Malware Analysis Report

2025-01-18 21:39

Sample ID 240415-tlm53acg7w
Target https://roblox.com
Tags
adware discovery evasion persistence stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://roblox.com was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan

Sets file execution options in registry

Downloads MZ/PE file

Modifies Installed Components in the registry

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Installs/modifies Browser Helper Object

Checks installed software on the system

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of UnmapMainImage

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-15 16:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-15 16:08

Reported

2024-04-15 16:26

Platform

win11-20240412-en

Max time kernel

1050s

Max time network

1060s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F1518AB-739E-4EED-A33D-CFB811417067}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ED34721-20C9-42A1-9A11-BB8811EAB52C}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=C4D3573C87DE43CDBBF67D87C21ED3BC" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ED34721-20C9-42A1-9A11-BB8811EAB52C}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Settings\Slider\More.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\SETUP.EX_ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\MicrosoftEdge_X64_123.0.2420.97.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\avatar\morpherEditorR15.rbxmx C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\Voting\thumb-down.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VirtualCursor\cursorArrow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_3.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\InGameMenu\TouchControls\touch_action_rotate_camera.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DevConsole\Minimize.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Chat\ToggleChatDown.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\common\robux_color.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\New\Connecting.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\dxcompiler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetPreview\audioPlay_BG.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\sliderbar_grey.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\ExpandArrowSheet.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\category\ic-featured.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\identity_proxy\win11\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MenuBar\icon_minimize.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\TransparentWhiteImagePlaceholder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\marketplace.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\ExternalSite\youtube.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\R15Migrator\Icon_AdapterPaneTab.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Trust Protection Lists\Mu\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\Blank.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DesignSystem\DpadUp.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\ScreenshotHud\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\9-slice\gr-btn-blue-3px.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\graphic\profilemask_36.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\msedgeupdateres_nn.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F1518AB-739E-4EED-A33D-CFB811417067}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioUIEditor\icon_resize2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VerifiedBadgeNameIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerDark\Unmuted60.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\graphic\Auth\vn_agebadge.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\shaders\shaders_d3d10.pack C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\PluginManagement\checked_dark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\ic-more-settings.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\identity_proxy\internal.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\FaceControlsEditor\checkbox_checked.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\ScreenshotHud\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\Misc\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\identity_proxy\win10\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\FillCursor.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Camera\CameraToastIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\EnablePreviewHandler = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\Version = "1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 587842.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3812 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3812 wrote to memory of 2724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0x100,0x10c,0x7ffd92263cb8,0x7ffd92263cc8,0x7ffd92263cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1748 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5560 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7128 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6024 /prefetch:2

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFBMTVFNjYtMUMyRC00NzIwLTg5N0MtNTZFMTdBOEZGMDkwfSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMEIzRjI0NC1BQUVGLTRGNkMtOEE4My02NjYxMEQxOTM5NTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MzQ4OTA0MzkiIGluc3RhbGxfdGltZV9tcz0iMTUxNSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{5AA15E66-1C2D-4720-897C-56E17A8FF090}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFBMTVFNjYtMUMyRC00NzIwLTg5N0MtNTZFMTdBOEZGMDkwfSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEMjJDMDY4MS1CNjg3LTQ3MkQtOTZCRC1DMENBMTg1ODhGNjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk0NDc2MTAyNCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\MicrosoftEdge_X64_123.0.2420.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B6A0C689-D0B7-4AFF-8913-56FB0F443B88}\EDGEMITMP_47BEA.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e210baf8,0x7ff7e210bb04,0x7ff7e210bb10

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFBMTVFNjYtMUMyRC00NzIwLTg5N0MtNTZFMTdBOEZGMDkwfSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1RTIzOTczNC0yN0FBLTRFREEtOENDNy1ENTMzRkZFRTdCOUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTU5NjMwNzEzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk1OTcyMDUyMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzMDIyNjAzMTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFjMWZjOGZlLWYyNTAtNGEzYS05MWVjLTlmOTBlMzFiODI2NT9QMT0xNzEzODAyMjg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpTdm9kbG9JalFMMWZETkt2SVdhNU1tMFB2Vk8wR0xkOE5KSW5hMGhoV3I2T0NYZ1h4bzNwcmdpRTFYRFF2b1hMbklQejR1RDhhSW5MM0FONEYyRFVnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBkb3dubG9hZF90aW1lX21zPSIyNDg2MiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzMDI4MTA3NDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzI3ODcwNjczIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTcwNTYwODM5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTU3IiBkb3dubG9hZF90aW1lX21zPSIzNDI0NCIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2NDI2NSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:4juVeuk-af-PZ1XJjKhLLXpZe07tQJKYOCkWzlpRS2Ex5Zkd6XtrAhjIkejDJpotBHVfOSr6oqQZ9fM8UyGyT1_L3lSOWLgt8oIsUc88bzP9o1TadIf-2wnuYT3_uxEwOMGzoEIYNgafHebCvDnm9uv3w-DJWbw_DNajQpWZ3OZggf5vnHhPDgtCeupZapdDTrPMYRSnU8ECuq3u5g4ZDGR0_9175lAea1iFrYk2wjw+launchtime:1713197403871+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713197353465002%26placeId%3D8712817601%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D07cbede6-0000-469b-8816-04f704acefb0%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713197353465002+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:MWPDKxBLGQguZHMzx-4WQL3PmlgDlZJm00Ote7tjMHGKo2mll22--nkM5MRLPcA6inN1U11nmecHynWslKjJLhbY6AWYTacc0-oi4nwfNMMrbcOWhCyHUvQqcoqKWSk-cL2M1ogw0WTtwMUHI0Fsc16EpG7hfg4LG6mjyhnW4vmp3zYAuhdBs9p4sr8olZPVBbGKpEPVCG9_v37rt2gXrYkBF7ZrCRe-towO2oiuK8Q+launchtime:1713197656894+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1713197353465002%26placeId%3D8712817601%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D66752391-c419-4e3f-9385-32ccd21c9c72%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1713197353465002+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F1518AB-739E-4EED-A33D-CFB811417067}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7F1518AB-739E-4EED-A33D-CFB811417067}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{743299A3-7B19-47E0-BC40-CB07C863D144}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzQzMjk5QTMtN0IxOS00N0UwLUJDNDAtQ0IwN0M4NjNEMTQ0fSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntEREJDRjgzNS0xNjBGLTQyRjAtOEYxMC1FMEQxNUYyQjMwMjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxNjk0NzAzMzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTE2OTY3MjQxMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUzOTExMjc0NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzODAyNjA1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUI0QlklMmJZbDJ0Rld6RXdxbzNySmI2N05yTiUyYlk3UVc3SFUyc1lMelRObU05Rk1XbXhVOHBDc3N4RTdTNk9ZUFVoRDZuT2xwT25YSG1xU1phVDM2TFRRdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSI0NyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTM5MTEyNzQ3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxMzgwMjYwNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1CNEJZJTJiWWwydEZXekV3cW8zckpiNjdOck4lMmJZN1FXN0hVMnNZTHpUTm1NOUZNV214VThwQ3NzeEU3UzZPWVBVaEQ2bk9scE9uWEhtcVNaYVQzNkxUUXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iMzE5MjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUzOTExMjc0NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTQ0MzkwNTI5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzY3MDk1MTU2MDU0NDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9InsxMDFFOERCNi00NDMyLTREQzAtQjU4RS1BNEVCNzhENjMwNjZ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUE608.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{743299A3-7B19-47E0-BC40-CB07C863D144}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzQzMjk5QTMtN0IxOS00N0UwLUJDNDAtQ0IwN0M4NjNEMTQ0fSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTA3RTNCNTEtNjU4OS00ODA4LUJGQjgtMkYxNDM1OEM3QkY5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTMxOTc0ODAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1NzkzODM3MzciLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1456265809307251229,14241483096762127183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REUzMzRBRTgtMjUwMC00MEExLUIyNTctQTJCNjg4MUExQkQ0fSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDcyN0VGQ0ItQjYxOC00NEY2LUIwMkEtQTdFOUUwRUFDQkVEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjMiIGluc3RhbGxkYXRldGltZT0iMTcxMjkzMjg1NCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU3NDMwMzkxMTYxNTgxNiIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNTc2NzA5ODAzNTE5OTk1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMDY3NiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI1NzgzODk2MTYiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ED34721-20C9-42A1-9A11-BB8811EAB52C}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ED34721-20C9-42A1-9A11-BB8811EAB52C}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REUzMzRBRTgtMjUwMC00MEExLUIyNTctQTJCNjg4MUExQkQ0fSIgdXNlcmlkPSJ7MDEzQjdDM0QtOTQwOC00NkEwLUJCQUQtQTM5RUQxMDc4RDNCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDNkQ0ODVDRS0zNkFELTRDODYtQTNGMS1EMEYwMjQ2QTQwODh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zMyIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNTkxMjAyNTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI1OTE1MTQ0MzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ1ODQ1MTg2NDYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kYTAxN2RlYS0zNGY4LTRhOWYtYTNmZC0yN2YxYjk1Mzg2MDA_UDE9MTcxMzgwMjk0NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1VSEp0UXlFM2xMejZ3ck9YNlZkZWVuQSUyZktHUkR6M05DJTJmWjJtRXBOc3I3ZUVudHlOMHg4NkNuYzVFNVV3SXlYMDNtNTloJTJmNVJTNVR3QWdYVlUlMmZ3Q3ZBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDU4NDY3NDg3NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM4MDI5NDcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VUhKdFF5RTNsTHo2d3JPWDZWZGVlbkElMmZLR1JEejNOQyUyZloybUVwTnNyN2VFbnR5TjB4ODZDbmM1RTVVd0l5WDAzbTU5aCUyZjVSUzVUd0FnWFZVJTJmd0N2QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ3MDA4IiB0b3RhbD0iMTgwNDcwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjE5NDQ3MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTg0Njc0ODc1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ1OTEwODIwNjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDU5Njg2MjM5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQwNyIgZG93bmxvYWRfdGltZV9tcz0iMTk5MjM4IiBkb3dubG9hZGVkPSIxODA0NzAwOCIgdG90YWw9IjE4MDQ3MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI1NzgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\MicrosoftEdge_X64_123.0.2420.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff72d1cbaf8,0x7ff72d1cbb04,0x7ff72d1cbb10

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=3 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff72d1cbaf8,0x7ff72d1cbb04,0x7ff72d1cbb10

Network

Country Destination Domain Proto
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 contacts.roblox.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
US 3.162.140.103:443 static.rbxcdn.com tcp
US 3.162.140.31:443 js.rbxcdn.com tcp
US 3.162.140.31:443 js.rbxcdn.com tcp
US 3.162.140.31:443 js.rbxcdn.com tcp
US 3.162.140.31:443 js.rbxcdn.com tcp
US 3.162.140.31:443 js.rbxcdn.com tcp
US 3.162.140.31:443 js.rbxcdn.com tcp
US 8.8.8.8:53 76.140.162.3.in-addr.arpa udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.4:443 economy.roblox.com tcp
NL 23.62.61.90:443 www.bing.com tcp
BE 23.14.90.81:443 apis.rbxcdn.com tcp
BE 23.14.90.82:443 css.rbxcdn.com tcp
IE 18.66.171.7:443 images.rbxcdn.com tcp
PL 128.116.124.3:443 ecsv2.roblox.com tcp
PL 128.116.124.3:443 ecsv2.roblox.com tcp
N/A 224.0.0.251:5353 udp
PL 128.116.124.3:443 ecsv2.roblox.com tcp
NL 2.18.121.34:443 tr.rbxcdn.com tcp
NL 2.18.121.34:443 tr.rbxcdn.com tcp
US 3.162.140.103:443 static.rbxcdn.com tcp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
PL 128.116.124.3:443 pulsar.roblox.com tcp
GB 18.133.14.21:443 aws-eu-west-2a-lms.rbx.com tcp
DE 18.196.110.197:443 aws-eu-central-1c-lms.rbx.com tcp
US 54.183.81.178:443 aws-us-west-1a-lms.rbx.com tcp
BE 23.14.90.99:443 c0ak.rbxcdn.com tcp
HK 43.199.15.143:443 aws-ap-east-1a-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
HK 43.199.15.143:443 aws-ap-east-1a-lms.rbx.com tcp
US 8.8.8.8:53 178.81.183.54.in-addr.arpa udp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
US 8.8.8.8:53 143.15.199.43.in-addr.arpa udp
DE 3.121.72.41:443 cs.ns1p.net tcp
DE 18.192.91.145:443 cs.ns1p.net tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 3.162.140.101:443 t3.rbxcdn.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
GB 18.133.14.21:443 aws-eu-west-2a-lms.rbx.com tcp
PL 128.116.124.3:443 gold.roblox.com tcp
DE 18.196.110.197:443 aws-eu-central-1c-lms.rbx.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 54.183.81.178:443 aws-us-west-1a-lms.rbx.com tcp
HK 43.199.15.143:443 aws-ap-east-1a-lms.rbx.com tcp
BE 23.14.90.99:443 c0ak.rbxcdn.com tcp
US 151.101.0.176:443 m.stripe.network tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
JP 18.179.122.35:443 aws-ap-northeast-1c-lms.rbx.com tcp
DE 52.57.25.161:443 aws-eu-central-1b-lms.rbx.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
JP 18.179.122.35:443 aws-ap-northeast-1c-lms.rbx.com tcp
PL 128.116.124.3:443 gold.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 44.237.151.236:443 m.stripe.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
BE 2.17.107.18:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51084 tcp
PL 128.116.124.3:443 gold.roblox.com tcp
PL 128.116.124.3:443 gold.roblox.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
BE 2.17.107.18:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51088 tcp
N/A 127.0.0.1:51091 tcp
BE 2.17.107.18:443 setup.rbxcdn.com tcp
BE 2.17.107.18:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51094 tcp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
NL 2.18.121.24:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
PL 128.116.124.3:443 gold.roblox.com tcp
N/A 127.0.0.1:51596 tcp
GB 128.116.119.4:443 badges.roblox.com tcp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 2.18.66.81:443 tcp
US 52.182.143.210:443 browser.pipe.aria.microsoft.com tcp
GB 104.86.110.129:443 tcp
GB 104.86.110.129:443 tcp
GB 104.86.110.129:443 tcp
GB 104.86.110.129:443 tcp
GB 104.86.110.129:443 tcp
GB 104.86.110.129:443 tcp
NL 23.62.61.75:443 www.bing.com tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
NL 2.18.121.16:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 15fe2ca7fbb19bce73b3127d3ce38b40
SHA1 3b6d7bb9a2a45706b41570c3237620977f91bfe3
SHA256 fdc0d483560fd857db4fd1f96c8dd963c4400095e8191206cc1400e07cfbe097
SHA512 8a2ed9de98c5e82d7924695caf8350a4cb702fe52bd6183f929966bfa9909e4b55471cccde3c0324024061bc4d6ea50076708fed9fe4e0cd976106784caf5fda

\??\pipe\LOCAL\crashpad_3812_BOSUSHDJHDOWORKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 387bda50a259f550e0a5b9c3f441359d
SHA1 9e0a87fad07a1fc8e67b5f44244aee8c49289a28
SHA256 f7a53d094bdb8498f4a5edf5dbfa6f1f04e62013a9173d48cab6f31e7fdc4f68
SHA512 060019710d5059241e00e23d6780ff44a016774f4658d16443d1ca7b7187aa4ab4ec484b18d380692f75dda19b882411749cc29545c9e3e57488a758bf618e24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0fefe1d3c8599329e14566971eb4ffb7
SHA1 e3e1ba1ba83d5cb41d552017cb381a04bb2043a7
SHA256 96ad10356775c2c8224746487269a2d14fc764ea2c513ca871be6a595252ab58
SHA512 fa61422a598cf3eb31a8b40f6fc5c8dd417a83f8a11d1a788f3fa17f527527bb6c33ab42301cc0c8ec54bf2599e650d0ebe15ca881b21a3254ce48dcb4d9ddb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed013fba1c1fcc322b90c3a9145e6008
SHA1 ac165585fe0633ad6b37baac69f352a1cd974fdc
SHA256 d74ade18a71590b69a5169ed687233e2f0a968394ac9a631f9b28053c7ddcd62
SHA512 3059f2fe689f5886de0339190b857c26f89d93ee106fd7617d17fc17fcdfd6e88bd2e542f8bf96fc5b67a6a8effc4fc6ff2d4130d6f950c07e58f8cd789a21b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46f20fe65bbfa640f49d08d61dc20bb5
SHA1 a44f4c4ed764dcac2b4d20c7ef79abc6542d6b6b
SHA256 bf4bd19ed4b497cf388f1b9f5cfa0a912f596679841860d003046e438a8f2cf2
SHA512 c18cf4a5a76fa0b55be52e23f787ea0dd5304710d7d04c0375e9340191fe653d9982e23451a2bc8a242290fa29be4db314a22014357466154ea11bafddcce28e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f2fe402b6e05d7a4c7f32c4b4cd7d6d
SHA1 0ddb98333dc445a4bfc1939f4ad56482d172021b
SHA256 0f5f82ce8167eba6519a476b62b452d5a83a06e7165c15286f4bfef7870a1c2c
SHA512 14990c3b870f5ae59806c5a7ff50a0a915acc2620fefdcc630dbd61a39e8c98df9c5452d3462fd9b3c44cd65e85b0ef2dc0fdb0a773dae6f4de8387a99eba73c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef4eec8010c377d929dfdc024dd7f6a8
SHA1 a721c6d9ff54c2a51c45c0823cec1c16470f0582
SHA256 39b5c5fb86f271fdbd095998271515a21b81b15893360bef9a939342376cf021
SHA512 b743320a80162e7cab14bf2bae9b8ad12fca3fd5924cb0245503a062a4fbb8852051bb9e14e332ef32825f98dc98a63dd3c2e5baecbf07c596ebf06e73cdcafa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c40b.TMP

MD5 837b4f8003daabc3f459b6347f2d8da7
SHA1 f9f67953df47f9022c6c712cb744b4658b5f75a8
SHA256 c08a7841cce4b3f902a0ccd5a1af2d9dd795765c93901d89b9aadad0b37de09a
SHA512 87763569a0b62da9f7c2c32aeb8d6288d2358682a5cb6f6c0aa36102be8ee2953ffaa6766910e928cbdb671f7b253c0c36c26394e7ba43dae276d7207880e11d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 88f40942f99a1fea6c6ad8511b938bb9
SHA1 6b9e7c882b856f372aa22b41cb985099fae7866c
SHA256 9aac67520dea27aab8d79ad6bc13f4535d400adaad9050b2c7231a544c3f48e4
SHA512 a6337749941fff6fada214edb10825d84cf92fd9eac18257290d654091e74a7241691a51b655dbf3c421237ed62df48593fd71c0b18912a1f7064f8215091d3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4a25dad28208f2024b75509f5db16e6
SHA1 1b140e63d70d28bd03b816f605f4bcac1a1ce016
SHA256 a4b54401e048c3054c556f14e7c5cd605afea45633fdc2b0d0f6a49a1d1444a4
SHA512 8aa8322a0326a6dd16da3bc954d09178824f5e66e2559234ef0d3d5b33b095e9179685fe8b1e99f4f911232ec1dd34d58408df8d8b0e0517659b4869a081eace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a42aadb22d8a5b843b819d2942b67e95
SHA1 3dea673fbdb8763e14f6a0f7d5791819460ab718
SHA256 4841f62ffbd5cb1bd11b7dbbdba286b127cc65e2db53c423133553a22884344f
SHA512 d90ed395fbf33d59edc9adec4f9e1e36e1b356e9d7c35f4523990d65df820642126c18b04c81b3be286919d18fdd51394837d85897d59cbf08b1a27dfe112d94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f3d9df5520389ca192731f147b5f52e
SHA1 741231c667b55c6e88d540f2117b7e37df6911b8
SHA256 1a8a08e8bc69091f2a4b0f3e01fbfaedde630de106e26cfce6847ed0c9360e7d
SHA512 b7a9bf8776da9be64671d0c6c721922b930e56b995b40d30d5e5a772465f99a3c2edd3652034486b09796e053cdc8bbb874be12e54dca9b5667d20d49d340746

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 9026c1a039bfb1796b34eeb74a8a716a
SHA1 0fff9a37ca34aa4811e4e48f4022f1e3bb5f95d0
SHA256 4a3b444e966106bf9551108f259d543858a36d28acd8d2dd2f38e522ec922cca
SHA512 51704c92f1a4fdb55604faabae333157526fb93f3b669aeccdd04a9f728122cf81bc2c8ee0df2efa23661666a697e8f4daa491b25a64282aaf68a4420d341da8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000eb

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8d0ec14c9fb26e348d121a1649af7fc
SHA1 b2ab10723e99c0031d6d6123602be30c923462fb
SHA256 c5e6aea95a5790beb9c4decc4e6fcd19734f282e883f980eb2d543d60bdcc09a
SHA512 3aa8729b0a49ed04fc215815bd86d93694ffa8eaf0e5e0cf3ae65d79072b4dc73e9b91704cabb3f11971f66396c707b6788379dec98140ef7ea3609aefc4c588

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45ce2e03a3ba00ce6b03d1916d7803fc
SHA1 d7a45d5359b38dd67ee857fed4ed7c71015ba59a
SHA256 31bb113bc123d317329f20584bdbf8d04ef88c2a3a0fa1ebac0099b75e3244e7
SHA512 8a48de6d526bb95a72f738cae836007f629b6660d46b9d3c26c07e6f6a66b5d2e932e938f1b8f75139b3273d9ff9f703c29ea2c7df853fb556d0106c53ffa8e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 374ad931e8efc7ef07d3eddd5cf63311
SHA1 21e1fc8fbac5f6f59ebc63e8b9529df114252855
SHA256 ea1eed24fc555ebc2f8c8a8429918c6a68730b1ff4cb23cb04acb3032c10e0ae
SHA512 f99709404a6ca9104910baa456f8a77b426605b65ed6d83b4e1f6be6e34d8b08f9cdb002c3412b6da82824011c120ecfaacf4da4daf87655f5c55bb73687be78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c7c4e9cfe1d080e344086aeb82e2482
SHA1 2cea2705c5952fbf852a71b11c8867fc506bff42
SHA256 1bd0d20214b09633209d39bfb410881e80fb81217146082969ad1a5c5869050b
SHA512 63868151548538c4c9be1ffae29f540742455e8cf597bee11aed5bdbe6946c74e4f1ddb575f846d3dc475559c90963ef0413bea6e0c73fdd78ed194ff4541a30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e239fceb6c2d871d2aef6208969584d6
SHA1 9dc3bee8d6b92fa1997111c4523c5a6bb7e83129
SHA256 d4255b54b73f0270fc367d96e6f1733d9eb15b7c0a690a8be1aa690a021d5a09
SHA512 0dd1f913c2c16ad497d6bbd86e51652d826a34c7a8147ca36e2e800eecec4dba3be1c1b938625374832c9ad46659ea5e2b2423e447349a89986347ee7e16d096

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7aac7895915e20a34a6f4c41e51e54ab
SHA1 7648177e30ac4c9de9362e6720da27091fe8c2a4
SHA256 0a85e8cd9dc4987c5355b557ba3a50e3ae6a556adf8a9d32b5da9a8e0e75e1fa
SHA512 72142569c0043b6b8590c57964de08014fc7449efa9ec6a32ec645da098e06b2a95decb5bd006d64301204782b954c0014a88255d9565effa899b3975f9d0453

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 9fb66ffa1e1f4dedfd16eb3a8170bafd
SHA1 69b5d57ddda6b97adde820b9ceaddae9c33d53bd
SHA256 7953b28b736795aaa54e6cd5cb591e794e2f770c1045ca2e33af5ff19f480eaa
SHA512 4b141802e7a4cb6bd4a7498d30086a9d83c62d37f2137f4910ca7d3fb7009079d4dc59b95050849cfc720210b0cb44bf588d15c08e3ba830aae19c0a27e8e6d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb22c95fca25323ba298748dc92c1f04
SHA1 5032ea38ce44a221a1e10996764f7570ad826361
SHA256 0e947a524c82a82987fd4e0cf2546661575c778baae74ddd244695a502d9ba87
SHA512 5f3887c5fa617a47bce5165475ca2983d38553dc579fa4a0361c538425b9d6e1863234590d59fff796331bcd24a6c3256f7cd91af6bb301d3c77841061385858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 251a961bc8b67643f648482517027a75
SHA1 a29b84574389e10f611a1fc1cd7ba315881e392e
SHA256 b6295fbc9e03400545281aa3cf98912aa93c4bb6a8c3547b0de566f0faaa23de
SHA512 e93aaaf28032e5d2d96377d25c7290692a50f3b42492ed3def48691ceeae23053befbe9e7e36b02b04fe576a757673425b387db866ee14ad51c4dc7d91f89fb4

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 4f9d28edc0c431adbfcc19d8fa47702f
SHA1 37a6e145fec66acce633199ea7261bf5dd3d855b
SHA256 17e5cfe0cd5e01c1cf679b2fb7da7f3eae6cac2481c41f355c23df375ee0b48d
SHA512 bb7a5f33e2ef384347f8ffa09381aee5609a5b4997a205c972e7d431effa8c89f47e065b41f3acd86c2a395e0fdcd2fa656b57c84c3b94bb2fbde52ed2284dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6962eaadcb151b72ba46880fc37c1f3f
SHA1 234e3d1ff409e4f5efeec2af2d5863707a6b9851
SHA256 9b9f9aeaa3d75e683eb5280542a02a3441bf47097e5cfce97d1b12af0ad02d97
SHA512 d71e5c610dc419f78d12a37c2feb465a6d1643ae1f845090f1e82ad52b3d057147aee94aa3197f97dccd39ca7a471dfa98f09ef847b27468715e0352e6822bd6

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f3b8e82c20c4bb3f94a2d7bcd2a82cd1

MD5 f3b8e82c20c4bb3f94a2d7bcd2a82cd1
SHA1 89618596be7cb90317eaaf2d09b05d522d008260
SHA256 7de6a5a45227b0f21ac7dd50af250e37f20b8bf2d6f4aa53a7f643d77515bd07
SHA512 82f15e37366efd29879add4f50cedbdc27d4eb885e190dd54c8e89787b51d59ccc21473f431292da679c7e8aa7cf2d0ce7219e1503d59a0f356e078f9feece55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a0ca7fb925d0bd7182570edb003be55
SHA1 d53ef0e0b2b56f22d4a09f3801afd48fed822a14
SHA256 7b99f38d0fb97584ce4f7e1ae32bbf5eb24fa2c91ca4431d4d08e69a3add3266
SHA512 c42a436970393f6686211d7d73e76d0398cb4bca5efe4b63cbb4cbe26fbe744a0241849f0a0208313e2c341928469f48015f53f14b40cd1b71976ed3879cea99

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU5700.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 7240d7b9b3467abe3581a9d8b1a60dd3
SHA1 f24aaa994158e650df95fd950480011917d65e01
SHA256 ffa78941cc92dc1724263ab89dadb61b9c7b5539ead20c06b0f6774a26dd45d7
SHA512 abc0f42bc3a7dad5d929cd9bdab0af3f1bae8d8efbfd3236ba75e95a39ea45ecbdcbe7003bce1278473b0e617c908af8e9fefbf2e859508a36a34c5a4311bedd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc1e6a7ea217aba0a0493ac606d7a923
SHA1 284cd3dc43c9b571ef4bbb8737e676709cea3689
SHA256 9e180e35e223e57d9b5359a5334712a949aec0ef6433df706adfa9b9f96f9cdc
SHA512 92d6c5e06dc56ef3030d2d572c2531ecb4b69be244ed631791c8e608ba78c6f9dfab4e223ba912dad3561f6805e22692135729dc26805770717763edf9811191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b0fc909ba04af96420a73cddab9bcf0
SHA1 671bb30b9b12da53ff64ebcee7a7f3409c416104
SHA256 ae763e2f93cb52b089602d44db7105845eb110bcb3a0c973b31f81eb363c83c0
SHA512 460bd6add50573468c740495dbf092367fa15855813b737a4c3b5d9af04c410cfdb0f6eb4c532f8e62106946c3bf3da28af50e3235bc17f7841b37362254f039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1e5f92efa88fb820181c8658925525eb
SHA1 c2e350c77dbcfc3a23177b637e0d16dff3f6db72
SHA256 123c4c169c9fae7a0f1d89363ce9d41a2aa4953a15e4dbbf8fded8ce02157bfd
SHA512 dd2c57444eb8fb4b929563649d6b1078ddcec4943956de1330a114bb26e74a74f68b3e321483f9a309c757c545ef7ef6a10e91106ccea3f2ccea30adba9cfe90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c00ed8af91b4122cb403b31467c1e0b2
SHA1 395e4408e7f5c240a525cc2e0f852585599deab8
SHA256 d4bb202200948918fc69971afde99648a9ac118f965bd07eaf4db265c022a430
SHA512 5a4d2d0172a2da10f8c1630a6d90333712ee8dcf59450ca39176f21fc820a2c65a04a497458446005c95e34c82137d619eeb9c683a13ea113699084d9f8c457b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d347461e90e7b552293f265adcc19e12
SHA1 4695ba586064629455f570df7dd4f5a3ef512746
SHA256 8a4baa7e571dcdcd5f25bd5032012fb1e97b57e327ab348c3de9f7603e738985
SHA512 62997c65259776b494c3fb2b6298a0a0387e3a48615fdd87e20a607c2ce0865a140817ec60472431f6bbe1026fcc7cff35d1fb5e212f3be8e2e0762cf7bc2c90

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe

MD5 300df46436ba5d076b227c32967ada91
SHA1 de9d47ef0c61fb04b7309875e2f03c8fa37d19f4
SHA256 1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b
SHA512 ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 13ea6e1578ca794fd403164e7690d809
SHA1 4ed77cec899fbdd0c0e68f91c9e10b233bd05045
SHA256 0dc7017695b59db1d88287569075c87949ef836de7473bc8657af6d8a7b8cad8
SHA512 f8f798a51a26ecbf108a68826fb743e39d76920b9d384f5c653dc995f7ca520466c81c375eeb5a86deb36171f711f64b543b25f4388c07b2037ae4fd691548b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c060f403853c62cbb4247009306d429
SHA1 b882c7bd89bebea587cd9d7ca798bef2a0da714e
SHA256 4fcb243bb62e31a38425fed9214698814e7e21e83f33a8f6e2c2a128279f5d10
SHA512 f5dbf38fe162dc378c97d7304c9202be4365d95b851eaccbded688b30a482ea203307b0852144d268ff18fd7b0f8164abe73ffa0c6cc4669c4010abb297552c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\261b6f20-e150-4241-92be-41393911e1c8.tmp

MD5 b1631da3a9deca0f0c0106f747ecc84f
SHA1 098729828185bc30166e58e6a5a88fd177cce1fe
SHA256 07163d2d83d51b6b8353f66a62d9f3cba7558204e286e54b8cf2bb94e1d19462
SHA512 ae7d0b24390e17ff219f78657fb1c4653a963097ea09b9c9558006c1bce4da212abf0553f1e13ad3813c14dadac28e6d781b1aef67cf80e001842d6b70195656

C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe

MD5 31ddc9e1c11a44b88cf96c45b3551ffb
SHA1 811ccb9706f656e29d089e30a2ee1650302394e2
SHA256 46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da
SHA512 67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e646bb1c16d661532682966b49a406b9
SHA1 eb09b08c784793de80fcbd519296f7f3d4afef59
SHA256 31c3a8a1f2a97aee6c17fe801e4e181cf688482e86ba7b7758ca272f6b622130
SHA512 52b9c47b073aa6e736d499973c6695dbb6d79aef598e976bf04b898cfd1ae02d002aae7be3575a8cd8aa4d6d032c27c7c4f2faa052f670ac732ed71ada642db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52f0169adfb862319dc858ce3086798f
SHA1 70a27f3cfa90c70d3c804080cf86616370a9672b
SHA256 c16514613f1372cdd3208914d30154432e7c5afe4e0922af22128626f31ba803
SHA512 964ee59834bc4ecca1eaaba8622454f8731e7a7890743cf48b71f5ea616da9887c2a69c22c7f621539f93710ba0b74e2ab6299d42e7be84ff5f6078030218d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 32f751bc48a68cb67940c1907d9a463a
SHA1 2bb5f7684bc4e9c9ced10ef97e6c414c9d454b47
SHA256 7f4114e07386d9cbf15abcd085772aa5f0751ffc1ef2596fef43dfe4ab388089
SHA512 8981516ab458548c2987867a32b0f5409881d4f773c08b39d3a7c4e8fbd2f1fc439e748c0acdc2e0c7fe6a254f89b26c66c7a16161d7e9e9060b6dcad32e8510

memory/4832-1626-0x00000239DF030000-0x00000239DF031000-memory.dmp

memory/4832-1628-0x00007FFDA19C0000-0x00007FFDA19D0000-memory.dmp

memory/4832-1627-0x00007FFDA19C0000-0x00007FFDA19D0000-memory.dmp

memory/4832-1629-0x00007FFDA1AE0000-0x00007FFDA1AF0000-memory.dmp

memory/4832-1630-0x00007FFDA1AE0000-0x00007FFDA1AF0000-memory.dmp

memory/4832-1631-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

memory/4832-1633-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

memory/4832-1634-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

memory/4832-1635-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

memory/4832-1636-0x00007FFDA1BC0000-0x00007FFDA1BC9000-memory.dmp

memory/4832-1632-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

memory/4832-1637-0x00007FFDA19B0000-0x00007FFDA19B1000-memory.dmp

memory/4832-1638-0x00007FFDA17A0000-0x00007FFDA17B0000-memory.dmp

memory/4832-1639-0x00007FFDA17A0000-0x00007FFDA17B0000-memory.dmp

memory/4832-1640-0x00007FFDA1830000-0x00007FFDA1840000-memory.dmp

memory/4832-1642-0x00007FFDA1850000-0x00007FFDA1870000-memory.dmp

memory/4832-1641-0x00007FFDA1830000-0x00007FFDA1840000-memory.dmp

memory/4832-1643-0x00007FFDA1850000-0x00007FFDA1870000-memory.dmp

memory/4832-1644-0x00007FFDA1850000-0x00007FFDA1870000-memory.dmp

memory/4832-1645-0x00007FFDA1850000-0x00007FFDA1870000-memory.dmp

memory/4832-1646-0x00007FFDA1850000-0x00007FFDA1870000-memory.dmp

memory/4832-1647-0x00007FFDA1940000-0x00007FFDA194C000-memory.dmp

memory/4832-1648-0x00007FFD9F340000-0x00007FFD9F350000-memory.dmp

memory/4832-1649-0x00007FFD9F340000-0x00007FFD9F350000-memory.dmp

memory/4832-1650-0x00007FFD9F4B0000-0x00007FFD9F4C0000-memory.dmp

memory/4832-1651-0x00007FFD9F4B0000-0x00007FFD9F4C0000-memory.dmp

memory/4832-1652-0x00007FFD9F660000-0x00007FFD9F670000-memory.dmp

memory/4832-1653-0x00007FFD9F660000-0x00007FFD9F670000-memory.dmp

memory/4832-1654-0x00007FFD9F660000-0x00007FFD9F670000-memory.dmp

memory/4832-1655-0x00007FFD9F680000-0x00007FFD9F690000-memory.dmp

memory/4832-1656-0x00007FFD9F680000-0x00007FFD9F690000-memory.dmp

memory/4832-1657-0x00007FFD9F680000-0x00007FFD9F690000-memory.dmp

memory/4832-1658-0x00007FFDA0CC0000-0x00007FFDA0CD0000-memory.dmp

memory/4832-1659-0x00007FFDA0CC0000-0x00007FFDA0CD0000-memory.dmp

memory/4832-1660-0x00007FFDA0D30000-0x00007FFDA0D40000-memory.dmp

memory/4832-1661-0x00007FFDA0D30000-0x00007FFDA0D40000-memory.dmp

memory/4832-1662-0x00007FFDA0D70000-0x00007FFDA0D7D000-memory.dmp

memory/4832-1663-0x00007FFDA0D70000-0x00007FFDA0D7D000-memory.dmp

memory/4832-1664-0x00007FFDA0D70000-0x00007FFDA0D7D000-memory.dmp

memory/4832-1665-0x00007FFDA0D70000-0x00007FFDA0D7D000-memory.dmp

memory/4832-1666-0x00007FFDA0D70000-0x00007FFDA0D7D000-memory.dmp

memory/4832-1668-0x00007FFDA1950000-0x00007FFDA1960000-memory.dmp

memory/4832-1669-0x00007FFDA1950000-0x00007FFDA1960000-memory.dmp

memory/4832-1670-0x00007FFDA1970000-0x00007FFDA1979000-memory.dmp

memory/4832-1667-0x00007FFDA1950000-0x00007FFDA1960000-memory.dmp

memory/4832-1671-0x00007FFDA1970000-0x00007FFDA1979000-memory.dmp

memory/4832-1672-0x00007FFDA1970000-0x00007FFDA1979000-memory.dmp

memory/4832-1673-0x00007FFDA1970000-0x00007FFDA1979000-memory.dmp

memory/4832-1674-0x00007FFDA1970000-0x00007FFDA1979000-memory.dmp

memory/4832-1675-0x00007FFD9EFA0000-0x00007FFD9EFB0000-memory.dmp

memory/4832-1676-0x00007FFD9EFA0000-0x00007FFD9EFB0000-memory.dmp

memory/4832-1677-0x00007FFD9F0B0000-0x00007FFD9F0C0000-memory.dmp

memory/4832-1678-0x00007FFD9F0B0000-0x00007FFD9F0C0000-memory.dmp

memory/4832-1679-0x00007FFD9F0E0000-0x00007FFD9F100000-memory.dmp

memory/4832-1680-0x00007FFD9F0E0000-0x00007FFD9F100000-memory.dmp

memory/4832-1681-0x00007FFD9F0E0000-0x00007FFD9F100000-memory.dmp

memory/4832-1682-0x00007FFD9F0E0000-0x00007FFD9F100000-memory.dmp

memory/4832-1683-0x00007FFD9F0E0000-0x00007FFD9F100000-memory.dmp

memory/4832-1684-0x00007FFD9EEB0000-0x00007FFD9EED6000-memory.dmp

memory/4832-1686-0x00007FFD9EEB0000-0x00007FFD9EED6000-memory.dmp

memory/4832-1685-0x00007FFD9EEB0000-0x00007FFD9EED6000-memory.dmp

memory/4832-1687-0x00007FFD9EEB0000-0x00007FFD9EED6000-memory.dmp

memory/4832-1688-0x00007FFD9EEB0000-0x00007FFD9EED6000-memory.dmp

memory/4832-1689-0x00007FFDA19B0000-0x00007FFDA19B1000-memory.dmp

memory/4832-1690-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

memory/4832-1691-0x00007FFDA1B30000-0x00007FFDA1B60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02f1b28830fbe013d234a1ed7dbf1b0d
SHA1 66fdc4fcf3a035bab124006688f8409bf17edd05
SHA256 4354e179819a9795ae422c1a10d69ff34c7ce22635012355ebdf7334d60747f8
SHA512 87bfd559aa1a293ab7d638c5e9fcdd9a8d7176c8da3037cee75776719a8c9ff9a7e2265cff60db07397e03d04c3f7afe09ad59ee6339059abfca176aaa867dbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2306b5b6e6821ada5f491ad8459de8c8
SHA1 9b7bb382ddabcd8eb3a5fa4c520f04863a1ee99d
SHA256 d04d20da99deebb622cd08d8d4ccabd2f9aadb8aeff924cc816f21e580655a42
SHA512 eb22a885dcad3acdc6517a328424df6c7b0f72e7c32d99ae0a8288c05e8c4d2f709e793bc92f006e4e9cd8df8a1dca9f9dfc4edbb050718f138981a4f8356917

memory/4832-1724-0x00000239DF030000-0x00000239DF031000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41174d6b14d30fcbc59dced649da23e9
SHA1 fb2fef1b05f2c5e5586318b65153db2c9111093e
SHA256 26efa680db588c2fcd2058ca34653803e12507e76ae52d95357df90474f02606
SHA512 455fca1c5b47170f8af3801ab56d0ae3952cb2657434d65781a4720c550ff9992f1c857839878edd4cf828af0b0f1debbcdba157d322088923c5c2a47643944c

memory/5080-1738-0x000002C583D70000-0x000002C583D71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9dc503d294290cf6b07566cfeb79f491
SHA1 15a80cf407bffbdf6e5dbcda369d080af5b6aea0
SHA256 6f702e4f77ae415b8624e551501190035c82aa3e22131300890ee8b6fb41a676
SHA512 ce60ce52b32f5c252cb30b224dfb86ba70784443f49909cf0511724969e00b8fa45bebaf62d54d4e588802bbc8285d779815af8040ea3ba701d1b067de3853a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b4493f5b033ff2fea600d60d877df07
SHA1 2458d14b14f075108d43cd663ad7ba091238377d
SHA256 ffeb7ae19b2f0893624509aa05c0eb9e5484cc9cf3bc3e6aea6df2d8457392e4
SHA512 0d74f9827aea54ba06aba61d664f2361628df9a2bc07856111d022358cd8473452a7d6d859ad16ee3fb77edc26425361a9bcfa695cae70d323cb448561ec6a33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c0968046fbc52813dedadfcf1e1ceb9f
SHA1 7c968dddf6e5b8044b84e580238d0477ed0cf4ec
SHA256 13c8b02a96506454fd865aedf1693d0ffd62a84c4293ce44f7565acf342fbf77
SHA512 9b6eabe08619a7715261edb8b751b03aaf6e971a3a56b869d6a432f79388381c62a23a5dbfb3b4271f28df61db58691cf3fef31538cd180b5153acffa4cb30be

memory/3360-1856-0x000001E26BF80000-0x000001E26BF81000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09a91953def540a6caa30649b4d2ab62
SHA1 513a05077700f593dd33ffc904443637cc24a215
SHA256 21849a3a8fd6bba9bedf4c1640f2a0cc16a630ffc26db1fca71420b45a58aa17
SHA512 e134bc58072147417715f97d11e3d2922a5a6e35e402062dd38c0f67fd8e8016a74d815c8ee2d9ee81f001d7fcb82e1715da5fbc2cff7ee23f2f64982ee1864e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37ccf33e57ea4ac2f3302da064d690ef
SHA1 8015e40d93c3debdd6ea5029834f505eb937af59
SHA256 90a7a08360dbffc29fe05c799ef5fca8e538c3c88443f70bf6114aa95d0de6c2
SHA512 0c317a2cef44ce622b5f9be7d12389efddc9805bc18daadd785b2f73962faf52af90aec1f62726e71e2e0a39ae07339853a43284e5a475b9bd51bb9d87d489cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9dcc9850849b3cf1fe1ad84738b5f317
SHA1 e8d4565b88018899afde41e591fda07100240dc8
SHA256 a7016ef4bb1446b5a729b23470e6ea4a00a7ffe1a415f487ea8cffc9ddcf2998
SHA512 9e51d0d95776283089200704474759c65ac448b6bbb48e10f88ba093c7cf5a295c33b4ddcb3d2a41a6c8cf773754867421292808068bb73a8d0a024bed82cedf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c25df217a7f92dbf31d92ec772f0f6d6
SHA1 ac465df6bc1b74fc8050eea99da5fbfc2c863f38
SHA256 fa434ca56c38976332ce512f676c348aa806a1e4e66935b70a7dcd86656a5720
SHA512 c1efac1da52f4361857337482f1fd5b653276032ac708583f671402027d1d3b37962b13f25265f665c69b67c8c587e63bfa964b4f57ea2adcc26566568583bf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4c2e78dee4bafcb867d6dda338aba192
SHA1 1e0e019d740354bf3248462e289e284dabb82e1d
SHA256 7621b1aca548259ca1d4d893a622383b9ef160203280e622b2faea4fc43ee9c3
SHA512 6861449222712b7e0d9b7f4644c9aeae60f670608649215de1e48fb73210166df175be676e24591730df59b030a36882ed8dfd6dbe2849fc786ed22f7fa7e705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1f68bbbf4bc63c06ce78fb67c8333dd
SHA1 73ba0db52b4fda83786bcd69332d9c926959541e
SHA256 ab2075b8b950a09acc8a13cc7159f6657be03aae0ca3d79ab3e27483e6d860ea
SHA512 933117e254d71265b893f90fda97b3db66521e2d980521836eec01ac9ab38f358826a34cac7b3dd7838a2a7a38ad8117516311080092a053bfab325ad55f6efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 410c4df94c66c1652d8b087baedb7420
SHA1 cda266ad089e0071ca24a30f6f89a8abd1217f7d
SHA256 abfb53178baec148a1ce753db9f5b12f66c557dd6da7ee766b64c09a63beb8d2
SHA512 3f2eae7c5e111768e9a0156b0c253bdd7c3f192cdb92e6f1e9b7b75a5a0e719ec80368d8ab869d4c032e0df7564e158628ecbd87de8e0c996bcfeea2e744d9ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a3e6c6d70eabe25672ba3befa914dd68
SHA1 d166f5f0270ae7711c345bf1eaa3f3bed996f8d3
SHA256 68e42723682cee0943d108bc9e3823a97ad8557ad7ad08ba38fc0358bb4b2399
SHA512 771f6d9feec48fefde1236846d327ff79c5e2b26d86873b29979a1f567887ebdb32e88dc15ab30206a749d5e8bbe3c696ef8d0d54e775e8f408af25e7a49398b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a21c06856425db8b6ab5dd157d0e9ac
SHA1 c52f4f5909df0c46088739dd1b25e6e89f2d7717
SHA256 f27dec4dd312d448dc490ae41232cacf601a116996f07b98db0fe3cdbc5ca8e8
SHA512 91cb99d1626d5ab8251dc19916f2976556574a7452cec61f600cffc6874b1a2b784bfa93d63bd6cdbf8552c098701ec56f76c926a4ec490a57853477e6d792c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a37787ecc0ce012d2376f255c619fe0
SHA1 13b45d85fdb85767ffec851c1f7c355402753d6e
SHA256 39e83d66d452cf13d125d141d64a52377d481097901e2818ec313cd486051590
SHA512 c8230a6224c4378a1e4bb4de33e91cf716fcfea918edd620dd7e5eb0d98059c22aede1e28c2cfeef83f384dd7d9c6447c998c0175dfe6b2b7ec42a31e4ab5338

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14f14439b64496968b9a661895686cfe
SHA1 92c2e61e6c838dc24277345e4810b566050b68fa
SHA256 2b2d974965b12ede891621a78c70fcd19c57a43d150dec0cd62191ba0669b789
SHA512 9c48aeb3b522ca46358556da8caa9de489e0a5622901ae66b601caa36665f4570ead23b2be7fec5dd17aa2d3f05dfda15d579755f9e00815a6494de1077f5058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 340535fb056d34363a8c08f722bab70a
SHA1 69c05cad3399fe888c6d52de1088ef48153f310c
SHA256 c0c34ed682e41b85f317c82ade6e564178e4146c92af77fb8e95aca3d472c918
SHA512 b4755e7d3423c531fa9f02022a0ea1ff547c2725740ae59d530f856b6045e3095d6470064c4f87e3a27072fe3b71df2c4102b8f71dffcb329e06354b21ecad41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 846fef2ce503fe4459ad510f8b938a0f
SHA1 a033c924a18df4eff83d9b94bc9ea0cea12e2690
SHA256 00063fdd699ab722fc4660d1e777827da698f23b8cced68de5111938f07581eb
SHA512 5960b3852ef19d47039ff6187259ee18b0e9e1a873b6289e6c66c7875f6ea324e7cbdafce648ec563d0836bb101f55d1396640b7e313035008691d548a9d5e6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14d3c77f7454c457d9b06cbb64e34461
SHA1 1de0a3f136cc5a611aa2c0bfc036d213850c46de
SHA256 2dc7840b92d64c3974c5db3b2775efb210fccab7d181c24ac149ede3de2558ed
SHA512 5fa3bab61c44b3d660030b8f8ed20946f8ebd2d382617ad56a0dac1b223ae1ef55368dff3450e8bd56a17c0d2d1b452247659557cceb63be48101b3458117239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c508ef4e3e4d6f666a8347de780f43c4
SHA1 84b84829f588031be8b332f0deef26c8a038c4bb
SHA256 30201e0d801b332566eee0ad4e2a4b082df3ed186cc8cdb6e35710baf87ce1be
SHA512 2bd5154d004606d2bfd9fc7f475f376de85349bcc72eacd543036fbe9bba1701f1c6d4fc3db485e8d24a4e7a1161a0baaf70998de2a076ed93e70f829c08db98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e13e2b48516f9977a10f5cbb6c76e235
SHA1 545157013337c725cb3f4d9326f099471866bb4a
SHA256 86be51ba7137da4e1f45f236f6a098ef8dd82c2d44c34a410d135a358869c04a
SHA512 52a2a4104bd2142a47bafb5b1e1893ba8f5584d6c02e052f7423707f0bd744d91e54012f3c3826bc339d1d4c2f019d1d6118988e93c3c36f4b3a4437203aa2ed

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39035489a28069a67135c08ad5b6552c
SHA1 8460324d2715ec532d9f46618416c67590ab35a6
SHA256 2fcd7aa59390a244d1bb47bc799225416fd77bb929330301d1d5f6a8dbffad3e
SHA512 1b4a90a6b0041154f6bfb9fbf00163c4b9dee6a0ec7b15ae831ad549058d00482417d4982110111ead5738fb44f03e75119df65bad1614dfa9557d5ed290f906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 80e1152937e82f2d511c5560f875e2be
SHA1 d4d3c8e06fd1b4d3f115e0cfcf29879970446673
SHA256 1a7c1a8a8cb1de8af9bb097ab448456f180245df7ecc73c9bb8ba6175232e80e
SHA512 b117ab08b2c0c5aaa0949b592c6434e8794bac50da137c7db21b310feabb657fc6607675650ca37abff55172eb507584d8c8e3e95241f0553a72a407cbdb9689

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ec03a6ba5895a0d41b7a6c78252911d
SHA1 0799329992a7940f1edf83d8cc9b86d34d4e8368
SHA256 381f8c1b538f85675e2f628717d881e62021b74270ca247b5bd90e1ad4b2a7bb
SHA512 e87a3a28da8f92409cbab0059084d02d3203723430332703f37787c579fbae184755d1e4711fdc4137fa74b391c8fd84fb534eae2cbde7af808463b48d579b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc61c162f7bd4e8b1e3137eb4040d6ab
SHA1 ad93214fc83b5eecfe8f2e436720a8ef0be0293d
SHA256 49cee7c58a04c201e430e1b8b2c8722d6d25b32645295c672a0c4b520b636e46
SHA512 dbb1137f8584b948f92487868b96c918fb3700a708956cb09f3a242b76c39116b202dc67f1a7af75e20a45bf054151ac2716cb34f589aaece2460e15e1164a86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52ff45430c39fb55490a5026618e3824
SHA1 81bdafe9b818e94efcef6bca6183db06d7747aa7
SHA256 ea2210b1c18a7eab881da86e7741e9999b8f634ea8cac59742dcc2c6d40f5c04
SHA512 a926847b3c48a74b1d92ac9620d0f7817d72e831d7d9edf331fd4d240ba0f0bf890c98fd950df55aeba617ca3be18fc061edaf739864ab82f34c5823c50eac1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa0a4392dc500c96a78f61f87d4d4225
SHA1 937fcaa73cd90d6775143fa718d24d0ce4853518
SHA256 e5d42a9edb7ca98b33fa1c2b43b8d7e89f03334a6b5b9049fb0b9ad0730d94ac
SHA512 31460d40183865f98ea076018c18544fdd5c727738613b3d533d6a1cee67ec2222f13641c23201564906c18954c990141a986dffac4ee376e40b951c51686c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c68308f48e82d07cb3b03dce3e4abf9
SHA1 037b3d6c48623cfb6f2905de0190157d643c8854
SHA256 26f77519cc6d0e4c5b1761ae368902763118c2b974456da9a78eb3b95b0cfd77
SHA512 5067ca125f46aa6835fb0a37943f6140fc8b4eaf0868dd1f4a33ce538e1a0efdd354335207ec89c614b25431579f3d907ba8735a60bf36b3c0eaadf38165ae8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5eb887c821b32564a4f41ca9fe838c9b
SHA1 59ff8c7de69f65db7687c4783ff3c7b229fd7c27
SHA256 2a2c918a94491c8f4ad5effe0b742ce79af1bd205428abf553f0f4965f2289a0
SHA512 9d8ec132a97b440d5c66fd004e62fa46d0c643cf648cee8170936f04c109ffdc8da4e527a1be050beb28a08fae7419ab0b8b17cab768247aa67a3be41a10ff6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5398c483996b7811d1c27a88ee242ca4
SHA1 de88963f9b0de18089dfab8474f6b0f8f41539d6
SHA256 784bb097f6400e33c2c9a7f4cb27da98335a54bd8806eeb4a0b9f9c6041ff0f9
SHA512 696733605cd7c048cb3c18d7041efda82536dfaabf367c8eecc84b563889afb595541c7ac0f6e2de54c5a99bce2acdea8316de485935f4d222e87f96a86a5f64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f63a66a2cca00005b96496b6e7230c9
SHA1 d8be7b7ede69de5ad036114f7460363170cc8af6
SHA256 836094181381a80f1610d3e7096fc2ca9b85769ba3aa84fd67ea4c01689608f0
SHA512 dc3a3e223bc00ff18260054fd8254004e7d89d1cbe5b711acb72256b7d46dccc4f26b7a946b07fc359f0cd6ca464cfecdbd6b5580558b59a72e720a656ba789b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04bad59933d77be5f187cc11a75cb3d0
SHA1 a2f1fdeab298e3ad5c7fd1b23617b19b9fed1252
SHA256 9c141918a0216146c99fa10455d1c277a96df44d71e69119db9c8cec93487266
SHA512 7ec3555264fdea2dad7fb67a2b128772d2c84c6ea5caa7e49ad37262c567ec7b818d7d323f857ac9b8b6b4e96210fe77e4ce4eeb2ed2214e2cea57a69701b214

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b801c5aa236211f9e85970a668f0b3d
SHA1 a7b7783eaf1d355d0bdcd92b5c5673970f0122f8
SHA256 1d3191b7be7d590afc08d4e21f24dbcec8677bd9c704c429688de562fc6ca9cd
SHA512 3ab24e3ed87a25492f4a86b0d5e48d9ac7eff472427b76c344a4453cec684d4fe90f9fdea0c6d4a16076ab8e686caa2399fdbc2bb4a5d8beebe3e6426c5f6149

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f7a27d37ace3e528417ae28cd2e96e6
SHA1 3ae03d12148d6d42ba3124d602718af4e145f8fa
SHA256 2a5598bf4caf48966842197dee88b9aeb587e0cdedc58a3522f1bdb68aae0db9
SHA512 e068858c6a5b11825bd4e6a5c12222157188374823130ef7dc02de9c31423a2e0449467a25d7be8f87f3565c518ebbf66353ac5026de61747e5531a87cf74bcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d911ebfa9995e2e7b5a52fa21b2b6a9
SHA1 1303e4190d8fab8c1cc74eaeb498bce4491b3d29
SHA256 60dd18503a7ac851ee68c4ddd64f4d9e2bfb9cfc8e3c4f52ad6c900acc482bf5
SHA512 d54a65470a402e42868f2d6272b988211bb6fa193e3578c976beb4baa287bc4ca7af1b92e13acbbec4211455c996a465012b07d34eb01e9d47398e4e6beb61a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73edccfd6397a9e8a9dce7f10e321757
SHA1 a01e22478f25a55b3c668391db0a94f10a7e14c7
SHA256 b39b1a73e336fc3f1c9bb42c718e62422cb8465ddd6b104b882b9af8ffe5adef
SHA512 f9a9a9ab01912556d3aaad6d6ae2c9170832515c01a314cd01233634360f1d2015adb68abe5d5d16ea70e33a260720b4ffd8bc70dbe3ce92881c10cdbfdcd511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3902fca4060328158522c2dfe529ed57
SHA1 bcc3c564515fcafe7d1c40a7d101484ed9060ce4
SHA256 c0396de3d6b963d86078e9c1099f6e8c4dd2446b9b2e1e2d67699055423b3273
SHA512 dba206305bc7ef44d15197b507b92bbc0bf2c34d8588ada46f4de45975510b131f49f4a6b76386c6db7181dffc53d75b63bc2e26eb0d8df4dab761c9919e65d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 152b84e0564894fab5266b88a6c42f1b
SHA1 06a89eb66c476fe73a0faed029c8b5fdf68081d0
SHA256 baf9f949e687897c405bbfe9731ea405bfadd3c2afc53100241a393310c5a9fb
SHA512 23bcc861e918588ed53149db42336f9baccf252c0da4efb42c64d3c29f9e0fdde5bdc3796a41752ffedde3211f111cceda375ae44a58068ff9903055b331793e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ae93b1e698e75054a7ee0ea7e36e55c
SHA1 565ea741d19c7633b1dbd904f32fbb1634b1bf35
SHA256 aa2d70be66db7443fb36547fb88395416dbf1b242d65c09e28fa73eb4dbec414
SHA512 c794241f03e3e5d894595683ba6f59990896742918d283ca1709cff108cdb984dcb599c303f59cd38c648c00dbeab3ab603c79c28b82d94ac69f103158202ab7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e09c81dcf67014675762910ebf63571
SHA1 cb501b32cbe03878c15914d282a22fd70f86997e
SHA256 f1cd6f0a6cfb5f2b2124ed00cf23f249e006d18625b05535cf2f833a28a767a6
SHA512 5b2f9dade31e07f792d42aa4054ba7c91220ba67eca82e664e19a06471e97fe1cd1c393e2a5464994c4f7339c5b681fd3e3a9a2c63acccb879558ee7aa08dbea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5afc7b658907ad965e1ec84d713bb99
SHA1 595c444bafd918dbdb7c89a6ab1d0bd47babaad2
SHA256 f1c1e13ecf4ad3746f018f3872fc4c6a3dc15fe7d40a07cce5204d9d5bdc5cd2
SHA512 1272ae2815ecedac143ba895ae71a3b71063a6af742674b5fb947d13c2036bf88d35dca0c10d191adab9739699ce6928e3bfc5177de88c1f09d4ee21a4e00d70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f320952ef216f119e743b2b047b67d19
SHA1 0839d604ff1036caf81da29e6958647d519642b8
SHA256 afcd430fe57349b97662570f4dd51cc0dbe4a8e6a9623007ed6975cfdf41079d
SHA512 fc455b2d21350105d80cb1b2ea3eea7f4768d7f847d2684119fddafb296f7671401b86d747cf312c48eef0be39c956ddaca434f2cc7e95e4d09ba31cf78b6b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0564ef51e5fa4670d02a69bf29e9ce93
SHA1 11abbc772c4289d46adb233e51ae0458e3852e1c
SHA256 00dcdedcaa71864fc96f1c37240c844dbeccbea43193812845cf352d4022103d
SHA512 dd24f292a83c67501e9d15b720404b7e37d80957b87c40e646e0b0f2ded3147309d391f4251eae3dc887393bc43d538d4c3587d13b16a85091134258a9e14b25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1a7bb079b4fddea4a6af22ffa8be97f
SHA1 f053e53bae51aae204959f53b07e154095258827
SHA256 027972415367ae5ed4621106a1c4c9b8562542f38716884ba992a4b372fd9faa
SHA512 34806b9ea8569af44558dc559f653d88f54b83f209b53bae6c973b145f8f2ce22346d3b2c35feebdcd3b16ecb67be426ec159e64efa60de7e36708f7f77a9684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5ef89166c158ae0ebcc33fa5b60f922
SHA1 d116e3e432a87b59dd764fd43c59b9774b29487c
SHA256 493150995cd9a42deab068dd63dc1566d9c866b641e8e063523db36b6a59b172
SHA512 5b3e829a11eede23c15656a23d17f7e115f78f611088524587b052e81b2d20cccc1085069a66732e5da3dcd1c8875523f80e09a65d5c76378813124de87a1173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1037cb3eca0dc14a2bdef986551406e
SHA1 5efa263c0e43e99950adf4672dc55b8f5284eda5
SHA256 c2b0a339f12308131dd5d6314b012ab1c4c10f2e15f0e4bdaed7c4627e0a4466
SHA512 c0b2bd2069f8c4f8c4c6d53ffd74c14e605fea61b997b70d9aef76276ce7b823882b8a3424fbbb6a7f5f392d7f3cdfe57913875cbc5cca110a1739933ebb0bc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc0a3920128e18d5a5309c9985d87976
SHA1 c6d705776fe79b621d1590e9073f6b4aafe4ba18
SHA256 7fbc243df7b35b0a73b242706d2f229fb97b6463993b6e41e1815a7822b0b3e6
SHA512 2b98359613e08c9457a9ddeba9f30c9296d5be3b0f79cc1c45d9cb70ea2c9c6434ff7eb4777c3e90a605ae5644649b0e234a0aa4c3761210c5ba06191fa5141e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4e5f23ac13394e9b4e6f95291e6a896c
SHA1 cc0c7d49814633d3ed97a431d0cbf8e61e7a96c4
SHA256 095e7b329f584e07d23550861296eadcff5e6282936ebfb63c49c6781b138f56
SHA512 733ed78597026e5e14a694dfcc7f7af982159f7ff2c0c0d7e2fe7bcad6492988c951517aca592b036bf9a3733dce7ebafececeeebc50d8b67af783d428e68508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ee23e167c44885c83b79b35e81fa6d5c
SHA1 5afcf3eedb76f6f304e144d34e21ba1b2d824ede
SHA256 487158c41d4a17f011c043b0f31e94575e7a4e2a757f8d70f96012fcbaec587f
SHA512 d0de35a135ac6d7a5ed291b2b0e75668e883397215ec434f467d1446a2611371352723f66cfdbb31cc05d09d9b3c94af05d887bd55693e0c98e5048d0e2d4ba2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37f6afe558b419d994eccbf9c8b7629f
SHA1 a7c4280f97c4b7ae395d99b231c02edcf028a182
SHA256 ab88fc20b79a3e5ecfff5c19962c7a26780577feececa38e91f6a75c641b5a6d
SHA512 e507868226d8059c166b2aa90563e19cc29f4ece60862a8a49f9ab21a6dc297130af9cfa854f44daae979b87b938c4984f20965a8a4f50b044176364ec204550

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04299d80804ebc9f68420db1d33cf702
SHA1 46471fc746358ed36df9bcbb8f534ae0eb646585
SHA256 fd0aa388bc0b7cb117bec1163b942b2265d0b33037ce3142343e622b2194613d
SHA512 22855f03bfd038a893348e0659fd611bb30d4c3254982cbac27ccf32dc803242237684da1a4887f2176a6a10708547e2746dc5c3d71b192b1c0ec5ad82dd281e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61525523d5868987518459c274205d1c
SHA1 20a45b644c90a658a23daaa753136fd90533ffc2
SHA256 559c40ad3ee373ed0ab0eff3438ffe4eab3df8e611f7e33c492536e9d0ae3787
SHA512 d2b4fc586232de20e5adab502f471fc907a61df5879759cbd26607e480e3777981e220b1f42e99ca41f1b5903bc67c207376cb52175e6ab040c8efbbaa73b66c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04ddf56c80e4eea0be5d1401d3e319b5
SHA1 e1ec26ddccbc0ab44dd52140959d0212c40cdc9f
SHA256 c8550074076a035c87c6adc98593e8ab8b0c61f3479235aab6adcde191ad237e
SHA512 f8d56851e1e6b87a4d6c3f611a9d9b0620d044f023bb1cd55ea42b2335f2acf2fbbc9522f2c43825744df73837e52de2cd2775c830c47a93d156c6f4baa6a93b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e37adf571715c7c6cda41c43dd0c3c09
SHA1 807c7fa7acc00a3a184ba1ff0d265d2edf8e1cc2
SHA256 a5e7bace6937e2c6150d8b7c6aff2dea5cbcfeb2629280a6a49109a5d4221981
SHA512 d55e57346bf7388ccebbbbe552ab1938451b9238148ba3e692b34fa0aea139b57fbc1d57083bddbbeae77517d32ffca6e96ac7cfb3da178c8d40d475dac43940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e429c045205b4c03848d804641fe1904
SHA1 c7d278e179e8ad90ec561094979c987d0acdeae7
SHA256 ca3bd326728824fa510454d99626526b74db41e5cb3b4b1d3d3c2a7411443337
SHA512 4baea925a132e86c5f657e871013a5fb12a6dae7977bdf62a87e94858569d1e07b8e64953416d9b54a0cf1f02d49ed18b8ca95267f7a99058b987a605e818378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e87abe3b47aafd8b0050c7eaae699c82
SHA1 ff8a5e74f93520393d65d70a5df5b5260c7e9b64
SHA256 7b575d0e3ff43e188642d3a10c19ff07e111608fe2a190b083b6d78bd546a23a
SHA512 c68ea03c12835f94384acffeb08aba873623e6f45633b5b4a4aafb1b65f35b5cf7d135b2deaba9811de08036c088779958d8b8ebec2516e44033eb08b51f4a57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 506fa9ff4dc6973ace62782fc6500a3b
SHA1 72bf8f625ede45b8b9b5c84fb48960e0760c73e3
SHA256 9072ba46e22194611486a1df1ac7ff23bea2229bdb75e821263aba4d3ce17645
SHA512 3f83a903cc3c2d34639bbd23a9809e33f8e141353265a8bd7a0f61b18df6cbb18dfb8d1138e87ac47098870fd3258a07647cf478f1e1177cb4e92342e6c5680d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 85e0c5ca4ff2147b5e66c32f8f90a273
SHA1 efb611b72d927d26de44448acf60493712baa05d
SHA256 b22f9cf431b17a16a67db74b2cd0e5d44862f533ec3365cc500a5cff78805183
SHA512 b4e6757e88b1e0727cffa71271c5c7852dde9d980f406a4a73a28caf59f21cae515be2ff2860bf6727fa7434f8e68b10520b99543752907625929d919697ea6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a80e4cd23cc5a91b1f8350a7c521c169
SHA1 dd71ed3da28c24d1b7b802882bde35ce45f2e091
SHA256 fbfe4547a7adbd0eb1d62351edb9c925d7fc9955fa9c48cf1f5728269faafd79
SHA512 60e6624f900a1157db4d4b0d38e2053252f0948a35f6d89fe3ed43f7b120d1608b1914b7664eee54de9e0067cf09d5ba1a5ca177bcab620447cc09f69549681f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b0f905ce25f739ba687d7daec7cc2fc0
SHA1 d6b793ffd1ce900d7331644dc61d5f42e5d0a71b
SHA256 3b2b5027ebba215e85e94e83139931d896b951ccaacb54f5bf25faa41f6858e7
SHA512 015b606c3d8753c1bcccb5a865049fad34d8aaa34eb2bdd62333ad8769b3e9e52289fb887b42c9779f8ea8298f8a31a4be7476adcef825adb8a08bd0e088ce3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b8e27eb6388ae674232d57490cc802c
SHA1 1358a736f77e70e711e80c055a3ebd40e5a3a6cd
SHA256 239ff7d0cf2c53cbad20321c95283728dbb39ca186a417fa3f4d42a8e3c41768
SHA512 f6d89da4aa6d6ff9fa374a9c024c748ca622e369a973fc532a40fe7d542876c407cb7ecbbd30e63b5bd4f6875e03123dc14d645695ff8135cb2d6ba443cae975

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d062d67a117a544346ba31761bc7b18e
SHA1 eaea667947b23755fcfd5a7973b08442f4b66083
SHA256 0a980599676eb919495422e0d65487e1e09e725fdb7e8d105cee60ca7a3b3949
SHA512 1cad3012c086c3b2b0c057ca4c00bd90d896c909b69604fc34ec8cdff05fe3a8f7f2b7c21425031f41ed92155f3102953f4d86f87b64241bafa9ecfe4debe8ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e6dc2a366f49badae3a57838d6d4e3b
SHA1 8edebdb1cfd3028d4c76bd6d2cc31693e643527c
SHA256 dd01a0b30540cbf98e4b456006998411af64266e9dcd7cb6ec4b90219982cd17
SHA512 d0f1a07eac07ccf2e126a8e58693228183bfabd57afe408a4482d60ee452868640700bae3023b8321716f933ff74242ad84b0fa525965b23b9c690415584b412

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4db22bda5b213ce917ba2697db4ef76a
SHA1 03b1e300e5f03be3c5866a9292762537191b25ef
SHA256 1a5558d2b6ea3ea7c3b8b6ab73d5b5f3a8da7287d928367aafda4097ea601972
SHA512 1ba9b0a80440e5ec4677e320d38cf4da0b719c934aa1eb86a984c25fa5cb260a42694c671bd35cc7cd2ecc896706df6cad34b0a8f8ffd230dc129d965ea3a7eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 321b7711b7864c70787842de192bdee1
SHA1 c3cc284136ffc347d0ded1786616abfee2f3bf37
SHA256 9f2db267bf8755d1db9cc836b69c9e098f4d0a5e2893e0e12b3451fd692273c5
SHA512 87dbf834708f78eeb86c336d6c196d327a9e4793356ac1b93d43e399b566463c5ca1c7785c6805f4bc79126e219859a65cc3383267e5c08c117c41cc85495f05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74522fa62838bfd162221b50e95aee27
SHA1 4d6e09656e225eab4fa0a68f423c967520d7c964
SHA256 fafb3c9152c11ce72083634f30c3dbb848d03cbb25a682d3184801e0989b99aa
SHA512 071e75ec65042cc083bed8874eb822f012b3445d41fe1c2fb251616e87c910f24fa73996c5dbd20102fa2de3ff6cbf93d7bd2540b9bf23f1cfde3407046b08cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae3b91c8fe92fa998697250e34df9b1e
SHA1 4052542b2565460584c5d35eda9e453d70c37c8f
SHA256 06a4167ab6d2895b698b9776edcc05d9078016c20e14bf3586a9b94d5ba9caff
SHA512 1fcd500496fa6c764f87d6f7789e88ff8f6ffa53eae10671cdbaefc296bc0391faa1351789ee1ecf3e26127a9a8a695ef1514700d16ff1d47b9cf3fa3cd9befa

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe

MD5 09fc5490d32c867927e960f673911ebf
SHA1 2ecbee3518fb701959d2539a88892391250dc010
SHA256 9014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6
SHA512 cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 378a59fbb98083e24d149d4059a57bda
SHA1 3d0cb032f38e4194d2779198a8c596e04cfe3143
SHA256 73360ba1fef2d82058b4fc869323e8a5be3187ff756f863b375135a8c6d0058a
SHA512 51f79a3c29b195aef38c8d690984ffb446dfa7d7fde22a8e28faed32998e1bf4575d50c9daf90f174755c4e114f2027f9a49af6467c39effd86be6149b312264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c53f296a2fff3366ac73ef33d06d830b
SHA1 f200fcd7622afc6c2269095424fed559695ed920
SHA256 662441043729f4d1c2e6d1b23960d9229f07ec920d0afc7008853cebed834e2f
SHA512 34076d096281b9a8cce557cbc895aae1675d06d6a9fb3bea07a2a2651bed0f935cc24a2399a35118898c33417f0624230bb67211ca0dd4cd41d0ee04028a2d61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3aec7bd60e91fd14264df68c382b2500
SHA1 1a45c6366e851c7dc1f687a028830b229af19c8f
SHA256 06d1b392e97f49daa0701d7bd8dff8a4f97d80ad13ea47a4c28e2ee6e75afadc
SHA512 b88cbbff774beaec65955ff98828b6d3f98df5ea3d274a7b653edb760ee45f5bd28255fe3969d492033813b312739561a76d2789de95c78d7025796ca2d95d5c

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C74CECBB-C147-4CEC-9133-700FF91E7B32}\EDGEMITMP_6FD77.tmp\SETUP.EX_

MD5 2415cb112f130a1382726afa58a0933e
SHA1 74ac041e6dc607e476dfeaff2d2bbf2b5c004b5c
SHA256 85679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179
SHA512 a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8e64d981a5bd6f12cc01c844ff150800
SHA1 309c260ca85a81c0905e4232e3ce7d26c79443c0
SHA256 db1438b6b7f1279e2c23edcdde1e19aec50fdeafa4cd9c397a809b2ab08f3f02
SHA512 2bd7778eaa74b65f1392404875a4fbbce234341bc466c53c30e7e8b702680f8f9663db017a7c4cb691f284273744d3ee8b17ed3abef988aaaef87da736201a05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c82a4c668a10482b4a47e926c4017e5
SHA1 4f3bca4ad37950c1663742cdd0334e49b4b0361d
SHA256 8f6fcd3ca6b42f669b1a54f4f9675fba9c8a898d2d5f1956644a8ac1a48cf532
SHA512 317b1c128008bf6acd215e9a207bb94f8a7394fe111875ed255c79af5e6e6d19b522a91d4a48cbc23d11d4ee27e39fce88668ff3b1bb4dbfadf3909596e721a3