc2d8d0b7b1d9c4663959ee5561344d498a3914c9db79 |
| SHA512 | 9207175b3c44efb37e00b7af30b845cb6c51584b3786387ef586a1063a6883558753958e9380da13ce716fc84104d367a3c72bc786904f9be0010dee1e7476f8 |
memory/2280-1876-0x00007FFB45BA0000-0x00007FFB45BB0000-memory.dmp
memory/2280-1877-0x00007FFB45BA0000-0x00007FFB45BB0000-memory.dmp
memory/2280-1878-0x00007FFB45CC0000-0x00007FFB45CD0000-memory.dmp
memory/2280-1879-0x00007FFB45CC0000-0x00007FFB45CD0000-memory.dmp
memory/2280-1880-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
memory/2280-1881-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
memory/2280-1882-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
memory/2280-1884-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
memory/2280-1885-0x00007FFB45DA0000-0x00007FFB45DA9000-memory.dmp
memory/2280-1883-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
memory/2280-1887-0x00007FFB43D20000-0x00007FFB43D30000-memory.dmp
memory/2280-1888-0x00007FFB43D20000-0x00007FFB43D30000-memory.dmp
memory/2280-1886-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
memory/2280-1890-0x00007FFB43DB0000-0x00007FFB43DC0000-memory.dmp
memory/2280-1889-0x00007FFB43DB0000-0x00007FFB43DC0000-memory.dmp
memory/2280-1892-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp
memory/2280-1894-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp
memory/2280-1891-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp
memory/2280-1895-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp
memory/2280-1893-0x00007FFB43DD0000-0x00007FFB43DF0000-memory.dmp
memory/2280-1896-0x00007FFB43EC0000-0x00007FFB43ECC000-memory.dmp
memory/2280-1898-0x00007FFB43130000-0x00007FFB43140000-memory.dmp
memory/2280-1899-0x00007FFB432A0000-0x00007FFB432B0000-memory.dmp
memory/2280-1897-0x00007FFB43130000-0x00007FFB43140000-memory.dmp
memory/2280-1900-0x00007FFB432A0000-0x00007FFB432B0000-memory.dmp
memory/2280-1901-0x00007FFB43450000-0x00007FFB43460000-memory.dmp
memory/2280-1902-0x00007FFB43450000-0x00007FFB43460000-memory.dmp
memory/2280-1903-0x00007FFB43450000-0x00007FFB43460000-memory.dmp
memory/2280-1904-0x00007FFB43470000-0x00007FFB43480000-memory.dmp
memory/2280-1905-0x00007FFB43470000-0x00007FFB43480000-memory.dmp
memory/2280-1906-0x00007FFB43470000-0x00007FFB43480000-memory.dmp
memory/2280-1907-0x00007FFB43F00000-0x00007FFB43F10000-memory.dmp
memory/2280-1908-0x00007FFB43F00000-0x00007FFB43F10000-memory.dmp
memory/2280-1909-0x00007FFB43F70000-0x00007FFB43F80000-memory.dmp
memory/2280-1910-0x00007FFB43F70000-0x00007FFB43F80000-memory.dmp
memory/2280-1912-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp
memory/2280-1913-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp
memory/2280-1914-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp
memory/2280-1911-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp
memory/2280-1915-0x00007FFB43FB0000-0x00007FFB43FBD000-memory.dmp
memory/2280-1917-0x00007FFB43ED0000-0x00007FFB43EE0000-memory.dmp
memory/2280-1916-0x00007FFB43ED0000-0x00007FFB43EE0000-memory.dmp
memory/2280-1919-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp
memory/2280-1918-0x00007FFB43ED0000-0x00007FFB43EE0000-memory.dmp
memory/2280-1921-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp
memory/2280-1922-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp
memory/2280-1923-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp
memory/2280-1920-0x00007FFB43EF0000-0x00007FFB43EF9000-memory.dmp
memory/2280-1924-0x00007FFB43830000-0x00007FFB43840000-memory.dmp
memory/2280-1925-0x00007FFB43830000-0x00007FFB43840000-memory.dmp
memory/2280-1926-0x00007FFB43940000-0x00007FFB43950000-memory.dmp
memory/2280-1927-0x00007FFB43940000-0x00007FFB43950000-memory.dmp
memory/2280-1929-0x00007FFB43970000-0x00007FFB43990000-memory.dmp
memory/2280-1928-0x00007FFB43970000-0x00007FFB43990000-memory.dmp
memory/2280-1930-0x00007FFB43970000-0x00007FFB43990000-memory.dmp
memory/2280-1931-0x00007FFB43970000-0x00007FFB43990000-memory.dmp
memory/2280-1932-0x00007FFB43970000-0x00007FFB43990000-memory.dmp
memory/2280-1934-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp
memory/2280-1933-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp
memory/2280-1935-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp
memory/2280-1936-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp
memory/2280-1937-0x00007FFB43A10000-0x00007FFB43A36000-memory.dmp
memory/2280-1938-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
memory/2280-1939-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
memory/2280-1940-0x00007FFB45D10000-0x00007FFB45D40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95416a613e8a15c1971560b0de9f241e |
| SHA1 | 834c68416dee330b80bdbb57da692ee735d01e20 |
| SHA256 | 7a1fbf461103d6fec0167e1765e2c41e8f4694f0819d711e2acffde7bacb685f |
| SHA512 | c7ebe3a38db62947e05fd244873e7d6c3aa51fb635466134719159bfe0c913056e0b442465e1abd0291a7e054a9e39642c613f2805b8683d26002290721386aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 663e1c01117f5f7a23decd2dd247c1cd |
| SHA1 | 6fcf2a8b2627dc4b61cd295cc68954b7785473b0 |
| SHA256 | 3b4cea3a6f0590b3345aac2a31396d16ecb52c5584118873e77e7039ef07501c |
| SHA512 | d41fe8f624c5637413f43486949e6487294592ca2c3a51e7b90074ac8f7659d56760c9270a58367869ece1516182a9bf4545da30c011c8abc5f02755ca0bc441 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4e01890cdc6f7555bf9f8f13b1df7617 |
| SHA1 | 47ced740e96762548518ee00ce85871933d061dc |
| SHA256 | 0a73bd94bf4c0400d344d56604532ef1520f59c8a0f9ca96fcb372d374fe3325 |
| SHA512 | 219e617ed050f7fdaca4b3873e2b7acbff459ab6fb3d94e1e20dad7b23d49629a29114ff6802eaa7916c51a6eb1f79bca7fa51a6d70c4e135b34039e91825b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6dbb713da3b40b4cdcfaa32eb7859e29 |
| SHA1 | 76d137f6914699607d40adb0da35edb983a00848 |
| SHA256 | bffbbb63eedeaa4ebc67650c34ea0ef5b6b2dae613d10824cea48905fa47ffb1 |
| SHA512 | e11667eb961e48f74eb8274bd8091813d78b0a1ee0c3caf3a71ec61db610e69632ca58f077407ac1f5b7090d3c2a1a51d54070eabfc8338ceab75b0a00521f1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3cfb512ee7b71eb2b5b242f5b6e0b954 |
| SHA1 | 8378d98232d0edf805bea3032f0071ff7296a847 |
| SHA256 | 89b813258d6dc235cbe34971c766757e912da9c241c854a0c3afdad54af170d2 |
| SHA512 | 34380ccf976a5b6c6264c0e902fb18b812f548ab874ece2344b9924eecfbe90b0308f06b85f673a14507163676d58ec686c43af1f0b42cd1cfa567718942045c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f34a3dc9226f777e80b2f1187aaa413 |
| SHA1 | f3324100ebe180daae5b2f15d09fed09179ef7d7 |
| SHA256 | d8b6fb1a659ea8d1d50a9c4a2f6a19ca8405a0dc58b97da32e211d8b217c5db3 |
| SHA512 | a238efb25b70fde25116d5e9e4addb66dc154d6ba806a53eac25dc2a9386ceeb7895b4cda3e9418b51de4215c676b0e693719c3a8149ed6fac745eb09374f40f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cd6622ee58f818cd40fb1407cdb93a29 |
| SHA1 | d03481966038ccb7923f2f707128acecde4e3366 |
| SHA256 | af1424b5d0aa94003d96d3d8dfd7430ee5c0bb32a48a7a1638c7b043bc27fc95 |
| SHA512 | 5dfdc6ff0c41b60a94172880715e3fbe45d7849f89fc5b1f944a4eee68244c69be83bff8b5f89b02c18afa26c7fcff74c0e3a202d7346c99262e604d04d88e71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e31566a395e1ef5f0edc3d5279a2f284 |
| SHA1 | 8213ac124924d71cefc2782dce5d4af28bd73e98 |
| SHA256 | 6241aabd52b17163baadcd8ca948654a59eb596541f8ce95892d8be62850e52b |
| SHA512 | 42b472b2e848b0db1cb7066eb1be64aebc16ba0148cfab37cf58efbce5b2f15ed8050a19aa84f7b5af86ff708733045018530d14a9d89899ce570f604eb88dc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 715e29de6537eba8e3408c7fd0b2fb85 |
| SHA1 | 05076e546fc0e49aeaead802aff7224c57b51848 |
| SHA256 | 0b36f2f8fd4df16685353006de07867e2bc7b2340cc5eb8257b37cbbdc9e6ddc |
| SHA512 | f2e02897ec987fd4e078fdec91fb706157d3aa89f16cc07a28dd086d2756ff88e31aadc37bde165b3726628dc7a21a69a1f9f4326c8d6666062ecaef36e6095c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7cc9b7659bcc6c8aa290897be5c71eb |
| SHA1 | 88bc3ea815c4fd06ad55b5875f1a5df6d5a80a02 |
| SHA256 | 098ea41bbe4d405da1d1fae7d028d4cc006e75445dae7c7152c624f726d15d83 |
| SHA512 | 05e1a60be59a2c459a8b98053f11f4a63c62199435b07a7bfafce7f223736f01f5fbf9785e4fb71daa2e16253a070ea0eae804b43eb9cc9aec734d44fbb467c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3fa4bf95122e0bd324d664f67eb89c7b |
| SHA1 | bf52c6f8e87fcf22719710f1317ae29dab85cae4 |
| SHA256 | adc6c0da32b2a924ada44ea51504db452b8b9476360c8b59fa64b3cd9953b0be |
| SHA512 | d301c1d95ab52d37689199123378448bffd56f0d1be8f823dcc0787115e5fc6524164f71efd447b6938e86097ac1e563e30aa7bfb86f202d2ffc0afc0e972068 |
memory/2612-2196-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1d315f958e28abd20c416b9bbb09635b |
| SHA1 | d77e93332cce60d60afe75000286557a7ddeab39 |
| SHA256 | 99e4fac496289eb0723d8c8d7e2db5a1f6b74d6e4920405270c61febf1f745d6 |
| SHA512 | ba0a3034504340518c2fe1601b33867d0684c3e50293a691476ccad50515b586ec8ccb17292b0aaf8fab6b2deb161c3f5771e3e82e02ea17720f5f727e654028 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9c804ed42bd21da971013ed0c0b323c5 |
| SHA1 | 65f2a4a6a34ef512e3c220653c305b2f01c0ae24 |
| SHA256 | 81ededb4d1f85d647ccfa2eca17323596e4f5c416b4f4052dee3c08a27cfd2be |
| SHA512 | 21a0257901cfd81d1b327e57bc13148c447d4c08cc81dfd742de9ac7265f470ba2efb40bdccc983444404c14854a75dc978f4233bb8369c1ee74240bf14004e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f4ef3af98b467f2a0284cff1bb5cba7f |
| SHA1 | 0390a96351ca357a646b7c40abe029165290dc41 |
| SHA256 | 01001f24902fc91cc63be8a6348d6e55f61c47806b4125365f0ecdf51c82c71e |
| SHA512 | 05cb18c7db4ff3128e1ee0cecc00fbcf12c3af17eb75a5141b60db3087cf1ad031237bc1b59c92fd4187b0e2351b956662b6e5e5067e4244b3427fe939d66f4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f9a34abf23e69dd5d638548ddd6cc68 |
| SHA1 | 95843fa672bb719f5cf5890bb74b02fd5b10e790 |
| SHA256 | dbec12f2708d8f2b7af1911a4cc90ae79688f52cdde54c18e1c75c6f030d8722 |
| SHA512 | dbe9d8adebc887bc47629d2666d2d556bfb79218e55d02a2049f468191f15a6e4979086ce31eaaac3aac47263ceaeaa2003de533cbd2f458298b79358dde0d69 |
memory/3268-2315-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
memory/3268-2336-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2fbb048b70868327268ba6d2c8f86eeb |
| SHA1 | 2629e47c2458dc933b75ff6ecc14cfff1d94a58c |
| SHA256 | d3797600ac6db1c7a3940be82fd4fc40a64ee1df84668cbea431335bb1dfb4fb |
| SHA512 | 26d92be00bcc0cfe4336cefaa2713411b1bd80fa9ccefef164c9b814cc1405880ac96fb83912db1ae436d68184896c2fb07ea5cba14834684f7f149d6a7b7b26 |
memory/3268-2423-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18c1f7dba7daf64adf2ce7d568ee8017 |
| SHA1 | 201ec8532094b4d0097e1f728051f8bf15fa8a55 |
| SHA256 | d9ef323140cff1c3bf33be03efddce0c6a5d7ad16e546a11d5b0b2c6e7cca690 |
| SHA512 | cc637ebcf4cfdb85a28554f1d2c38ebc7fd853c38a2849a86586c3bb883bc053d2dce620801a39af44b29e96f06efe931bc8888edd9b933a20d70e9cf12b5f47 |
memory/2664-2433-0x000001D370170000-0x000001D370171000-memory.dmp
memory/1644-2513-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2322eb01a547ec4e825ee8ed5f975858 |
| SHA1 | d67adbe6afce0d2caa1441c20a566928d38cfec2 |
| SHA256 | f6af73af913e0854b20792b6b33bb77588732873d715892ac94649650b0b20a7 |
| SHA512 | 47ed522bb17a3778a93088ce482c8d2cfdd64a80023a6025c1be315829ae7e7ff3185af3f4290cfd763bba27166ce48795f877cb72a196f8b9467f736492d7b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a908bf2cb07ab0e7d15936927705ebd8 |
| SHA1 | dc1096f1e7e0df0f2bd919ce9c05e9f4d5d3b7a0 |
| SHA256 | 1e82545eef6f829eb56ed62de8b35b0a1d90ed87af312a4e9424972615520a9e |
| SHA512 | f364bbd47d9b3c38bb4b9149f11f19912684c266db021212079843ca809d1a127bc85b39d046b833dd3de3e15bac778f57999ae09ff552c2a958213be28caea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0449e2c011768ed39c5a70ee4e7c4146 |
| SHA1 | 2a32908c0b8ee78656c51235e138c4bccb2c76ae |
| SHA256 | a7aace791be6c5bf48aa692f696588c283865e13710d96ded070dc8c7d747a47 |
| SHA512 | e71f8932db145b13b78511070fd7aa24f61d03bea64bc2dd8d9ff615e5b409689a92cd2e1e1181cc8da64556070ef6eb033667012d59fe5f0415385ceeeafb54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8335722a1d4976e91647fa0d04f4ca18 |
| SHA1 | 25d48179714be1610db07c7c1edd8c1aa2b3e800 |
| SHA256 | 47cd24d21a49f7bec6625c7d044bc8596ab68e383145850848bb187a986dd3d0 |
| SHA512 | 8e447fe131edaf2e5b6cb3ce5bc5f1561d669069287202dba2aa6bd8ef6b84f5534932e725041f27bc0df6c99738de892a3e4622b2f5ec5272545333725b5ce4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8fbf6196b221d3502fad829da56263b1 |
| SHA1 | ea897b83f097f657e0d4a864bb66978f99b1fa63 |
| SHA256 | a55c2bc455c92b0a7e3363fb188fa4a12eb7d2e929a4e45d43ada8bba7b4067a |
| SHA512 | ed2cadad92cfc053507fe44bfb49e2c14fe0e157ee9e91619e955b946829fb7d98279d59a2d3e39649e2d0d679188ec1bd91c599951cf607db14414c134497c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 86a81adfab9a3f0c763bb753b871f7e5 |
| SHA1 | f85000d7374f12f3574a36cb6618a4a8f886ee4d |
| SHA256 | fbed4da0f2139c4f0dea7f1da1fa0b4ba7dbf10599d1534a918da726e343e612 |
| SHA512 | b3ec582fd1a6b1275da156b20ccd013d48ad7672ca4b1a7da9477f8eda33d117f5f5465970a6d1f4b0c0fceb558b191b40265266c5df77ccedf0f2389c4aa38a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0056bf60890b64473da0df083b96cbba |
| SHA1 | df5e7c08fb4a5961dd9f37bed81ca24dd6e4c356 |
| SHA256 | 949cd6ab511cdbed36ad586ef662169f5ec14a83086ef0de9d1359908bddc8f4 |
| SHA512 | b7bc28fa8fde565e746aeaed85f411b9c811c05c64c4dcb14161397584eba1cea5e7e12d1bb0011ae744a6dbc94734578b5aa8a9a65e67e2777510616b0cd1cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b37a82b167a5725856b2d7120a822c9e |
| SHA1 | d6c4825782d706ff95e94144d2e66db115fbd1ec |
| SHA256 | 16a9f0a56d8ffa1f25163a79f63eb3713522aafae14fcb84c0994de52490ae41 |
| SHA512 | d94d90632ae2f3691ee5512b501838607d0b795cbe89b6030e0df9059844b8166f3054963e0ef59b381b76e2840cccb9c5483ba64d309396814e9b0e4af7c7cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9bd87127a6d809a5116a6dfb427185a2 |
| SHA1 | 21e6cdee0ce8048a621f886c74dcb14c7b4def16 |
| SHA256 | 1313d94e86ef0a586f5db3b1873aa728956343713cf170332d2fa3d30b866e3f |
| SHA512 | 4da31a253c8646c9caf06e703d9d68ebd044010b8d47ec44573da9fd0f5183ba5e746a796e5b81e2d7758d187ee48e936c1109848a0c5f1e3a6c437971cdb0fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ec67c7bc7296431dcff91b01e6604bc |
| SHA1 | 6b244273bc579957ac6280b0bfbb6b59c707e50f |
| SHA256 | 8ec382aecb8d18e874fbf0bfd841f4ae6cb5e688d55374057f1dbbf9f023feb5 |
| SHA512 | ab12125a3452f12988a6dd76578460dd0fe62975ba69010e458225f4d559cacd75683445d40cc38647b4f25e443824897828b8f05fc0aa7a716558ebd9aed2de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07526145ca693617752c537e0b18e38a |
| SHA1 | 3ad7b107c7dc5052c4caaf11a2e20f84d0ba14bc |
| SHA256 | 8fb6b8d7ff11089e239dcf8f567a85e70e7ff7a84581894b680ceb72e8de67bf |
| SHA512 | d3b85626dcecfb25d704e444a3b91e3a8f983d2a2689235bd0ff29cc380aafe1473575f1fcaf4b44e18add2bbe129c06195afa53ec3574ed25c6f531820a6a6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1d058ab1b38c6f4ef8f81bfc56eea5b2 |
| SHA1 | 08bf41b75799adb1db0aa3346b90ddec115f6a56 |
| SHA256 | d2831741f94466bb76385d3119d1c1fc791909e5da9de82a44aec9144b1b1219 |
| SHA512 | c38a92a28846797e9e6a7df231948d631cd3fa5efe2ff7cb1908296d3912e5e936acedc9a570e5cd154ffd0847c69bc8e371e3d21369ef97ce890a1904bf31cb |
memory/908-2812-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77cc00f083669b8f1da76a830ae2c503 |
| SHA1 | 9277979b988e83a5357a9c37835f8ee90ce6ad82 |
| SHA256 | 981bad89b168320e4818491a29593e057e533e00c47fefe55222dff0aa636d56 |
| SHA512 | e64091d8a26bbb37cc60a253c72db5a5b7e5c798624c280646d6b699824f2c37fdc9fe9b77aa20199489df369a0d27944978e6fdeb91cf631320a82a42be5a61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b1083017a986f6e8b1c7846d2c8d355a |
| SHA1 | eeaa80e39a14ebc2e607d8dbbe5ee9a2ae32b4d6 |
| SHA256 | 83ca72ddd4ea2bf95e38aea201eb239fcfd2b6222ba91af3edf52d81e310a0a8 |
| SHA512 | 4cbffbda8e9fa353ae75fc309456ebab4fae933813c46d9e1e277f2d89b1af6f3752ed536c3af56763ac379b0cdc80553a5db74832b752772514c592b128db6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b5f3fefd073cd2ac6e82e5fb39de8cc5 |
| SHA1 | 9c46bab9e7659422dfb2c742c076c36b7d0a4cef |
| SHA256 | a0cef20708ea47aa9830e0c721ac3487641fa1c6db8f8219bdabadeba5f17716 |
| SHA512 | 7742300200d14596ec7455bd6ccf593630fa9b61800bd8858f63c75b118dccba16b31f7855e8e03e7ab90280c285252574cd1450b1d76c081ecf0f02a490c13a |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
| MD5 | b18c705b3c68cc49d9bf3649abc75c24 |
| SHA1 | 6dc8963dea0f3185368790dee2a346301b4fa24c |
| SHA256 | c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa |
| SHA512 | 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4dbc3a9493b307090a166c09ef2b2703 |
| SHA1 | 5c2e2b7e2bddba8c9e329c7fa80d96e4b98f520c |
| SHA256 | ef05e42cf2218da9090b2056abec0d12f66f4b87e722ed32d2522870e712c2a9 |
| SHA512 | b9d016cb55c72d2ba38bf9b982c945c5e32400ddd0038d90176ef96f67f6501022b4dfac90acecb5cff46782309a8f7758430f09ea0279a57393370ba8891458 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d6beb394a6c81d81c0dd80d6a9b28697 |
| SHA1 | 2a57033c2bc7fe5ad4c05c4f8767eb767cbd72ac |
| SHA256 | 2fad23a69227f5b8b7a65a8ca18e38400c25691bb8a0caba21e8bee2a038e0c7 |
| SHA512 | 6e711c5f76f2c78336de577b6f51205da38501d41b023af70a3488619dc39ad71265fa34062d526e2afb65b38bcca0ee3227ac0024bb6edd21f9f90d955813b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f8084421f68fba6fa9a49ca5fa93c68a |
| SHA1 | 94410e5a9a3c9ed3206085d6a0fb05eb9ad3421a |
| SHA256 | acb80ff5e3007d936cf75692514980ebf0f892579349b4fd757486da57d2a60f |
| SHA512 | 54e6c2c2e3e6b196023ded07f1a6b7f9a99a940dda56992073a8d9795b0788851ccfaed907f64e980b6108add0f6e430f5827fb60d12cc254eaaac410be8df75 |
memory/1236-3088-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
memory/1236-3109-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58419f0a1db6d4856bbf6b3e36073101 |
| SHA1 | 5ff4e2b1598f8342111809679240ec9d6c7b2def |
| SHA256 | 3d4e95dfee6c2aff09f4a6dec0ec40c084742f90b98fe1f8a9590879fe705b23 |
| SHA512 | 7e9dc5eb3bb859070fbb44022ecca5a91657de2af79639e8715e50f47f057006fdaaecca596c206e2ef9be61864eae6f568687292e5b6a597d3dc8467a0e28c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54592ce537113958a79126744db96d29 |
| SHA1 | 0019958048a6cb956b269dfd358138808bb1aff5 |
| SHA256 | 6a37fa21d5a95e4bdffb28afe7f0470b5b5225b9373af0e30065c5023f2ef476 |
| SHA512 | 27c7da2bf60e89e3e472f81ea693ecfcb447b2a4f80f44b8faea4dc6ecffdf84d326224fbddf3f8bc04862ba337e8e880ca1aba3b76505afdd697261df441c45 |
memory/1236-3186-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
memory/1412-3189-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e181391c4e7c3f4ea1b59e3853ae181e |
| SHA1 | a5005c1b05d673c19dcf31cc49609272f98c67f2 |
| SHA256 | 2e32efe756e2a42841abeac70f369e4c33f517a3bd959a71b369917841eb95f1 |
| SHA512 | 87014a12e30fd296e152b040fda25743e22bbff0338e72313610a73230fdd1f0fa8c0aadba08ffac1e9549eb5adcdcf47c648471c8df912dad23d041898cb174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b347924194403c2c15af6a81e9216a2d |
| SHA1 | b45707cd7e373d251ce0370fcd1dfb377f38c207 |
| SHA256 | 88128a809501d4063c64ef154730a236c65452ef52379b5b4a80545683c6e5d7 |
| SHA512 | a6d6c3ca2b4a62468d8c9c0591e3ea437b61788c3cfd33fa8d1bcef403d2e9a1ba955954c32be4a53654bdab1dcd113c6fa88f8f8c3ea42f40ea0e723e998a82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bfe33dbf190570b4ea6133158edbb47e |
| SHA1 | b2368d696098b960d930bdd44d4b459a31555abc |
| SHA256 | 0426afca87ffb3db7b43a4b0e06ce439422bef0501ce3ad1edf06aae1d292bb2 |
| SHA512 | 7f18039319b625c6c9b26d7dab8a25054e93e6e3dca5998f17b2e2ce3a6128ab425bfed11cd5156b069aa7bfc01d28f6bb69be3c8233ca706185adb23ddd2df6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5148929eabaeb3eb5ca7bf2efe22f640 |
| SHA1 | 6cb0e695fa71c7d8e7c70e6f3dc2ce1896b11d6a |
| SHA256 | e51373a56b2bae32c1ae410a1f8b1c90fb2989de1a134d2a2c26e67d66c4c89f |
| SHA512 | 654629087a2f16a3e748fe025356c54168f314af42e25ac86973cc7cf9385de51a07c06bd7ad5c21095efd6e01f6715a1f1ef55b172bdfa9d9d1a69ff88b63c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 937c57856c758cdf90325ca63515e26c |
| SHA1 | 86147f78770cb705857b98d95d5e1bcffa10f1f9 |
| SHA256 | 54d076393fe9f85e0fd88cc403c080fb1c81889312eab2a5ce3cee65081b7b63 |
| SHA512 | 88697017933bc94cd9b1c8aafaaddc1c3b510abda1ab118ec7a603fc990f3a324a075d99765f997c665001d194294c2b66b78e318b69bedb8d6813421f6484e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea52160289892c1ca4b3f555bfa6a9d3 |
| SHA1 | 4e4acc3cb2afc95c31f2745b58c1e496a554d992 |
| SHA256 | 7dcc3f03d37d8ab29bd3c6285c0d29445b4cd3d31babaf4d2d4fb1a7383fd33a |
| SHA512 | 1afaaa8ddc7b12926b2ede0e0824b53be02f30687e10ab9c39cec97ed420f2edf464c27af9b9dec729974d41f49b3e29a9e5254820eab4758b762984c5b9494a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b076819652eba327c0993efcf746d6c7 |
| SHA1 | 57f18d00cdfdd2330640c9443864fadbb3ec3126 |
| SHA256 | 42d3117723d82895e206669d76fecaeeb420693c983d556d1e412e224604d7b5 |
| SHA512 | a08c2cf5bfd69cae596ae760c5257508ac97a9c924048acfbcc3c7e4f9a3e3933670acc4c05142fa5e89195e6e9aafd4b469a184679925c31042a1b8a15a1ff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d8499e189e4fc91b608a16adcbb99e3 |
| SHA1 | f40f00c2bd199cc28926d96339b50a24c76f40a9 |
| SHA256 | 353521a54838e000158c164af184c03818338921a9d39077743c929bda6f48e3 |
| SHA512 | 57d6f9314d2f824c351ba2d675557bf119c657dc749fd78e1bf348e08442265622e2e67d58be45aa814b44a18338669cbcddb7cd0f0ae49d02d951aab3b95946 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3ec9348314d53aaef8ca41af5417f2d |
| SHA1 | f52a627c422a954ddf6c4021026aa03b3da42258 |
| SHA256 | 16ab4c231e35943a4135e9730a07f3dcb4f16f71bf2138af44cc0c260637c325 |
| SHA512 | 7f61fe920340b21c1ac07ec1be2ad1ee6e89a09341bcc1af5a1c7b73e6345826c39ff4acde8bdd885a32febfe6379598c651549263700ae5d4fb6000e3b5dc90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25b6f66fa977f33c0a0c5af7201dae90 |
| SHA1 | 97f114f9c22c9d6a073056d0f0b2570328bc5da3 |
| SHA256 | 4ecbc81b2c2717708ff7f7949330ec54b323a55fff0de1369c188441468e388e |
| SHA512 | 166dae04a8e771e6147b52db07605d8c5a2b61636ce093c925ab1be712adf57531bd27776de3f101dff94cc93c6f285a2b9d74fe41193f8961c9f61274e972c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b12e44a5ab681feb201539641b7eb2d0 |
| SHA1 | a3cd828c8b0a6c3190a7754e8d20cc0644d97abe |
| SHA256 | a1905d4f871115100b54f55265627502fc059b39ef9be3a8e4b4489aac16a717 |
| SHA512 | c0f9b9e0d2e676d44505ac0cee3b741692dc6f7f6f7c9e7a7e0fbcb0abe91888b2ab2f47c70faa34bdb79e192a12237f7137d50896949602602077945643bb1a |
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\AppSettings.xml
| MD5 | 431a6eb20932ec1c56682a1f60d231d3 |
| SHA1 | 40bb32db040cabade103c21ba5b6f811dfb0773e |
| SHA256 | d5de39863fe721668ce1e115e0fc55a7c733747daff6235d27dad3d160c84dbb |
| SHA512 | 0969b9484bb7c661d4e0452ff1c77396796333904b39f24c56d5a92ac4ed4ebde9b8981a985c6950b4af2852e8d9599e071a51ce4f9ef21ead778a2fdc76fcec |
memory/3392-3399-0x00007FFB45B90000-0x00007FFB45B91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1324e988e898a8a93520532136b13ebf |
| SHA1 | d9406a6e97d3d6527d6bae2b3aabaf3021c265ad |
| SHA256 | 3da375111b3c0d8ba5ab2f73f69661bb53ee070779d3afb4ea85c5548861791b |
| SHA512 | d9c51df9d2ad96eeea9819e42158bbc3dce2b417274cba1eea9d9337fa4928d7fbcd341c9c646fe82a66cfa1e92cbf6051a96b8f9928836a90c1aa2a8afd8b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9784c96c84e505674ba97c4a2b938b8e |
| SHA1 | 0d4b07afd6190bd398cf3ee47f5814fbc21e80bc |
| SHA256 | 4b51fbec3ee8a875975b3f968f788105ead57ad885f67c2e4ca1eeaa5e0259b2 |
| SHA512 | b25aaaed81910b8c93c57ff2a759943bb2bcd50af9038f2a98bedb21f741b780484e9a4ee38f22bd0926d0f1248eb808a3aac58e0cdbdeb060bb95e7ec3b5a0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4faca7a8bd533d7a1a08f0aa2747fe5e |
| SHA1 | 4d6c9928c8f86d030b907216a6495ca69c552064 |
| SHA256 | dfef553b30692f581b08ce9e6bfca06fe741c02d8d6e3d1964169617dc4bf57b |
| SHA512 | b9df855d5cee95268c64c4b0d3b811a39b3974ba736783ed4513dff7ad51e17caa1eef5f49cf17474f4fcf52f61342cf96efdab348de4862e46cd18c85659c3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 173a0ae0a0f7f5e467a1c498c3cab864 |
| SHA1 | 724a494fd7a0306c2cdaf0b0acd5cdb4e6f49822 |
| SHA256 | 1929a800f9942b9ea7a01aa2145006f7a3fe5f0ac6f478494a8c72451fb6a3d2 |
| SHA512 | e43e522f977816e4df7885a4498bb75b09ee8262e534d9d1234a6077fe6caeada973f3059ba5eeb4f0534e665dc22b18a0ec885d1a8196cd473a1999aa0ee839 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3eb978657659d789c43f57854bec3ad5 |
| SHA1 | bf8f86b53bec87db9947b7734d1b3a9be5469bda |
| SHA256 | b47dd9b409563307b42e25f436f9cceaf5149bfa6f4a102d02f6628e69356ff2 |
| SHA512 | a8c7dd527c817d7d857ec3f359dd6ef73acff3c8897ecb704b8b894b21cba6541e9102d49106dc11afc02f98e63b7a498ad0907dc396d2f678e42ce9916fcb0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0a332fd141d18f56a4c93c7ad8965519 |
| SHA1 | b859f579a492e2b1a1615a721bd8f7a88806f800 |
| SHA256 | 588f84d3cc118d92bf58116ea0a0d12bc7cde1422d523fa162c69f0c5e36a7ac |
| SHA512 | 78e24632e29806ada348d5172d8d5e816b1e593063229a803fe40424e79f8e0c827df0c2282646aaef1e1f306b4c441393dbd514d28a0b226f01d469d2db701c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 68e05f088746d7ec2f4c96cb5c2abff4 |
| SHA1 | fbf2d5f617d59b2bca8b34fd8dce8cac1d6d8aa8 |
| SHA256 | 2ca40391a761c80b08f92a6893569329f52a48506f47fbc321785bc9734084d8 |
| SHA512 | 1799f06402db71fdcc31adffb78f8287558a659424593830f411c6b5a6a4a24c6e61c25e9ed458832bbca3ccca494266296cdea30534c73c85e1298fcd0ca9b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca8788204778cd5b15038e224f7bde5b |
| SHA1 | e1e5ed11b8e7333aa46e64ce63e81f9e926eb054 |
| SHA256 | 50a4588b1b5f9c0f729fb4d935890e36724d829000048ab67d26879b6fed84f8 |
| SHA512 | 19c37279079c5e2b5463d3db69ac09d5d256e5a7265ef285f651b3ed8e341e3ba11e859aab8a581d04498ac01f24d86dfb14220a38b8181ba38ec70556db9511 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4663325fee0848985e8bf664830f1f76 |
| SHA1 | 84a4004b864b4ca232316f49d0b98579a54bab5b |
| SHA256 | 34d8e4f102ee5fd9237d67b6412c3c342eb44f9500bd8ea0782486584e71d311 |
| SHA512 | e5241b33f852b25353a380f211c6f268a88eacb89dfd8dc0b607b14f5b184297fb61071b2ac85cf8fcdf7a1849e488f64b93778a1157997ce03adf939059d903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d769d118b088f68ee58e875d3fb3bfb7 |
| SHA1 | 3fdd4a306869644b706036619e7696d02fb291f6 |
| SHA256 | 9502702c1db34369a5c9a4a9ce8bd02c12ee2fcffa0bc9141e8fdab205ee0d38 |
| SHA512 | dcb3f08cd2c64f009a69a0bfb524cec422018c58601d69c08967520571b7b85696f2def7cf0fb8c5cef73d2baae060dc56e71c435362e5ddcd401e6126e0d340 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c5c399c14a4d211d60f13be02d773b2 |
| SHA1 | a195da257b45b78e697bca5835a0e2cdc42ed80d |
| SHA256 | 1bb69a714d12c922b68d5f12bf14385e8b64feb0deb71a5be5fb86525a2dbada |
| SHA512 | 22a8cd881fbf46ad29989650a2c1ee06d7e8c21b4296079d1bd5b759b56e0b54cc97dfa13eb242a68807ff8ffb5eecf29ebae60067aa08cb9e398e6ab24e4b04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26cf2dac67c045f2663c3793911ec094 |
| SHA1 | 127576c1d208c087d77c6c9f5a5ace2f25dbdb2c |
| SHA256 | a151ccdc62f872b3959810656e3a81490d26cec71734fab1af35016763e084f4 |
| SHA512 | ae96f832ce504c600c728da0bc74dca90cad99d38cb18b7b529f9b5a74809c41c494d3812fd9744694580c66baacc6b0913941af0189b8c0ef5e8bf9c6ad9d77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce41ddfe-1c06-4c96-9cee-530488d3551b.tmp
| MD5 | 1c26e09a2977228113c325ce26ee8e4a |
| SHA1 | e22fdab224cfbe31199ecebcde3c7b176505ff96 |
| SHA256 | 3915500261f6e4abbee787db03277163f1766cfd424cf4a497a8f1a1769088ff |
| SHA512 | aad7015fdd8e5acc02d7ef0e2c0896fb4d7cb02e010c208fb06b30a3266e63dd3fbe22a61c465f010447ae5ac2bbdbe3e8658b7144825d8f45a415ae6e6e297e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9875fbdd91616544b4fe997793dededb |
| SHA1 | 28c9a4a6629b172ae4aa2b345e57a115c10252a9 |
| SHA256 | cccbb95bda84e2d0c56ee7f3077888cd7cd6f3ed493d8dac29775ef8134e5e84 |
| SHA512 | e419ccbdd650bdc4fd56606405078c1cd6f314951e5f208a9ee487ee43a3aad3b4b0bbb087f73e01a6efc8d9e30d6515bd6477506c02bbc6dd74105d7d8683c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff56404628ce36a332e8a01f0337628c |
| SHA1 | 6b9b82764ad2af253cdd61fa3abfb8947bb390e3 |
| SHA256 | 300b4bb6fbfbf519fe3225511c4f5175a1c4c5d03ed2df03c206877f6a4db8e7 |
| SHA512 | 99cb4e6d5403c458417fa8537e59c947563404a996c2081d307a215d003616ce0975e9d39b3dd5b8462bae62ff4eecb911a41a02ae13b8cee37a3fc2715c0aca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0e746c8fe6337c3ec819707aa0f7990c |
| SHA1 | b3a9a69d0c0aa7bc7da6688abbe59e21bb446ab0 |
| SHA256 | d0c2e1330f50301fbbb8da0619452268d2263cf785ee6340c7cd2e0fc552e67d |
| SHA512 | a39ffdbde1a0d8c5ddcfbdc4779689ea9080237b28f64a6ef35d6d319577e197a2a75b12a97c54e9c74d50a8b94eeed607db44ff89346ecd3fb56d211466fc48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 851811e418c17a48995f69a6a84f6b07 |
| SHA1 | cca8439e744cf0830212d4a2d8eb71fa9fe1b9e2 |
| SHA256 | b19e8dcf47593e2525ef415147358f77f9ceb24134f3783e256b45a3d68f44a7 |
| SHA512 | f174ff140de4b57790eab9f3cdc3ce1902e212d59478af4320a25a061b853a136ed447edf55f7b15388c0a2186f1b303d78059dd8aaa55e2c569422998972e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d10b1f3fd5d96ecc7d3836871e822978 |
| SHA1 | 5284eacbc0ccb40059334fbf19e38cb312789b02 |
| SHA256 | 22deb0d80bc5731f6a9f28ab3fc954286cf2d953c530aa44aac99d5a9fb04e4e |
| SHA512 | df6034154f50045e96c1e16ba78da347b3b01b5af3701412be4e844ce496a1cfa527702d333e91b57455a74988c0be1cf35c08047d1afeae2a895c6b71e009c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7289b7a5b747ccbb1379f133e2753bd5 |
| SHA1 | aa0bc9647b4d0a2a7b1792d1ab73e63e97363e8a |
| SHA256 | 31b36393a5e301e2d4c5fb36cf294b4fa5dc80366453d5014810ed10403fd9c5 |
| SHA512 | c736a4f5286d839f9ec741c9863ea63e382a22518f7d1de8c95d786b1d561b69774b682ff98dd007287924d20eebabd2fbb6cd057a0f9b51f6b7303c5658925f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98d9e54ca5638ac955e4a9b839c9f0ca |
| SHA1 | 81ecb18ac0e3c33165adc75dbd381625048b2a53 |
| SHA256 | 98173bd8cc5f87fe4e18e8ac628e2a7548404c71c0c72e71838431c6313ecce7 |
| SHA512 | f93e6f961ac70ce0a30685576830d463fc1c649a2aae9724b1c8ab967252374f05951ddb09fcb1e33ff458b129fd9c57efe3094cd380f00cab845695a3294c66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d442a380b409a7c0ba609536888d9e40 |
| SHA1 | 14fe122784725c61ea13f578ffac45c4268ab7bd |
| SHA256 | 9a503c9e4b645845b0bc0672e3aaca7c1b25c367fe3f19910a150eea51af1de2 |
| SHA512 | 5ec2ac586c3c21ad476e24ba48c82743e7ee04da41bc9f33fd78512c5af8c141e881792b631dfc9c8dc5f75604d0865c256fd37b94e4a30e21c0f9fbb4877caa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3afddbcf9b7dfb64071bcda99b8e1256 |
| SHA1 | c5acb6460a7d5d83fa5a9f92fcfc41aebafa464a |
| SHA256 | d5c7d2000375bf5c795420181291e1592b62208bbcdc11ae11a221e1c56ef960 |
| SHA512 | 5c1ba21253b12a260421422efb5a95136412d6a8a92203dd8e238c502c28bdb9e324e0a97c054762baff15b5f397b5158ff60f4ebb510e20b6b303f80ef44e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d11b011966a23d6be0de5ea292004947 |
| SHA1 | fe0086629f09a74d4c4fdbe5cf3dc76807c02895 |
| SHA256 | 694f75d20faf46d47f39bfc57e323ee86370b7fc2b86becf6ef473c5ec904229 |
| SHA512 | acd44af5f29864884718132ff0f22bc85f5b11bf5b591444b2178c28e4fc2d041fa551f7b0c33aea2be495bb7eeb4a1dec071cc31a57eb33d6bd3ecc1aa8a593 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 42a1e29d850f0cb1046d9f491be7ad14 |
| SHA1 | 941611b07e625d5c64a48cfd1aa9acde9c3d7389 |
| SHA256 | 560030902e288a922502e5e321d758b480a2ab5564503b91333578bf6bc13a7b |
| SHA512 | a9d187c5dd24ba6fbc95a58cce9278d1eb0304da2422464e647e70c9bb444ee6c57fa8ffe4199bfb002b6c5308127717040644011a1e01b6a3b5f682ddbc5a89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15ae16c375b81069a16aad80ff60c123 |
| SHA1 | 8e85da76e3a512b4d7aa5b3ffb37e2c2da988045 |
| SHA256 | 6367b6ca9cc888a13ef5b21e6c384e11045e949bdee2cd08b05f2657d60c10c8 |
| SHA512 | f4ae0d27fbb7b322aa99796a5cf01bc684ee78af3c93471a62a5f82936739d70fa885e9331290a7950b0190cffe17bc5b293f2ce743cdadd60befa857ebc18d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f73e09a56704b50ec34eed3a24a79057 |
| SHA1 | 2beacbfa505a0fe84d5ebea28c7c4763b367590d |
| SHA256 | d3547fddfc439df7fe1056b16e230840468d23f3a2cbdcd8bbe0dbd98bc1afec |
| SHA512 | 4fc9d19ea42ce1a7b2d8dfd087bf18685067a047d7368ee1ad0e549288cc2087d7447f249e4f7f4cf6419d0b4c68df88f4342bf8e6069ddff38af638faa6acee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 27e05183029fa4d638c5c2b7b43a8403 |
| SHA1 | 868aeeaabea522ed011448202a1fc068d5117891 |
| SHA256 | bc80945dee30f8b7d4065f65991040b056befd51665424b8b8316eced88c2a13 |
| SHA512 | 87f4f65db923f0bf7bb4c978c8df520bfa77c9d7af4516f519dd844a0242a4258a7573929a171c0f61fb155c15547f625a81b25e0b082ee81119c5f3bfedf300 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 033a0113a57681b2eb100d92c85c46de |
| SHA1 | a4c26d641cfaabd2d3d68aaffb490c8d2705a16c |
| SHA256 | 4b859303ce3d864da9063db262b951ce675ba68b5a559bde1f45c0dbb31f11d5 |
| SHA512 | 6f85220c7e8516875c40182c81817779b5c172ec6a79228f73603e0b5062025e4c9efde4476d091da137a4bc3d39d1dc60b895fdf0e3dd45df4e4e69535e2608 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f0bda4a9f8d9780d1d772d44af8b3e7 |
| SHA1 | fc1aee2f90e2b6e37139cdb0551c0e468da0a2a8 |
| SHA256 | a7847213b164d774fd0e383fc04e779b8b0d81cc92293068e993adefcf69b346 |
| SHA512 | a2337790e3e20af095fad211d6a845c932296236aa9f1af9eddbdd6de30840c02a39760af594dbfcf07fbeb9a6049257abe88543d1ebf7411265b29e4dddd84a |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe
| MD5 | 09fc5490d32c867927e960f673911ebf |
| SHA1 | 2ecbee3518fb701959d2539a88892391250dc010 |
| SHA256 | 9014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6 |
| SHA512 | cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58c2606d5ff68302b61f970e5e1ce4d0 |
| SHA1 | 06aa712a4e487788ef04b3cd97463db3261dcd3b |
| SHA256 | 225609eed03976f6412ee9c741502a7b112e584911570f0fee05c4b64ab67bdc |
| SHA512 | df69175c278f437d2ae294fbb759cd0d95cec4c22d2db26a19e8abd03a05d666e79b7467db10ca1c22343edec8b4df01d209e460df3cd72490f3015a7c129afc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9e0f0e0ed01f9821939543618013920 |
| SHA1 | a0a4259035ef74ac4c5156f03e640ba452a344f3 |
| SHA256 | 2ba28677336e9c497c1a548f71fdb9c7f0f3cb182e836b9f0528e0760d96e83f |
| SHA512 | 2dd6925b10f9a8dad2b9d368a5dfdf7067ffccd9bc61ab9ac4922c5b3e164f0008b9793df1817c0db3af0f4bf3c2510a021c88fc5cfc26880b26cb41e45496d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f604a1b0d36b47851b01f2eced4789d8 |
| SHA1 | 48fad7e189a1d49e45fe3fa3e7035c81675bd434 |
| SHA256 | dbe3b914d9b89e9e22ea9190c1ed8f33515aababb452d2e13d0afe52cf62044a |
| SHA512 | da3e55483f2d286b8ce31e1d93c621ba9ae625273e8f6386d1fb6b68feb8524c9312dd70711b416e653b008307650b519c0ecdf3c177f3c6fcf96f6cda32910b |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3B4C4225-5271-4E65-85FA-216A51D915E6}\EDGEMITMP_18E4D.tmp\SETUP.EX_
| MD5 | 2415cb112f130a1382726afa58a0933e |
| SHA1 | 74ac041e6dc607e476dfeaff2d2bbf2b5c004b5c |
| SHA256 | 85679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179 |
| SHA512 | a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95e259f596721c71763887c85d815c97 |
| SHA1 | 55f02282de937bff3b8b3a45d5e8034ffe1a3399 |
| SHA256 | 9b38bef251513b795db72bcdae896a14c47eab7fa0a03f5ca17959c84688c123 |
| SHA512 | a788fd84395360920f0425139b65d074f31c0e0dfe3c1fe4a497a9236ac41b34f8a8f86ffd101b61d0bf46546f2fa312fc7c1ce92e5cda42064efa0ed1fe05d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dada3fe652cf4a1d33359672fb39239d |
| SHA1 | 0282f628f12a787d32a19d92cac8ea2dabc355dc |
| SHA256 | ac0935ce12ca85d520d193506a70d9fec71b51fa7a66250ce91ce47957390ea0 |
| SHA512 | 73e35d2a0303f185027004896cffef545d429212b4ae6ba5038265ef7466e762a94ccf313a284d7949b826d532430295cecd103a94393826dbfdb901b109e276 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 16c024f02ee8e88cf33a7f35f7ab06dc |
| SHA1 | 5a30924f406be6683f2e0a89ef0baea879cbc8bb |
| SHA256 | 091693061ddd27cdd162aa48391fef0ec5da012b1f79c60646b95836154f4261 |
| SHA512 | 0a93b70a2a06eb81648c6bcfcc4d27754be9bcf87e28ea6b7c4dcc339ca50d32121847679d2b11e5d9d6719ca055843bb69d2d1a59edf1fc0a47cc0cb608d09f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e4b4aea63a21c8f87e0fb64b73eef21 |
| SHA1 | 1957f38ba4187205af7e53489f5ef6db2915f5ae |
| SHA256 | 7c06f1a5c2cb996959a22817900e596b659256e50929f5197c95a33b28d33c9f |
| SHA512 | 2a1517d02d302c9008b437b87149ee5aafecf8d3580f1e47a0eeedb0cb83da9a7b6a8a61bfe38d80892f2c95a4101f0607e5aa9466aae9646db840c0b02286a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bff6c54c8fbe028c2efbe655899d4e2e |
| SHA1 | 3747fa4ae04de5673e299bc3d5cd05cd41535e40 |
| SHA256 | 41b25962d5d183f8f3676e9ea7a66f410bddb9ebc1ee90eda9c9a69e7880909a |
| SHA512 | 4206112075158c5092f10022baa670dc657bfb55972e1ccaeabcb4d61135cc5f86274595a710dbb8e1c8f1ac169775021a26fa9631daef5d9c53ade4d446c4a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d30dd4b1318f3ee3b50d128362ff4924 |
| SHA1 | 198793522c84744d31cb34ab769920b428f200d9 |
| SHA256 | 84d39b5ebe72d0c382c7ffcaf19a88118e72fbddea0f81a5c3fec41e78550008 |
| SHA512 | 4c5de57f5a937b9e52e9220e4043e01d5a467dbed74f3a8b35cc2876533c42a92d0779f0f2a6fc654a87bc595ace2319f99a24e20ffc49bf9fac2bcbedeee564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7843673cdc3a78abbda3494c015bc1d7 |
| SHA1 | fa41425ca5dcec33ee80445cf028169ab4754e04 |
| SHA256 | 75228c20c33b2089edfb9c54dc82983da533fd319ff929b9b1c2a6ba4a9c94cc |
| SHA512 | 6a92d9df3eba4406930e8f26a425c7987a450f07f8f3f8a41a2efcaaf7c7ce877604e4589a4c2a3f7d3c9a1de74339abad25a8c3459a374909252280140eb171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad611a9e139db63f5d2fac96cd39dead |
| SHA1 | 51f6a99d5773379c8f99eb9cc07465390993e9ff |
| SHA256 | 21bc1093031e5e5e0eab2594cb4642ba0a1147f02b7c4733b72dedba68babc1b |
| SHA512 | fba6c2f47ccd383c074b04df84bfb82357bcaa79e44cb1a06d19d5691d6daacf10ce8a2320156d0883d2b13f65255c189a2b846c5443a1f1baaeb98b46346862 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b78e7d5680b5844cf75512acf65f8b3 |
| SHA1 | 2f4a2eb8e3f865b1d4497865d72a007b0b87201b |
| SHA256 | 34881d14c4675979a2cd286e6191108defe5ad53aa3a11fa902baf0647b33f1a |
| SHA512 | a7a23ace28e18db5892f0c238d3c2d7f3f8e217ebe58e3badd45b976daef6ec2d37a438befd38fbb2b44b2c368d6a33d83ba041a6b6f29ef577231d709d8d8a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9979828dc5d6519e6e29b921b59ac7e5 |
| SHA1 | 2c8eb2022aee8b42e226345788d52b2cb38e2a9f |
| SHA256 | 92c0c3ddb4b81ca0171259556c1403ba8f9cbbdca6893cf6f9d3e0f395567ff1 |
| SHA512 | 7473cdb5f100722ada611a33f266208327646cc218026bc7c17548af119a5a21ca7d91abc9739c08821bb58fe10c2d570d4be3fbd92101e132d546656f3e6159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a04167ae65ef311dadb331eeb162de2 |
| SHA1 | 549fdf617ce860507833dd827786744ba722bdf8 |
| SHA256 | 2ef899a7d0c881f9f1e212c7451fdd1e37f09943546c33818b8cd189e38d2478 |
| SHA512 | 58f7c5281689e6fcc78eb693d11f9fce715ddf92ec365b2ddb6049216e70dac3bd1d5b806715decfb8a31aa18479344ffb51808fde4aecd6ab0090a5e4672b45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 169c702b36d46119319bb837a4b77ce6 |
| SHA1 | 79b75b0e2dbe1c0136769d84a993eb656c3ec92f |
| SHA256 | 1173f6666293a7aaf637af5c218d0f2dfd6187d73f9de242dbb482ae8a389a79 |
| SHA512 | 418c5afb496960342a152f819f697b18a246311786bcc019b74f020b43bb1b31e38898cdc82d72c2f19c0442c44c0b42c4d48c8b40c2b6cb1f68d8ee93a1ba12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c40ad487b7b5c32df8177874416fd0fa |
| SHA1 | 3112d7ee0494942ff8bd9cfa2b6401c8dceb5f73 |
| SHA256 | f2ba9c38d8acbcd8bb2880adabbc5c4afc96c162fa770f2cd5635a24aff76436 |
| SHA512 | 961ebe4954ab6b09f22498f0a5275913cd44fc2f406ee9d03743a8648e58391b6ba44ea9cd448388a8a02bf5a7584ff0be6886dfc4295cc114102254eb88652b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c021b4b83935539bf55a6fc3cb635c6d |
| SHA1 | d91e17635e7d63856d31af5f8afbcbd8638e234e |
| SHA256 | 7a7b3197d26051f1136a5b0ab3e196539266eb32f33ab50eed30e8c58567c108 |
| SHA512 | 8d2cafedcc035b210101c092431610061c75e5cedac4a890c790008e96194e5a45f0adf58bbd435d08635f43837e8bcf040184e535e41ee172e1dc406cecae6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b607164cd6805904cec50734fe999ea |
| SHA1 | f855987353badd95379e6c62b386f4514df3d1f3 |
| SHA256 | de7a30a36d77cb586bcc9927605eb3a04452d4044229050d23ff26a7bcb32c77 |
| SHA512 | b4e628bdbece86d7d6e62ecf58cc4dcfc13393b72e65f28a5a55bde800a34f4b1950def45efe511fb1aa80fd35ddeb6f4a95a309525e5375ea890075bae7536d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1e8f0ce5372b5f21ddfac4757910c86a |
| SHA1 | a809c577537f50d23dc60ce42e1f486ce9b495a6 |
| SHA256 | ba360812af3604bfde0c03c4aa370caab728a6f9fb862f991cef8d11e7633715 |
| SHA512 | 328d2b0d4de3e146e2e38ab15e63b70d7b917e7ed9e70917c9e9c803fea8b882e2a5769d428de703973f0ddb672e87d5b541034cd42bc4c3d36c8d492b813174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6afa9cda49b70e66152dd5f4c77f9e58 |
| SHA1 | 4b93ab3a9c5f47f66d20264d6f36dc8dfe25ac91 |
| SHA256 | 2a83e6adc79ed3d2ca940ae3291858b93d5afea4cd9bbd027b7232b737ef1e88 |
| SHA512 | a40c4c9e5f3964a8e9c877c4f5fde67bdcfbf3c139538d002d5b55b64020befc97397ddd3f7a532c1105f8130228280b498548e10ba40e2e069373c4cb793e75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1586f451f4072732b999a54fb2f9d6d8 |
| SHA1 | 1399a1890e38beeec9efc5887cacb5f5684dca2f |
| SHA256 | 204bc603d8f8fbc60657bac301bf119bb922df8a0b73b2f8efcaa9a0a3fa91a0 |
| SHA512 | 562e31cb33cb8f0a0bdb37aa5b75ed120a512cbbcb0c25daea92baed4cee2539e2cc3033000289dc37309f36ffe90d9b094988e8237b93a054086404aa447c04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b17e0c5ee3c1e9382203e9fd915f8775 |
| SHA1 | ef514b6f104a6c9892bb265622c5da5ca50494f2 |
| SHA256 | 29809e489e890d48c53b19a27064d53cf88d7b52b9a8bf1a93f7e1d7de504f83 |
| SHA512 | 29ce5c9dc8c818fc6b6f9e6b4fbae3a4de9eba738e4178c98928a948e7d7bb9bc8184778276db7d41953aaa4cc45f681dc4e3f9635d8a353637060e5bf2ad437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7474785b19fb683d8723e00e0a9e5504 |
| SHA1 | 6ad6fa012e5c7d96c55186cab222401bb8d20ac9 |
| SHA256 | a495356e8a49447af8e666e0d535b70507f3e384ac6cf6155a3d0476e8e72e6e |
| SHA512 | 476aecffa69e00846d1f16028a6f1f1a7343e90d7c3a5737dae1f74936338509f448794fa17d5fbf39a7619ff025ccaded66e00c97a2b5d941611711ad17e224 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7cc9658532ad03d1aa734c1b58ba82ae |
| SHA1 | b2916288f52b8ab50844aaf405c16d7745b1bbe7 |
| SHA256 | 53d4ea64cab08198b9c4a007f83d177a915090caa668b97ea7d1f817df3a07ba |
| SHA512 | 3d0ae85746df3e58c9452563493fab99c19cd13405ff61adfe5b1385d43f45365769a334e7f59fde8a17aae961ba92a967970114eade0d5325cd03f87e88730e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38df3a784a333faaeb2393d45621a078 |
| SHA1 | d761269a0c4ff9545ba1853c75a69037d48d0b25 |
| SHA256 | 14f180d15d9db1e599f2b57f489b919d3c36d54c0d34734c2fd38d77b1671255 |
| SHA512 | 5c199b778b6ce70adbe2e53f6b1ab14b7c525c0b18392e1cdf1d828dcc6a4828ec574ca846e0a76b1946f8b5f7148186c75430e0e4ef4a971b5f7208485d570d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b48838c1a25c595a91e5935c284f0f30 |
| SHA1 | 5f455dad28d87eac29f4de4f10d13e06930571a2 |
| SHA256 | 9f92ed9acb3d665d55afcd48498398ea98ea37bb198540fec568637b15a2d055 |
| SHA512 | f7ddea97e2005cc3efaca14ae2411cb5d3707fea0e6cef60aedf412686896215df29edd0a92961f76d3225a662ed042355dff5c83d5f8384f61c8c87dccfa9d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b484b6985bde6764c971939a4446880 |
| SHA1 | f568f8a8c0b41791267e75506dfd14545c13bbd2 |
| SHA256 | 750968b392a49ac698220cdb2a0240c39fda7640633615a11c2a33045537fb0e |
| SHA512 | 0b21372ee4b5508e0d540ff754988fd00ed10aa5d73f217859b87ffc871e76e5d6c78fa716f12d47e96b26dc7ca09786e5c30d797b8b94f9b0905ff1111b6366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 14436d31e9456a8bba52aabc1697431c |
| SHA1 | 812c1bc0b8f74d6d295138907d6b794247f00be3 |
| SHA256 | a288fd3021e40a385a571c25291e69114176685775937a4e135f30666dd16165 |
| SHA512 | 2c00131aae51d90df0e5d69623be62e1129a464b459dde98b905765bd3f97c3d4dcbec7387338725c88ba8d8bdea4314216ffc86e743a0ae8ab51d30e604feee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f74e1aa203dd5cacb2b73540b4e75870 |
| SHA1 | d7e56ef8c5b7d83a3a5506a4e8f6850d36d25849 |
| SHA256 | 6fc6f40e7bf2d72037e83ae7a9610638da5a453f8ca7bda42cde95603013e74f |
| SHA512 | bcbaf1160fccb60e34eba9b5bc572d4556c44ea8a9ec222d79aa4d071e1a24fd75ee91712a06c55b9d5f22af77d7d527c01d0230e456789f899d5a5f6b603ae6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b00ef430d182f17eca24dfc9c2fee3a |
| SHA1 | 208cf776979ddb101778d35ba0a85e6ffa0f72f7 |
| SHA256 | 0997da5cd0c1f0f754640d8d748813e8b558d6491c48086d2d00580680f74ddf |
| SHA512 | 9ed09431a0f50218140238bf120c2d6915086767b1112b6e15e90b237ae12944b446955d926d41c1054d782b5741f1f680347f6e497a0b9a10469b2b40bb9d35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f7ecb18d99d96180d346dea643ba9053 |
| SHA1 | 33311a7debbe7c1e2ab39f80accde531d94fe349 |
| SHA256 | a956c693a3bd6370d740556ad7aa3efef9469dc42e172d9aff53f1dc273bd1a7 |
| SHA512 | ec5d34b03036f7d9ea0d82822737a12cdb34aaa8624aeb2d4dc53a8a696643f9f50569e5051e590b127956531b490063b59ba8d49f01650929a1a6548f9f6feb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 691934c3c4d4ba148ab86bf17c2a3193 |
| SHA1 | bc2e4f7688d914e6b83a06f85b53b023af18259f |
| SHA256 | a987b2ea4b34a4f736c517355c6ac98600955b675c09fc6b0592c52be7fbad36 |
| SHA512 | a465ce6d789dc8c3a9090680df0d7e5a896653aab1487021e45ebef0597b451271d025ce4f76a823c3339704af8e87948e4f31038c87546a304ec56dccf5e797 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e89ce11082a1f73c5c16ee493b79e46 |
| SHA1 | 5187daf6153719538e4f8549a2d5344eed295b83 |
| SHA256 | 44289cd4060507cd8004c53b7fab8e12fc5cc3eb08d2a0757eafba7c2b25c977 |
| SHA512 | 3e7c8872064970ca5e01788a43dd81da00643dd7a33efa18996fee00f6eed21799b4af7800c9354c5c33e919be4a3884d4f4a0e473b646a6fedb850ae56e8c35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26302a997901abc2858c8d03766edb85 |
| SHA1 | 83c9874ba18fc90fc22edb7a3f5413a8c7e46889 |
| SHA256 | 1d662f28a47d9e790196e0e90f1d09cd15355f04db32cdd82fb71708ba9e8cb7 |
| SHA512 | a5cd41ef53f5135fe4038067182378eef47249f34807268919e5838fb3f1dac34cdeaf0b25874cb34f70de31ed27f45d29d53b6d7ef7c6a1e93855de9f4a78f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22276426-fcce-4a68-a215-d42a08e0dec0.tmp
| MD5 | d58a843aa86a5d5589fa8353ce203caf |
| SHA1 | fc9423817f23b4af1ba23fd5302cca7877814b70 |
| SHA256 | 202b8e952dfef3e44dd7f2032a4f4e9e7bfa8b77dc54f32ebf74d9fa06a76852 |
| SHA512 | 3828e82ed29634fffe0fe90403b605b60c3fc39fe41149cf49029420547708803d196f9aea341d05fcd5859b79812e9e8eb39c168d50f9c771553eb85ac94a5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 971eab5ac1abae1243a2a7a0f393cb6c |
| SHA1 | b5b1ae7db56ba20bfcc4bf598049284056203a7b |
| SHA256 | 9db2414741d4ca4cc215de68d96484638e9616705311582f829107d34966bfd3 |
| SHA512 | 44498401b1b4790eca6179662954fbcd1fc1baab72189133fb30769b5b55498ef7c3fd8ebc1d5693d2d78117ca20b2eef3bbc3b9706a55862df93701d618f324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03c3b5017335267938649793145644d7 |
| SHA1 | 5ba1c501cccf4b8372e467026bfa8fae968d09d9 |
| SHA256 | b7241f5cde70f353706ccea2f23a9cb6710fca2ed7863a738f874957271b9bba |
| SHA512 | 41bca10646fa5d85613b8742ae9a3a827d936db4cfe219535bff4a93251370bfc242da9408f2d06fb36901fefa9273bbf2e9154769c95ed59c82c39d66d3d97f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3416ff99ab388b0f95215eca684c94f5 |
| SHA1 | 04739abcf01f6cdebf81946c82bd23dc98dea9b7 |
| SHA256 | 50ea2560cfe0cfe9d8c6ed64a76b086513e9dbb99f723e9f6e0e8d5d58d52c50 |
| SHA512 | 58276d40351c6fe15386b2ac19b6ba2c5e7e0b50d73160b61f3346317a757409a6ef205654f447dcb7281718534f26c654f9bfe7d46cd5129bf0905e7646854e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 74efd833a46c5bff163a825bb13dc0a0 |
| SHA1 | a0c27083847d08a247cc415669decf1cfd8e3dc4 |
| SHA256 | ea5e69cb03e4192af7de3bca4b1ebc221716ccaa706db6ffc617ab4ab0726709 |
| SHA512 | 222ad57c5a894cc92b25ab04d3791c97777bea669504be228aeeeef47cdc436cba6ca09a8de6badf14c38f695634625042c07df3a807bd48f484bfed032d2b1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34a100619d3c3f03a5df276376ddf529 |
| SHA1 | 57c45015cc79f8a84bca37e9ba71500599698b56 |
| SHA256 | 19166c8b07e928a146f0f28ae698c06ae337653539881b92909839f1113200d6 |
| SHA512 | a1b4018eb761a19e4f60a19fbdee68ac5ee46ce7fc5dc893994faa35f3d58b9e8d01b2361f294a8ee33a793f1cdb92f60a8123a35fe239c1d945abed5466bb8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f29612e6b44ec2a4e8fbb29763a4b66 |
| SHA1 | c14dad0f04ef13535b854125f1e4aaf5a5027b4c |
| SHA256 | b313d864557392b7b10c598dca2074c91f5a6c6345943115f762d71fb1f6fd9e |
| SHA512 | b8d7e3b98fc2e13384a6f1e6d031502a93d4b8ddc19ac53443fc184bb657cf0fd66179f637d406d4bf15eee1eab60ea017aa3d82fbaac1dc32c4cf9200d87974 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a66762d2ade8dd67599aa0763181924e |
| SHA1 | ccf40f3fb4df9de842527dee7e087b4915456574 |
| SHA256 | 4835851356ad94f90203c379729d6b976db0f208c0dcfcad2a654797f062d75a |
| SHA512 | aa497b79881ef70109afa25747571834ce98071ccfd51c1a5d6ff388f3628d7fe75a0e550c0b7cd26e39859a3276879b1bd8e5628769a1b6f37ede8a99daa127 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90ed399d1773289ab0d4a44156597b22 |
| SHA1 | 1f62af850f531f0e93b6eda3240f269c9c2d9f1d |
| SHA256 | 2738f9d922f11bcdd137e711086841e4691755853912d507c2cc2aba9e6e0b6b |
| SHA512 | 3ab0ae5c70fd2b2c5364b111b03f69e3db77dd94495b069160908b80d2a7f86654f13774331cb61d487af818852d0edaa6aa16dddbd3bcb46b5bd6bef77da3b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f1a9687af7054e1bd72e0d5c6e73081f |
| SHA1 | a692647781ad02c6c66245bda03ed1d242cfff2f |
| SHA256 | 7900624d5802b14e253c2720d698cf99b3f050f84f41442555e2d3f55a1a55f9 |
| SHA512 | ab25e7e56645627717ea2909933ab538c1b2accaa4b138c7b213a58fcae6c4cb7e22dc9bd73e0e03209b7476a3b6006e8dceba949c479ea8fe11b0d5c9968fa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d29dc831352263c8fa4ebff7d878cc7b |
| SHA1 | 2c8eb6f5d1f6342c2c4f211708edba5fc56dbba7 |
| SHA256 | ce276635f3daab86542a31190450e07b8fde946ef8054dc70d5f4826478778a2 |
| SHA512 | 57fe941ab7eee355c485a60eba2e6687a9f745e5f5c88a3001787ae21af9566e3ef35a69c06986e07fcc3f0d8a778455162864cf30280d802db1c652fa43fb93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d04934e77506c26e36995a2ec796b8c |
| SHA1 | 73246b8913c8e5b032337ccb7ceeac8059d433ab |
| SHA256 | b9b4a4bc5d4c88c1fad5cfa1897f66582540303e35dd0e6de38aac5bc7aa1c08 |
| SHA512 | ea1801b6130e8f91eb8c2a6af63b298dd4da5ecfbe4d423af4dbef51828587f493f169c57e52e8f74ce772809ddad8f5e1fbcdc46a89c82a22c64689af61df3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3b450f42f7b0c7416a2b87795830f65 |
| SHA1 | bc56aadd9f56a54678d236cf268c677ac7454ac1 |
| SHA256 | 8846bba561f8fd1b207c4447bae8de40856a448dbd182b461d16c56dea72b33e |
| SHA512 | 21ec306f711d0389fb560e1580e094dc0523ceebd268186b10ee02d5ce6bb6ea52db989afd3ab0592a86badef19f1e7caa52e4d8cecc8b8e22d09c7f0aa5ea81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5dc3ee775496c4f6417cf3f1977c99f5 |
| SHA1 | cc57b28156ab5906d5aec6705ab9158688daffa4 |
| SHA256 | 411b2ab8cd54ffec0f60d630d3648613c78606dcff4af9a3d70cd24f4acd02ff |
| SHA512 | b097a3e2f2fdea221751594d4d52a147209401998ace0a733cece53bd6cc2cab5b900a89d5a48b53c4a14aa11b461e692502c6e7f939af5f6a45d077ca243269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b0d1da7cd92d4d74541222b39eae918 |
| SHA1 | f7a6a2ec60aeea38c9db7d17b3608ebd5bc569c4 |
| SHA256 | cae0f802bc4866bb6007be5f03e27dbcb75c8652ddd48ee58b70e5190c25a6c6 |
| SHA512 | d27dd544854c41b5e47f6ab4ad3b2b103a14084ad436c38482715233af6e1aec516b7de92a973449261a9424e2da627cda82a31bff5ed9da47b830d41b519858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f4d745266a124c64faf7cc41fdd67be |
| SHA1 | f2725034b0fef80ee793373e811246d2a079c253 |
| SHA256 | 0e4e0f6ebd52920273655fae1538a8981ea486e0cfbe7b5fa09af62efeefa775 |
| SHA512 | 62f48ea414205233c2f4ade05394dbeb35bfd0af0271e22dbbc39316ec890abce1925122e2993c986d4c27909b527fe2066a5e1d621110bb3e8d81d348a7be33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5882eae0212527631135979ad8d6f217 |
| SHA1 | caad64eb59316469ca6c96ada9875fd665b7632c |
| SHA256 | 4e0a97bdf6416ebac6c4e26919ede4a3ddbcd17795da02278754c7fd794068b1 |
| SHA512 | f129cd5a8186ce51f0b5937ffbf92ba46015ac44fe076f15b85feaa87b21b752b08c60dd55becfa05c0a53d73efc94af8661f0fbc0dff2775e18621c8734c298 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a4b5f1e27ad5cbe80e00e26156be442 |
| SHA1 | 857dd6810a8ba7fb0bf70b7887177f39e4473c58 |
| SHA256 | 5b22c3249d8b677e983908607ecda3ae191a4fd7773b9643bf9aec70bb408e82 |
| SHA512 | a0743502e17219932a8cf9dea25fa791e46cea29a87ac389e9ac67c02153a385bb2e0711b0784fa9b48551a68d3f91b28f676725463a0d256458c99a1268d143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dba47bc551ba941ee490f008afdb4639 |
| SHA1 | de54f9bff578f1e9f61216a9749b4f7484b05615 |
| SHA256 | 4bfbff237e1670e946dc1910ec506fa655ddc72b0ebf7c9172a53f95d987e058 |
| SHA512 | 70313f976e93edbd205880ea7f2af8cd426e73dbc9a402d0729b619c055d0f60c39152d01ace83f2a811e8e136021ad0a4ed8b11ac4bcf3c2142cf8fc4f50719 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 263382462cc04777bf5516ecc1d23727 |
| SHA1 | 58f2ee32743d1c3ad3f89d6d16607a6188958820 |
| SHA256 | 3086099ccf3e665c28b4387164f613a59b177850a94da967c9349759447baea4 |
| SHA512 | 66d1144115ea3b79ac366bf06392927b1d45decf1115cee0673a3e86536ffd8d1f8541fccf4fb341357958529c139b5984ca62fed5b4a4ed8140807a30d24564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00d02e4056b7f58c296ab31cf3d0f219 |
| SHA1 | 37cc3e71787d3f0f63bbbe87eb4cf62dfcda1e37 |
| SHA256 | 2bfa7ac0e21f5351a32bc248afc493053148146900ce2548d2f5f4d539ee0f0a |
| SHA512 | b4324799b00cf8e3c4222f94652c007159046a1bbf440db63ba8782897ea5e4781460dc29aa1e1039ff644268137283630f2bbdc400012ca39b88fe9da22a335 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 623965c8af8b975b646b8d0fe89bd54a |
| SHA1 | 4470d8443743b0772a4281b288d45be51dcc381b |
| SHA256 | a9bec5063d4437627bc89f144e20395d1b5ae1e1f1a3d079c5a905dfd4c81ff5 |
| SHA512 | 87391a67e6c08f81a4c2f6141c3c9cf00e06066ab5a27442ffe608b110c8f0ea9442adb40ead25a79811247acbfeaedd37fdc070daf51934f18eb3901eac1be1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 732ca3f9ad2604225ff63230ee88907a |
| SHA1 | ec2b0475879a5b1df174ee17676b01186de6a9b8 |
| SHA256 | 00e82869f43e452da5d8887f846af988010d720a31a98eae79f4e70e3958eef1 |
| SHA512 | d955a1555bbab5579ff5ca8232a790f627e9966b296018e56f29a2a1df75b7d9dfc9a1704e95c6732d91f377727b8917c984836e664e20f0d9a39596f248c8cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea69a72e57985a2b5fbe417a4cd62e0a |
| SHA1 | a562cd7a5f513c026dd34e06b824f791f3263d91 |
| SHA256 | f09bbd681e5463febd723e8c8e3d85c3efb18fc8a548a56d0722c75b14b5b5c5 |
| SHA512 | 46591627340ecb0a953719eb8b8a08c7bd6475db51d2b362fb3c19ba9cafeb57e692e79188522f55205e1408d2bb19ec13f0e65d92299f4d8c7f6bc8d3570408 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c3ea2ba4a608ddb970cb17b7b0dfa61d |
| SHA1 | 43b24ec720bc52cbf57931e0bc81d5c3aefd7c1f |
| SHA256 | d5975659c00523d47c70d04c1e0275bc815789552b6d29b6a3c97f61c67e61e4 |
| SHA512 | a5e6aa190c22b3a7f487d9c62b11dd87cf2e4c721dcd0b8a8cf502ff86915e9f664611cb0d2ce15d1ea8f4c7de8b90ad8c3b36dea8ac4b78fcd2f6e9333fdc17 |