Malware Analysis Report

2025-01-18 22:19

Sample ID 240502-qagmcshe3z
Target sample
SHA256 92161a6193eac50f5a2b9acf3d0427281ea04960a7335e1705f4cf9ab95805c5
Tags
adware discovery evasion persistence ransomware stealer trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

92161a6193eac50f5a2b9acf3d0427281ea04960a7335e1705f4cf9ab95805c5

Threat Level: Likely malicious

The file sample was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence ransomware stealer trojan

Renames multiple (125) files with added filename extension

Blocklisted process makes network request

Sets file execution options in registry

Modifies Installed Components in the registry

Downloads MZ/PE file

Modifies system executable filetype association

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Modifies file permissions

Installs/modifies Browser Helper Object

Checks installed software on the system

Checks whether UAC is enabled

Enumerates connected drives

Drops desktop.ini file(s)

Adds Run key to start application

Drops file in System32 directory

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

AutoIT Executable

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Modifies Control Panel

System policy modification

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Modifies registry class

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Kills process with taskkill

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Checks processor information in registry

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-02 13:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 13:03

Reported

2024-05-02 13:27

Platform

win11-20240419-en

Max time kernel

1423s

Max time network

1424s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Renames multiple (125) files with added filename extension

ransomware

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Desktop\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DAB4169F-756E-4A80-A2BC-EE3723268B6E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C34E1F74-DE18-4659-AB5E-8CA3A3B7BF9B}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32\ = "%systemroot%\\SysWow64\\shell32.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_CLASSES\WOW6432NODE\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileCoAuthLib64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileCoAuthLib64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_CLASSES\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_CLASSES\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=9DD942EAF4C14BC19F892A335B789FC9" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C34E1F74-DE18-4659-AB5E-8CA3A3B7BF9B}\BGAUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{43a03b9c-4770-409c-a999-587b60700b63} = "\"C:\\ProgramData\\Package Cache\\{43a03b9c-4770-409c-a999-587b60700b63}\\LauncherPrereqSetup_x64.exe\" /quiet /burn.log.append \"C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/SelfUpdatePrereqInstall.log\" /burn.runonce" C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Windows\CurrentVersion\Run\EpicGamesLauncher = "\"C:\\Program Files (x86)\\Epic Games\\Launcher\\Portal\\Binaries\\Win64\\EpicGamesLauncher.exe\" -silent -launchcontext=boot" C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\XAudio2_7.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\system32\SETD2A9.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx10_43.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\D3DX9_43.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\system32\SETD374.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\system32\SETD6CF.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETD306.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SETD327.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File created C:\Windows\system32\SETD529.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\XAudio2_7.dll C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\XAPOFX1_5.dll C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DCompiler_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created C:\Windows\system32\SETD400.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
File opened for modification C:\Windows\SysWOW64\SETD2E7.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\SETD529.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET75D8.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET7617.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dcsx_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SETD616.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET7697.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\d3dcsx_43.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETD5D5.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETD6CF.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\xinput1_3.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\SETD46E.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET7667.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\xinput1_3.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\X3DAudio1_7.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETD327.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DX9_43.dll C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\SETD400.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET75D8.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET7667.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SETD655.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File created C:\Windows\system32\SETD6D0.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET7628.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_43.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETD6D0.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETD2E7.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File created C:\Windows\system32\SETD46E.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\system32\SETD306.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETD374.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\system32\SETD5D5.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\XAPOFX1_5.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET7628.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_7.dll C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx10_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SETD616.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File created C:\Windows\SysWOW64\SETD655.tmp C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx11_43.dll C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET7697.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
File opened for modification C:\Windows\system32\SETD2A9.tmp C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx11_43.dll C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SysWOW64\SET7617.tmp C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Vehicle\SpeedBar.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\TerrainEditor\select.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\sky\sun.jpg C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Feedback\Components\FeedbackSubmissionToast.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\Shared\Shared\PropMarkers\Tag.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ProfileQRCode\Dev\Roact.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\dua.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_LS.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\msedgeupdateres_th.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DAB4169F-756E-4A80-A2BC-EE3723268B6E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactServiceTags\RoactServices.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\ReactFocusNavigation.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\RoactNavigation-5e891f46-2818f7fd\RoactNavigation\utils\PageNavigationEvent.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\sr.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\Seat.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ui\Chat\ToggleChat.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\designer\images\tumbler-icon.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\QRCode.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\vun_TZ.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DevConsole\Maximize.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\Navigation\Light\Large\Share.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFIntFacialAnimationStreamingHeartbeatStatsIntervalSec.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\UI\Window\Icon-ChatGlobal-XS.png C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\root.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\AnimationEditor\FaceCaptureUI\StopRecordButton.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\nus.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\bs.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\PlatformContent\pc\textures\woodplanks\reflection.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\coll\sh_BA.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\AnimationEditor\btn_manage.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\Utility\Light\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\DeveloperTools\DeveloperTools\Classes\TargetWorker.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\IAPExperience\Locale\Locales\id-id.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-0c4b13ff\LuauPolyfill\Number\toExponential.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\VirtualizedList.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\ModuleScript.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\msedgeupdateres_gd.dll C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\ManageCollaborators\FriendIcon_light.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\ProximityPrompt.png C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\Scripts\ServerScriptsEntry.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestEach-edcba0e9-3.5.0\JestEach\init.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphQLServer\Cryo.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\en_HK.res C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\ig.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\ff_GN.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Binaries\Win64\api-ms-win-crt-environment-l1-1-0.dll C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\VirtualizedList\VirtualizedList\Components\ScrollView\ScrollContentViewNativeComponent.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Components\LimitedLabel.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\OtpLogin\Localization.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_ShowmakerV2.layout C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerLight\Muted.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\textures\particles\sparkles_main.dds C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-2.4.1\JestUtil\globsToMatcher.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\en_GM.res C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_OdinShareLinksV1.layout C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\MicLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\Qml\QtQuick\Controls.2\designer\TextAreaSpecifics.qml C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\Common\ConnectionUtil.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Actions\SetCollectibleResellableInstances.lua C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI7A84.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI90C1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF86CEA3BB03BFCA62.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF888E125D9A2B7466.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID9F9.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E6AAF58BAA9A556409921E4ADE0CE5A1 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICDD2.tmp-\Jun2010_D3DCompiler_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI203A.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI7E0F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF9052554BF67A675D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
File opened for modification C:\Windows\Installer\MSID9F9.tmp-\Jun2010_d3dx11_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSID9F9.tmp-\Jun2010_XAudio_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSID9F9.tmp-\Jun2010_d3dcsx_43_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI8C98.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID9F9.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSID9F9.tmp-\Jun2010_d3dcsx_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E6AAF58BAA9A556409921E4ADE0CE5A1\1.3.93\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9CCB.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\SystemTemp\~DF12F635328864349F.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICDD2.tmp-\APR2007_xinput_x86.cab C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A}\Installer.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\E6AAF58BAA9A556409921E4ADE0CE5A1\1.3.93\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7A74.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICEF9.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSID013.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\MSID8DF.tmp-\Jun2010_d3dx10_43_x64.cab C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI14EC.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\SourceHash{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICDD2.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSICDD2.tmp-\DXSETUP.exe C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI14BC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4FB7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E6AAF58BAA9A556409921E4ADE0CE5A1\1.3.93\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI7A84.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI203A.tmp-\CustomActionManaged.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\E6AAF58BAA9A556409921E4ADE0CE5A1\1.3.93\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8DE1.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSID622.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\SystemTemp\~DFA40B7FEBFB8AF27A.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\499C5C9F9B6F57D43B7EDA108B04379E\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Installer\MSI4FB7.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000d6da5b3da49a91300000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000d6da5b3d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900d6da5b3d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dd6da5b3d000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000d6da5b3d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Control Panel\Colors C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Control Panel\Colors C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Control Panel\Colors C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Control Panel\Colors C:\Users\Admin\Desktop\ArcInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-STUDIO C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591286159558727" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\NucleusToastActivator.NucleusToastActivator.1\ = "NucleusToastActivator Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\.whiteboard\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\OneDriveFileLauncher.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13376" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2BCFAA43FBEEC904B97FAF707FE4CEEA\BA659A75CCB46C54B90459E7E4215586 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\ = "ICheckFileHashCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "9523" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ = "IGetSyncStatusCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_CLASSES\SYNCENGINEFILEINFOPROVIDER.SYNCENGINEFILEINFOPROVIDER\CURVER C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_CLASSES\WOW6432NODE\INTERFACE\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ = "ISetSelectiveSyncInformationCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\Microsoft.SharePoint.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "10899" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\CurVer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ = "IFileSyncClient7" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\FileSyncClient.FileSyncClient.1\ = "FileSyncClient Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ = "ISyncEngineCOMServer" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\ = "IFileSyncClient6" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ = "ISetSelectiveSyncInformationCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\TypeLib\{4B1C80DA-FA45-468F-B42B-46496BDBE0C5}\1.0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\ = "SyncingOverlayHandler2 Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c00000001000000040000000008000019000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\ArcInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\EpicInstaller-15.17.1.msi:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\AutoClicker-3.0.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\ArcInstaller.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\ArcInstaller.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4640 wrote to memory of 4532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 4532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4640 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc0decc40,0x7fffc0decc4c,0x7fffc0decc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4480 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4552,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5036,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5136,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3680,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5340,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5000,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,12637862771920220694,7010463040339520858,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5652 /prefetch:8

C:\Users\Admin\Downloads\ArcInstaller.exe

"C:\Users\Admin\Downloads\ArcInstaller.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ArcInstaller.exe

"C:\Users\Admin\Downloads\ArcInstaller.exe"

C:\Users\Admin\Downloads\ArcInstaller.exe

"C:\Users\Admin\Downloads\ArcInstaller.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,10627158355369108346,18270129004082222856,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,10627158355369108346,18270129004082222856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,10627158355369108346,18270129004082222856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,10627158355369108346,18270129004082222856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,10627158355369108346,18270129004082222856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc0decc40,0x7fffc0decc4c,0x7fffc0decc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1728,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1992,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3564,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,15801335967583331041,14455243240252872425,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4744 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8699830-fe29-4831-b367-f6d36d678fd7} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2312 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a587e85-530d-4342-84b1-cd7c6dc58d6f} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fca8590-410f-4a65-a817-c327f33445f1} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1324 -childID 2 -isForBrowser -prefsHandle 2792 -prefMapHandle 2720 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bb08d81-e95f-48f7-8b1d-354a207a45b7} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 4780 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d00d5d38-d9ba-4fcc-b2b6-4f0119617cc5} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 4832 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2f185b-ff41-4460-acd9-1c9b0858abc3} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5508 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc78e559-a77f-4899-84cf-c442ea6f2084} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5720 -prefMapHandle 5724 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {296112da-ba96-45fc-ac49-f409f5afd78b} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Users\Admin\Desktop\ArcInstaller.exe

"C:\Users\Admin\Desktop\ArcInstaller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc0decc40,0x7fffc0decc4c,0x7fffc0decc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1728 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1956,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1844 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3780,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4352,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4964,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3428,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3496,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5136,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5312,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5416,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5108,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3444,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3472,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4740,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5700,i,10549620074223687052,5589657324503909008,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5424 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU5B9.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgwODQyRUYtMTZDOS00MzQxLTkwOTAtRTNBQ0QyMUI1ODI4fSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCQjkzMUE0Ri0yNUEzLTQ5MTgtODlGMS1GODIxNTI1N0UyQTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5MzE1MzUzMDUiIGluc3RhbGxfdGltZV9tcz0iNjUxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{680842EF-16C9-4341-9090-E3ACD21B5828}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgwODQyRUYtMTZDOS00MzQxLTkwOTAtRTNBQ0QyMUI1ODI4fSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNjNEQzJBRS1FNTNDLTQyMjctODZDQi1DQjY3NUZCNDYxQTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTA2IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjkzNTYzNTIwOSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,13393898640735943444,17726906334210838960,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,13393898640735943444,17726906334210838960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,13393898640735943444,17726906334210838960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13393898640735943444,17726906334210838960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13393898640735943444,17726906334210838960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{133C3CDD-B9BA-4112-AF59-69B0AE8B9D03}\EDGEMITMP_55AA1.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff67bf288c0,0x7ff67bf288cc,0x7ff67bf288d8

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgwODQyRUYtMTZDOS00MzQxLTkwOTAtRTNBQ0QyMUI1ODI4fSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntERUEyMEYwMy1COUVGLTQwMkEtOTcxRS0wRjRCN0ZDMzVEQUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTQ4Nzc1MTg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjk0ODgyNTMyNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyODMxMzM2NzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MjYwMDU4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUsyR0hrUEglMmJjb1RjdW5HeThPR2Z2SWt6RXp2SjElMmZHeW5pM2Z2b1l3UWNKYTZjNGZDWGJMaXJUWVMwNHQ0bFkyWllDY1VQNHMwT1Y3UVc0d2wlMmJpaFpnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBkb3dubG9hZF90aW1lX21zPSIyNjY3NiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyODMyMzM5MzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mjk3MDMzODI1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzQxNTkzODg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTU1IiBkb3dubG9hZF90aW1lX21zPSIzMzQyOSIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDQ1NSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" OptionalFeaturesAdminHelper

C:\Windows\system32\OptionalFeatures.exe

"C:\Windows\system32\OptionalFeatures.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc0decc40,0x7fffc0decc4c,0x7fffc0decc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=2232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,3867480740444782634,18122040201668304892,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4628 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe

C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1EE35\RobloxStudioInstaller.exe -relaunch

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f0582db71b134926\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,6677313952763764766,6200530304765658107,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,6677313952763764766,6200530304765658107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,6677313952763764766,6200530304765658107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,6677313952763764766,6200530304765658107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,6677313952763764766,6200530304765658107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1588.6948.6890360015158181423

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x184,0x188,0x18c,0x160,0x100,0x7fffa8b6ceb8,0x7fffa8b6cec4,0x7fffa8b6ced0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1716,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1680 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=1988,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2004 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2236,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:8

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3652,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4076,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3660,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4920,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5064,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5128,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 623, 0, 6230555" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4128,i,12638755950007799747,2761274687690996470,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc0decc40,0x7fffc0decc4c,0x7fffc0decc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=1740 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4636 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4780 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4240 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4984 /prefetch:1

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3772,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3448,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3748,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=212,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5352 /prefetch:1

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe

"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DAB4169F-756E-4A80-A2BC-EE3723268B6E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DAB4169F-756E-4A80-A2BC-EE3723268B6E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{DC88E1BF-DB35-40A1-AF40-059C6061FC17}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REM4OEUxQkYtREIzNS00MEExLUFGNDAtMDU5QzYwNjFGQzE3fSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntENDBCQzc4OS1BNTIxLTRGRDQtQjYwNS1CRTc2RDk0QTAyRDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzcyODQxOTUyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzczMDkwNjY2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY2MTM3MDQzMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MjYwNDAwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWpFQXdhZWlKN3NkNDd6JTJmck5QNzNkRkU0MjFLZklZVldkQW45Nm5ia3U2RkVFUVNkUjhjVjIlMmZSeSUyYnJhb3M1RnNOalQwdEJ0dDJMVjJlMTR6eml4dkdBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NjE1MjY1MDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MjYwNDAwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWpFQXdhZWlKN3NkNDd6JTJmck5QNzNkRkU0MjFLZklZVldkQW45Nm5ia3U2RkVFUVNkUjhjVjIlMmZSeSUyYnJhb3M1RnNOalQwdEJ0dDJMVjJlMTR6eml4dkdBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjI0NTM0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjYxNTI2NTAzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjY2NjgyOTcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTEyOTExMjYwOTU5NjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNC4wLjI0NzguNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTEyOTExNzQ4MzU5MDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0UzRUM4NDUxLUZEQTQtNEUzMS1BM0Y3LTFBRENEQzk3OUE0RX0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUBD49.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{DC88E1BF-DB35-40A1-AF40-059C6061FC17}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REM4OEUxQkYtREIzNS00MEExLUFGNDAtMDU5QzYwNjFGQzE3fSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MDkyQjkxMjEtMDcxQS00RDE3LTk4RUItQ0U2NjgwQzgxMzBDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQ2NTUyNTUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjc2NjgyNjg5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3464,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5560,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4956,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5600,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3808,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4760,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5672,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6008,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4916 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5700,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4612,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5668,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5972 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5980,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5912 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5928,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5940,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4284,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5128,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3152,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5640 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004B4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=4836,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6332,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6512,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6632,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6664,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5904,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6276,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6268,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=4324,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6280 /prefetch:1

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EpicInstaller-15.17.1.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 553B8E62EB06397AEA071B49E0D0ED2E C

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI1088.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241504406 5 CustomActionManaged!CustomActionManaged.CustomActions.ValidatePathLength

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 56C97D36DF24DACF0AE0260721950402

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI14EC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241505515 10 CustomActionManaged!CustomActionManaged.CustomActions.TelemetrySendStart

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI1B75.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241507203 16 CustomActionManaged!CustomActionManaged.CustomActions.SetStartupCmdlineArgs

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI203A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241508406 22 CustomActionManaged!CustomActionManaged.CustomActions.CheckReparsePoints

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9DFBC54BB2F6C68FDCA39DFCF4A413F2 E Global\MSI0000

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI4FB7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241520625 31 CustomActionManaged!CustomActionManaged.CustomActions.MoveChainerToFolder

C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe

"C:\Program Files (x86)\Epic Games\DirectXRedist\DXSETUP.exe" /silent

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM1REMxRDAtNjNGNi00RUE2LUEwNUItREM3QkY4RjU4RDVEfSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjdEODA2NDItRUM2Qi00MzcyLTg1NEUtQTg2MDk5NDI2RUJEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTM1MjA3MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODAxNzg0MDg0NTM3MTkiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY4MjE0NzQxNSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\SysWOW64\icacls.exe

"icacls.exe" "C:\Program Files (x86)\Epic Games\Launcher" /grant "BUILTIN\Users":(OI)(CI)F

C:\Windows\SysWOW64\icacls.exe

"icacls.exe" "C:\ProgramData\Epic" /grant "BUILTIN\Users":(OI)(CI)F

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI7A84.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241531515 50 CustomActionManaged!CustomActionManaged.CustomActions.TelemetrySendEnd

C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\InstallChainer.exe" 44 "C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\EOS\EpicOnlineServices.msi" "EOSPRODUCTID=EpicGamesLauncher" "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI8C2A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241536031 59 CustomActionManaged!CustomActionManaged.CustomActions.SetLauncherEpicGamesDirLoc

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI8C98.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241536140 65 CustomActionManaged!CustomActionManaged.CustomActions.SetLauncherInstallDirLoc

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI8DE1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241536484 71 CustomActionManaged!CustomActionManaged.CustomActions.SetServiceWrapperDirLoc

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI90C1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241537203 77 CustomActionManaged!CustomActionManaged.TelemetryActions.TelemetrySendStart

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI9CCB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241540296 99 CustomActionManaged!CustomActionManaged.CustomActions.RegisterProductID

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSICEF9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241553140 110 CustomActionManaged!CustomActionManaged.CustomActions.CopyServiceWrapper

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSID013.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241553406 118 CustomActionManaged!CustomActionManaged.CustomActions.CreateRegistryKeys

C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe

"C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServices.exe" --runApplication=createConfig

C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe

"C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" install

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSID4AA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241554578 262 CustomActionManaged!CustomActionManaged.CustomActions.ExecuteComponents

C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe

"C:\Program Files (x86)\Epic Games\Epic Online Services\EpicOnlineServicesUserHelper.exe" --setup

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSID622.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241554953 269 CustomActionManaged!CustomActionManaged.TelemetryActions.TelemetrySendEnd

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C34E1F74-DE18-4659-AB5E-8CA3A3B7BF9B}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C34E1F74-DE18-4659-AB5E-8CA3A3B7BF9B}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7452,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM1REMxRDAtNjNGNi00RUE2LUEwNUItREM3QkY4RjU4RDVEfSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswREEzMEVCQy1GRDM5LTQ0RUUtODg1Qi04MjY3RUM1RDFFNjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjk2MjIzNzI1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2OTYzNjM3ODUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMTQ5NjI5MDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTI2MDczMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1FcHklMmJmJTJicEp5dmRoRk9xb09qVnRVTWd5blElMmY1bDclMmJwNnoxVE1iVmE0dFpya3RwY0VueHdyUlc5elI1djZQJTJibFFNMU5YYlc3cjF1SFJFTHFhTjhsS0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDE1MTIxMTY2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTI2MDczMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1FcHklMmJmJTJicEp5dmRoRk9xb09qVnRVTWd5blElMmY1bDclMmJwNnoxVE1iVmE0dFpya3RwY0VueHdyUlc5elI1djZQJTJibFFNMU5YYlc3cjF1SFJFTHFhTjhsS0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSIyNzE3OSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDE1MTM5Mjk1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMjE1MzQ1ODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDAyNzU4MTM0OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg5NCIgZG93bmxvYWRfdGltZV9tcz0iMzE4NzQiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYwMSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7704,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7832,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7864,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7608,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7576 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7860,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=5096,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7792 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6bd7f88c0,0x7ff6bd7f88cc,0x7ff6bd7f88d8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8120,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6392 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7888,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=8212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8336,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7700 /prefetch:8

C:\Users\Admin\Downloads\AutoClicker-3.0.exe

"C:\Users\Admin\Downloads\AutoClicker-3.0.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6bd7f88c0,0x7ff6bd7f88cc,0x7ff6bd7f88d8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=5952,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7800 /prefetch:1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe" /quiet /log "C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/SelfUpdatePrereqInstall.log"

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe" /quiet /log "C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/SelfUpdatePrereqInstall.log" -burn.unelevated BurnPipe.{64356073-74F3-4D5C-8BF3-CFA6C7E3D2A5} {3A94DB45-473E-4A6F-B72A-6C97EFA4821C} 21868

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4D2F14055872B1EA2AD64DB85D41D5EE E Global\MSI0000

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSICDD2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241618453 276 CustomActionManaged!CustomActionManaged.CustomActions.InstallDirectX

C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe

"C:\Windows\Installer\MSICDD2.tmp-\DXSetup.exe" /silent

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe X3DAudio1_7_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe D3DX9_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe d3dx10_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe d3dx11_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe d3dcsx_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe D3DCompiler_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe XAudio2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSID8DF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241621218 282 CustomActionManaged!CustomActionManaged.CustomActions.SetupLauncherLinkProtocol

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSID9F9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241621500 288 CustomActionManaged!CustomActionManaged.CustomActions.SetupLauncherShortcuts

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe

"C:/Program Files (x86)/Epic Games/Launcher/Portal/Binaries/Win32/EpicGamesLauncher.exe" -Commandlet=selfupdateinstall -newinstancecommand="IC1TYXZlVG9Vc2VyRGlyIC1NZXNzYWdpbmc$" -ForcedRestart

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /T /IM EpicWebHelper.exe

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

"C:/Program Files (x86)/Epic Games/Launcher/Portal/Binaries/Win64/EpicGamesLauncher.exe" -SaveToUserDir -Messaging -ForcedRestart

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=gpu-process --field-trial-handle=2056,15595534272232288870,11148083894684450316,131072 --disable-features=CalculateNativeWinOcclusion --no-sandbox --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/16.5.1-33263044+++Portal+Release-Live UnrealEngine/4.27.0-33263044+++Portal+Release-Live Chrome/90.0.4430.212" --lang=en --gpu-preferences=SAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15595534272232288870,11148083894684450316,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/16.5.1-33263044+++Portal+Release-Live UnrealEngine/4.27.0-33263044+++Portal+Release-Live Chrome/90.0.4430.212" --lang=en --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=renderer --no-sandbox --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --field-trial-handle=2056,15595534272232288870,11148083894684450316,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/16.5.1-33263044+++Portal+Release-Live UnrealEngine/4.27.0-33263044+++Portal+Release-Live Chrome/90.0.4430.212" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe

"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/EpicWebHelper.exe" --type=renderer --no-sandbox --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --field-trial-handle=2056,15595534272232288870,11148083894684450316,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Admin/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --user-agent-product="EpicGamesLauncher/16.5.1-33263044+++Portal+Release-Live UnrealEngine/4.27.0-33263044+++Portal+Release-Live Chrome/90.0.4430.212" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQ5MjQ5MzctODRFQS00QjVCLTg4QzQtQTM1MTNCQzBFREFGfSIgdXNlcmlkPSJ7QTE3ODU3REItNzNGRi00QjU3LUE0NzktMDk2MTBBMUM1RkFCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMkU3MTQyNS00REY2LTQyQzQtQTkxRC0zQzQzRDJBQ0IwMTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjc1Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMxIiBwaW5nX2ZyZXNobmVzcz0iezVFQUEyMzBDLTQ2QzctNDYzOC1CQzc1LUUwRDk5OTI3N0VDQn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTEyOTMyNjAyMzA5MTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MTU0MDY0NTgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MTU0MjI3MTY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MjI5MjA2OTYzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MjU4NDYzMzU3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDk3Njk2ODk0NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ0NjciIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iNzE4NDkiLz48cGluZyBhY3RpdmU9IjEiIGFkPSI2MzMxIiByZD0iNjMzMSIgcGluZ19mcmVzaG5lc3M9IntFMEVDMTJFMC0yMDE5LTREMTYtQkFBMi1FRTU1Qzg4OTlGMTB9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNC4wLjI0NzguNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgY29ob3J0PSJycmZAMC4xNiIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTkxMjkxMTc0ODM1OTAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzMzEiIHBpbmdfZnJlc2huZXNzPSJ7NkI1RkNGQUEtRTYwNy00OUY5LThCNTEtNUMyQ0I5Nzk5MkZDfSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 25649 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23305208-3faa-46df-a4f4-3f1f88c9a3b4} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2340 -parentBuildID 20240401114208 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 25685 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbb47ece-a07d-47f7-bff3-5b5c22a75a1f} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 2656 -prefsLen 25826 -prefMapSize 244658 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a8ce3c8-4071-4b32-857b-0d50b43a23e5} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3152 -prefMapHandle 3180 -prefsLen 31059 -prefMapSize 244658 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02aa2390-edb3-49c3-94cf-b9ce8ad812ae} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 31166 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3ceb9f9-4112-4431-a8d8-cf2b9d87d25e} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -childID 3 -isForBrowser -prefsHandle 4904 -prefMapHandle 4888 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fed242d-a7b4-449e-840d-2b901ffe61df} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c6d7be-6e8f-4813-8ec1-91f030e6ca5b} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 5 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d13991-2776-4870-9c23-85a524ca0bb9} 20504 "\\.\pipe\gecko-crash-server-pipe.20504" tab

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"

C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\..\..\..\Portal\Binaries\Win64\EpicGamesLauncher.exe"

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=5584,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=6644,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8204,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=4488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8344,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=8196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=4552,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=8004 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8156,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=7508 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,45096664841485608,18344314709822449454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=5544,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=8332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6744,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=8068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2984,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5964,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=5340 /prefetch:8

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=6716,i,11497531085374353297,18342803013759874549,262144 --variations-seed-version=20240501-180159.078000 --mojo-platform-channel-handle=6740 /prefetch:1

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaf863cb8,0x7fffaf863cc8,0x7fffaf863cd8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx" /o ""

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Files.docx" /o ""

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3ec3855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.18.31.160:443 releases.arc.net tcp
US 104.18.31.160:443 releases.arc.net tcp
US 34.120.195.249:443 o298668.ingest.us.sentry.io tcp
US 104.18.31.160:443 releases.arc.net tcp
US 34.120.195.249:443 o298668.ingest.us.sentry.io tcp
US 34.120.195.249:443 o298668.ingest.us.sentry.io tcp
GB 2.18.66.162:443 tcp
GB 2.18.66.162:443 tcp
DE 51.116.246.105:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.152:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.185:443 www.bing.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 44.233.67.78:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:50154 tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
N/A 127.0.0.1:50171 tcp
US 34.120.195.249:443 o298668.ingest.us.sentry.io tcp
US 104.18.31.160:443 releases.arc.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 consent.google.com tcp
FI 95.216.163.36:443 www.torproject.org tcp
FI 95.216.163.36:443 www.torproject.org tcp
FI 95.216.163.36:443 www.torproject.org tcp
FI 95.216.163.36:443 www.torproject.org tcp
FI 95.216.163.36:443 www.torproject.org tcp
FI 95.216.163.36:443 www.torproject.org tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 18.239.208.26:443 static.rbxcdn.com tcp
US 2.18.190.73:443 images.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 2.18.190.81:443 js.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 128.116.102.4:443 roblox.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
GB 128.116.119.4:443 metrics.roblox.com tcp
US 2.18.190.83:443 apis.rbxcdn.com tcp
GB 128.116.119.4:443 metrics.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com udp
GB 128.116.119.4:443 metrics.roblox.com tcp
US 18.239.208.47:443 setup.rbxcdn.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:51063 tcp
N/A 127.0.0.1:51067 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:51070 tcp
US 2.18.190.72:443 setup.rbxcdn.com tcp
US 2.18.190.72:443 setup.rbxcdn.com tcp
US 2.18.190.72:443 setup.rbxcdn.com tcp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
GB 2.18.66.162:443 tcp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 150.171.27.254:443 ax-ring.msedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.194:443 www.bing.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:51652 tcp
GB 2.18.66.162:443 tcp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 52.247.12.246:443 c4279b0f80d47bdc01f5e519e1f0f9c3.azr.footprintdns.com tcp
US 8.8.8.8:53 254.128.123.52.in-addr.arpa udp
US 8.8.8.8:53 246.12.247.52.in-addr.arpa udp
DE 51.116.246.105:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.152:443 www.bing.com tcp
NL 23.62.61.152:443 www.bing.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
NL 23.62.61.185:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
N/A 127.0.0.1:52187 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52190 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52195 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52198 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
US 18.239.208.114:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:52202 tcp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
US 152.199.19.161:443 fp-vp-nocache.azureedge.net tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
GB 128.116.119.4:443 ephemeralcounters.api.roblox.com tcp
N/A 127.0.0.1:52337 tcp
N/A 127.0.0.1:52350 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52353 tcp
N/A 127.0.0.1:52370 tcp
N/A 127.0.0.1:52382 tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 2.18.190.78:443 static.rbxcdn.com tcp
US 2.18.190.78:443 static.rbxcdn.com tcp
GB 3.162.20.91:443 images.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
GB 13.224.81.3:443 js.rbxcdn.com tcp
GB 13.224.81.3:443 js.rbxcdn.com tcp
GB 13.224.81.3:443 js.rbxcdn.com tcp
GB 13.224.81.3:443 js.rbxcdn.com tcp
GB 13.224.81.3:443 js.rbxcdn.com tcp
GB 13.224.81.3:443 js.rbxcdn.com tcp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 18.239.208.20:443 css.rbxcdn.com tcp
US 104.18.33.170:443 roblox-api.arkoselabs.com tcp
NL 128.116.21.4:443 roblox.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 3.81.224.13.in-addr.arpa udp
GB 128.116.119.4:443 metrics.roblox.com udp
GB 128.116.119.4:443 metrics.roblox.com tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 2.18.190.83:443 apis.rbxcdn.com tcp
GB 128.116.119.4:443 metrics.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 20.140.151.75:443 fp-afd.azureedge.us tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 75.151.140.20.in-addr.arpa udp
KR 20.194.51.173:443 bd703fb0cc7747d656fab00d7931026f.clo.footprintdns.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com udp
DE 51.116.246.105:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:443 dns.google udp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 3.162.20.91:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
US 2.18.190.76:443 apis.rbxcdn.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
GB 51.11.108.188:443 tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
N/A 127.0.0.1:53183 tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
CH 20.203.155.189:443 d1fbf4b45187d689278a89005984fcc1.clo.footprintdns.com tcp
US 4.150.240.254:443 arm-ring.msedge.net tcp
US 52.108.8.254:443 wac-ring.msedge.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.180.1:443 www-digitalcitizen-life.webpkgcache.com tcp
GB 142.250.180.1:443 www-digitalcitizen-life.webpkgcache.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.206:443 play.google.com tcp
NL 96.16.53.139:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 13.107.234.254:443 t-s2-ring.msedge.net tcp
FR 20.111.37.79:443 par21prdapp01-canary.netmon.azure.com tcp
US 8.8.8.8:53 254.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 254.234.107.13.in-addr.arpa udp
US 8.8.8.8:53 79.37.111.20.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 2.18.66.162:443 tcp
GB 2.18.66.162:443 tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 52.108.8.254:443 wac-ring.msedge.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 cdn1.unrealengine.com udp
US 8.8.8.8:53 components.unrealengine.com udp
US 8.8.8.8:53 epic-social-social-modules-prod.ol.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.epicgames.com udp
US 8.8.8.8:53 cdn2.unrealengine.com udp
US 18.239.208.32:443 components.unrealengine.com tcp
US 18.239.208.32:443 components.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 18.239.208.85:443 epic-social-social-modules-prod.ol.epicgames.com tcp
US 104.18.2.64:443 store.epicgames.com tcp
US 54.235.50.208:443 tracking.epicgames.com tcp
US 104.18.2.64:443 store.epicgames.com udp
US 151.101.2.133:443 media.graphassets.com tcp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 104.18.2.64:443 store.epicgames.com udp
US 18.239.208.62:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 18.239.208.62:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 2.18.190.79:443 epicgames-download1.akamaized.net tcp
US 8.8.8.8:53 62.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 184.30.157.148:443 cdn2.unrealengine.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
US 172.67.181.180:443 ubuntuhandbook.org tcp
US 172.67.181.180:443 ubuntuhandbook.org tcp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 172.67.181.180:443 ubuntuhandbook.org udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.8:443 ssl.google-analytics.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
BE 192.178.24.131:443 csi.gstatic.com tcp
NL 74.125.8.199:443 rr2---sn-5hneknes.googlevideo.com tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
BE 192.178.24.131:443 csi.gstatic.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 185.77.97.131:443 www.wubuntu.org tcp
GB 185.77.97.131:443 www.wubuntu.org tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.3:443 www.recaptcha.net tcp
GB 142.250.178.3:443 www.recaptcha.net tcp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
GB 142.250.178.3:443 www.recaptcha.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 185.77.97.131:443 www.wubuntu.org tcp
GB 185.77.97.131:443 www.wubuntu.org udp
NL 154.41.249.235:443 www.wubuntu.org udp
US 104.18.12.149:443 sourceforge.net tcp
US 104.18.12.149:443 sourceforge.net tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com tcp
US 104.18.16.56:443 a.fsdn.com udp
GB 89.187.167.3:443 cdn.consentmanager.net tcp
US 104.18.5.227:443 c.sf-syn.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 56.16.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 227.5.18.104.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 104.18.12.149:443 sourceforge.net udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
GB 142.250.187.193:443 16aaa830e6821f8c3936cbbbc77564db.safeframe.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
GB 142.250.187.193:443 16aaa830e6821f8c3936cbbbc77564db.safeframe.googlesyndication.com tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
BE 192.178.24.131:443 csi.gstatic.com tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
RS 185.119.90.247:443 unlimited.dl.sourceforge.net tcp
GB 89.187.167.3:443 cdn.consentmanager.net tcp
BE 192.178.24.131:443 csi.gstatic.com udp
BE 192.178.24.131:443 csi.gstatic.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 142.250.187.193:443 16aaa830e6821f8c3936cbbbc77564db.safeframe.googlesyndication.com tcp
US 35.169.101.1:443 datarouter.ol.epicgames.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 img.youtube.com udp
GB 142.250.179.238:443 img.youtube.com tcp
US 8.8.8.8:53 f024d9b77b48b10f861e92d00556abde.safeframe.googlesyndication.com udp
GB 142.250.187.193:443 f024d9b77b48b10f861e92d00556abde.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 87.248.205.0:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 52.1.251.204:443 datarouter.ol.epicgames.com tcp
US 8.8.8.8:53 api.epicgames.dev udp
US 3.231.106.61:443 api.epicgames.dev tcp
US 34.196.123.54:443 api.epicgames.dev tcp
US 54.164.144.94:443 account-public-service-prod03.ol.epicgames.com tcp
US 18.239.208.62:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 8.8.8.8:53 www.google.com udp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
GB 142.250.178.4:443 www.google.com udp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 8.8.8.8:53 play.google.com udp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.21.74.250:443 www.opautoclicker.com tcp
US 104.21.74.250:443 www.opautoclicker.com tcp
US 104.21.74.250:443 www.opautoclicker.com tcp
US 104.21.74.250:443 www.opautoclicker.com tcp
US 104.21.74.250:443 www.opautoclicker.com tcp
GB 142.250.187.206:443 play.google.com tcp
US 104.21.74.250:443 www.opautoclicker.com udp
US 8.8.8.8:53 250.74.21.104.in-addr.arpa udp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.12.149:443 sourceforge.net udp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 104.18.16.56:443 a.fsdn.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 142.250.187.193:443 d3c2c6d86a2e9ac836ca91902b8d21b9.safeframe.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
RS 185.119.90.247:443 unlimited.dl.sourceforge.net tcp
RS 185.119.90.247:443 unlimited.dl.sourceforge.net tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
GB 142.250.187.193:443 d3c2c6d86a2e9ac836ca91902b8d21b9.safeframe.googlesyndication.com tcp
GB 142.250.178.3:443 www.recaptcha.net tcp
GB 142.250.178.3:443 www.recaptcha.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.3:443 www.recaptcha.net udp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
US 104.18.50.184:80 cloudflare.epicgamescdn.com tcp
GB 142.250.178.3:443 www.recaptcha.net udp
GB 89.187.167.2:443 cdn.consentmanager.net tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 2.167.187.89.in-addr.arpa udp
GB 142.250.187.193:443 fdce6a898d801efbd6a59eda28792ce7.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 datarouter.ol.epicgames.com udp
US 34.233.217.227:443 datarouter.ol.epicgames.com tcp
US 152.199.19.74:80 ocsp.thawte.com tcp
US 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 227.217.233.34.in-addr.arpa udp
US 54.157.123.125:443 account-public-service-prod03.ol.epicgames.com tcp
US 54.157.123.125:443 account-public-service-prod03.ol.epicgames.com tcp
US 18.239.208.17:443 launcher-public-service-prod06.ol.epicgames.com tcp
US 104.18.21.94:443 www.epicgames.com tcp
US 104.18.21.94:443 www.epicgames.com tcp
US 8.8.8.8:53 17.208.239.18.in-addr.arpa udp
US 2.18.190.80:80 apps.identrust.com tcp
US 18.239.208.26:443 static-assets-prod.unrealengine.com tcp
US 18.239.208.26:443 static-assets-prod.unrealengine.com tcp
US 54.235.50.208:443 tracking.epicgames.com tcp
US 35.186.247.156:443 sentry.io tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 18.239.208.109:443 static-assets-prod.unrealengine.com tcp
US 35.186.247.156:443 sentry.io udp
US 104.18.23.33:443 tcp
US 104.18.23.33:443 tcp
US 104.18.23.33:443 tcp
US 104.18.23.33:443 tcp
US 104.18.125.91:443 tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
N/A 127.0.0.1:62307 tcp
N/A 127.0.0.1:62317 tcp
GB 2.18.66.162:443 tcp
GB 2.18.66.162:443 tcp
US 54.209.159.239:443 datarouter.ol.epicgames.com tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 8.8.8.8:53 094b78cde7be9efd41a062dde311b8d1.azr.footprintdns.com udp
CA 52.242.31.149:443 094b78cde7be9efd41a062dde311b8d1.azr.footprintdns.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 149.31.242.52.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.53.40.129:80 a19.dscg10.akamai.net tcp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
GB 216.58.201.110:443 redirector.gvt1.com udp
DE 51.116.246.105:443 browser.pipe.aria.microsoft.com tcp
GB 173.194.3.70:443 r1.sn-aigl6n6s.gvt1.com tcp
US 52.113.196.254:443 teams-ring.msedge.net tcp
GB 173.194.3.70:443 r1.sn-aigl6n6s.gvt1.com udp
US 8.8.8.8:53 254.196.113.52.in-addr.arpa udp
US 150.171.27.254:443 ax-ring.msedge.net tcp
US 150.171.32.254:443 exo-ring-fallback.msedge.net tcp
US 54.235.50.208:443 tracking.epicgames.com tcp
US 8.8.8.8:53 ln-ring.msedge.net udp
US 13.107.219.254:443 t-ring-fallbacks1.msedge.net tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
US 54.235.50.208:443 tracking.epicgames.com tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 18.89.109.52.in-addr.arpa udp
SE 192.229.221.95:80 crl.thawte.com tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
US 8.8.8.8:53 166.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 195.61.62.23.in-addr.arpa udp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
US 3.232.205.6:443 account-public-service-prod03.ol.epicgames.com tcp
US 8.8.8.8:53 spo-ring.msedge.net udp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 8.8.8.8:53 t-ring-fdv2.msedge.net udp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
KR 20.194.51.173:443 055c228dc0c006e1843cf18721d1c994.azr.footprintdns.com tcp
US 8.8.8.8:53 dual-s-ring.msedge.net udp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
US 8.8.8.8:53 a-ring-fallback.msedge.net udp
US 8.8.8.8:53 wac-ring.msedge.net udp
US 52.108.8.254:443 wac-ring.msedge.net tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 20.141.12.34:443 fp-afd.azurefd.us tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 8.8.8.8:53 2d3bb6155f23566637d1a9e37384b745.azr.footprintdns.com udp
KR 52.231.217.206:443 2d3bb6155f23566637d1a9e37384b745.azr.footprintdns.com tcp
US 8.8.8.8:53 254.64.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.217.231.52.in-addr.arpa udp
US 52.113.196.254:443 teams-ring.msedge.net tcp
KR 52.231.217.206:443 56ff0d87ee95ff38259e5be0f6354695.azr.footprintdns.com tcp
US 8.8.8.8:53 arm-ring.msedge.net udp
US 4.150.240.254:443 arm-ring.msedge.net tcp
US 52.247.12.246:443 481aa0db4165ad7c5f21fe2a699bd026.azr.footprintdns.com tcp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
NL 23.62.61.162:443 metadata.templates.cdn.office.net tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 162.61.62.23.in-addr.arpa udp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 2.17.251.23:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 23.251.17.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
NL 23.62.61.195:443 purchase.mp.microsoft.com tcp
US 104.18.13.149:443 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 104.18.16.56:443 a.fsdn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.187.193:443 b0dfed4b090abc3953ae048ce41f808c.safeframe.googlesyndication.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 163.70.151.21:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
US 8.8.8.8:53 dy793rr2xtptx.cloudfront.net udp
IE 52.212.52.84:443 partner-api.jobbio.com tcp
US 18.239.190.173:443 dy793rr2xtptx.cloudfront.net tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
US 8.8.8.8:53 173.190.239.18.in-addr.arpa udp
US 18.239.190.163:443 d1avm1cbyhi830.cloudfront.net tcp
US 18.239.190.163:443 d1avm1cbyhi830.cloudfront.net tcp
US 18.239.190.163:443 d1avm1cbyhi830.cloudfront.net tcp
US 18.239.190.163:443 d1avm1cbyhi830.cloudfront.net tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
US 18.239.190.163:443 d1avm1cbyhi830.cloudfront.net tcp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 18.239.208.114:443 d2q79iu7y748jz.cloudfront.net tcp
US 18.239.208.114:443 d2q79iu7y748jz.cloudfront.net tcp
US 18.239.208.114:443 d2q79iu7y748jz.cloudfront.net tcp
US 18.239.208.114:443 d2q79iu7y748jz.cloudfront.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 163.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
SE 79.142.76.130:443 altushost-swe.dl.sourceforge.net tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 52.212.52.84:443 partner-api.jobbio.com tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
IE 54.216.252.255:443 jobs.slashdot.org tcp
US 18.239.190.163:443 d1avm1cbyhi830.cloudfront.net tcp
US 147.203.60.11:443 a.slashdotmedia.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 13.89.179.13:443 browser.pipe.aria.microsoft.com tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.178.3:443 www.recaptcha.net udp
US 8.8.8.8:53 225b8be1ee28e5a121772918c72b0b9e.safeframe.googlesyndication.com udp
GB 142.250.178.3:443 www.recaptcha.net tcp
GB 142.250.187.193:443 225b8be1ee28e5a121772918c72b0b9e.safeframe.googlesyndication.com tcp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
AU 13.70.79.200:443 browser.pipe.aria.microsoft.com tcp
GB 20.108.172.194:443 04b4b721ad15c3f2de8cb50d9f33f48a.azr.footprintdns.com tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 150.171.23.254:443 ln-ring-fallback.msedge.net tcp
NL 23.62.61.75:443 www.bing.com tcp
US 52.182.143.214:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 52.182.143.214:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 ax-ring.msedge.net udp
US 150.171.27.254:443 ax-ring.msedge.net tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
SE 192.229.221.95:80 crl.thawte.com tcp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.18.32.137:443 epicgames-privacy.my.onetrust.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 4.150.240.254:443 arm-ring.msedge.net tcp
US 8.8.8.8:53 dual-s-ring.msedge.net udp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
NL 23.73.0.190:443 ow1.res.office365.com tcp
US 52.182.143.214:443 browser.pipe.aria.microsoft.com tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 8.8.8.8:53 static-ecst.licdn.com udp
FR 152.199.21.118:443 static-ecst.licdn.com tcp
US 8.8.8.8:53 190.0.73.23.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
SE 192.229.221.95:80 crl.thawte.com tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
N/A 239.255.255.250:3702 udp
N/A 239.255.255.250:3702 udp
US 20.42.73.30:443 browser.pipe.aria.microsoft.com tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
US 13.78.175.221:443 42b2a2844c0da8545bfc21085f27b440.clo.footprintdns.com tcp
US 8.8.8.8:53 a-ring-fallback.msedge.net udp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 150.171.27.254:443 ax-ring.msedge.net tcp
CH 20.199.196.24:443 7e99d1f140ffb6439413b09ac1ff2f0c.azr.footprintdns.com tcp
US 13.107.3.254:443 bcdff58735825739f3352ebf0ca7db2f.clo.footprintdns.com tcp
US 8.8.8.8:53 mcr-ring.msedge.net udp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 152.199.19.161:443 fp-vs.azureedge.net tcp

Files

\??\pipe\crashpad_4640_RXCOWKRWWNOEDQMT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Unconfirmed 667994.crdownload

MD5 1ee70b8d1601de86aaf484371b2f2e2e
SHA1 a3a19acb99c80868a59692fb8d2f124f845ff2a3
SHA256 100960cfe31cbb00932ed72dab28fbc6c8663414ec9a2a540dd42891b4c3da2f
SHA512 f0b4044427bc304663f57413f768cccb82e5b2ba4ea551863293d49eb8b3ce05679408bf0f157d9e32eb40be71ed7b7568393fa9bc92711216061c8e39a63a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d60694fcd879280d4c1c71b70c15d0b1
SHA1 c2a489930b42adea0fb61144add3a5e61de7b62d
SHA256 5edd2233d8ae82342d566ce6454ca614627c1c39ba8d1c660362b535eb0c245b
SHA512 7d690b93aa7b7b5617a757460435bbdc5864572091132720c95329bb1ff0d320a3fdabde8622dc2ee1f6660fe395bb64ed93543e4e5eab4919b77b7e1b6de181

C:\Users\Admin\Downloads\ArcInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 60580ead288a1067294a7f52ff8c9efd
SHA1 f24fd87ca81a395cb46ced326a1bb940bde12c3f
SHA256 5bb4f8ae70820a75af6fda44a76ece49a1b688823b9d13d6ab9db5363403ca2d
SHA512 40355c52612c6d3a55cf0b5367b4036fdef79bf8cf6e24db3eb51854b8cecd5b1d47b8f67be4dd73909eb4ab798f894f4db9b217f6ce116c549afc1d6d6eef5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 750895dfa771121093f8f36a20985583
SHA1 9590069c2718346416f7688b718e8bf79b65f5dd
SHA256 16510aaf3fa1da856462a376b50eba0005c6d3ce3ed9e241e5f35c2664bfae83
SHA512 f1e70a51a737de20c4364a159346e3730b0a8e479db09843c63095cf8b64a3cfd629031d0c9d12c16bda285e4fe6d20295e0a0766bb4e1d8b3478a6e292b353e

memory/1880-72-0x00007FFFAB543000-0x00007FFFAB545000-memory.dmp

memory/1880-73-0x00000209235B0000-0x0000020923768000-memory.dmp

memory/1880-75-0x0000020923BC0000-0x0000020923BC8000-memory.dmp

memory/1880-74-0x0000020923BB0000-0x0000020923BBA000-memory.dmp

memory/1880-76-0x000002093E190000-0x000002093E23E000-memory.dmp

memory/1880-77-0x000002093DC20000-0x000002093DCA2000-memory.dmp

memory/1880-78-0x0000020923BE0000-0x0000020923BE8000-memory.dmp

memory/1880-79-0x00007FFFAB540000-0x00007FFFAC002000-memory.dmp

memory/1880-81-0x0000020925540000-0x0000020925548000-memory.dmp

memory/1880-80-0x000002093E240000-0x000002093E266000-memory.dmp

memory/1880-83-0x000002093DCB0000-0x000002093DCB8000-memory.dmp

memory/1880-84-0x000002093E280000-0x000002093E28A000-memory.dmp

memory/1880-85-0x000002093DCA0000-0x000002093DCAA000-memory.dmp

memory/1880-86-0x000002093EDE0000-0x000002093EDF6000-memory.dmp

memory/1880-87-0x000002093EE10000-0x000002093EE1A000-memory.dmp

memory/1880-88-0x0000020941BA0000-0x0000020941BDE000-memory.dmp

memory/1880-89-0x00007FFFAB540000-0x00007FFFAC002000-memory.dmp

memory/1880-92-0x0000020941D80000-0x0000020941DA2000-memory.dmp

memory/1880-91-0x0000020941C30000-0x0000020941C38000-memory.dmp

memory/1880-90-0x0000020941C50000-0x0000020941C76000-memory.dmp

memory/1880-93-0x0000020942BD0000-0x0000020942C8A000-memory.dmp

memory/1880-94-0x0000020943180000-0x0000020943188000-memory.dmp

memory/1880-95-0x0000020943BF0000-0x0000020943C28000-memory.dmp

memory/1880-96-0x00000209431F0000-0x00000209431FE000-memory.dmp

memory/1880-97-0x00000209440D0000-0x0000020944146000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5085db9ba9c2593edf864014fb420c0f
SHA1 28b510494c846ded1edbd84b90cc6112bdfc3fb3
SHA256 cb151997c346aa6ebd3391588099fb111cc3f2b9afb475f42c18ecc4d2a71010
SHA512 6868a94bee284ba04ffe4ea3d4a8bb5c807559f7dc9430f580fbbd920858b254e69f5e270c2ecf3719082baae2a3fefbecc0eaf4252a503cd47fa8c7e17c71a2

memory/1880-107-0x00007FFFAB540000-0x00007FFFAC002000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 861000ffd4f7162a569d69e7bf1fc117
SHA1 e36845bde3d529c84d13372f27e6d666f317e2b1
SHA256 8300b211567f053b735378dc3028d22e0df6a91d9e74753b4879b7275c76e8d3
SHA512 888794858fb9cc01ccd460caf187a90a5be30850053b1e3a330e9304dc19a4e629c15525325d3c4408d68db66dd14f9b67ac52a79e5c1f4e3eb0f79a6421b56b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8824dadc42081d0ca84176a9526da925
SHA1 de84b81c0ac7048ad6664b32c9798a346357bbb8
SHA256 968ded593ad251e427322319ac6377bed2bc7435d9a3fb85cff70c48d1582013
SHA512 6dd2c6ff89b1542dd1645e00582dad58eaa1dadb15e9a8ddba823be8b80d43d7e8c92898bcdf0d19d48646a28f8b092afc0395b1eb876464bb0bb4bb471493ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\arc-install.txt

MD5 33052da584a9050f672e256dc8614da6
SHA1 8fe621ba973a816cd0475e15dacf46d911f07bad
SHA256 42813b2a84aa5ba57aa7c174eeb0ff3772ab73ae486fa55ca6f62a9831ddb784
SHA512 7dbc5957683b86058130896edf0a8615282a0684c6189fb866733b03feb3421f9761da1de49e017d0c22dde52527cdaf3244ae774de098d9d7a9736bc979e1e3

C:\Users\Admin\AppData\Local\Sentry\7F91F275957D28EEE48F184E0B2D9ABD48A5EFF3\.installation

MD5 cede8a1e0e3df4fec3ffb10e58ff5b78
SHA1 a57e48aefccc9d7987c94d8296f31a2eb3ac22d8
SHA256 ec9b0a736de51ab150b0c9c53ea2b5e3dbeb8c24d575acd51f3fab5fb3e05c0d
SHA512 7d5fa258eea367b118b22c5cd80ed2e7a277d57efb4a45fe8a41d80267531c741ca5749e4043a06f12431cb1644eeb108558d7cc6fb66b108bf7f54b53a766b2

C:\Users\Admin\AppData\Local\Temp\arc-install.txt

MD5 c0579461e1af6a769da883610a53852f
SHA1 d31f6c13097712bf37c9d56a1ae1f851f31eaaa8
SHA256 1e96ebd1ddcc0a518075eecec352c96928dfb151d7dbb7e7e2ad5c7ca9ba7b1a
SHA512 0a06f6eb8ebd20c628feb255234d866aecb38715022cbf920ef0fc1a84af917444172fdb256cd571b1478aa30d469340146453d8f554faef3c505570e177b893

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 6519b69aeadb8f25058aed2681fbd97f
SHA1 f21546b140466c5d52d38b02e7dfe62b6765b40e
SHA256 45914858706e80a162abdfc7b47fa3c896f79f3a7b4b9e5ad4899b77dac7792b
SHA512 acc0dd275ca3789ef9682bfdb40f08ea3769589ed95e4c1fc8db16e4525012166950cef0cb25210137df8a40556187ed5e473f3b1ecaa3d2be1f991b5caa622b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0f25425fcda7474bc74cf6b914ce2262
SHA1 541620b08eedb97ada0840960b2c59391ba9a530
SHA256 b170ac8e893bcbc87746d28c5068393019160b9f798db01d364812cac69f1cbe
SHA512 f4c7257d8729f6d6338872ca36ed128349944c9efe8989dee267230e5ebae8675a3fba3ac3038a88d5b70977b767eee0c2423481c526ade354fb335592d80b7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0354ef8afd53bc4c27ab99144970a9c9
SHA1 7105316ebb6a50dc71cc5402c64bba847a7c95ae
SHA256 acef151efdca7eef151e0cc9e45d5945737c4ab7cd8493e3dd9acb49d8df6020
SHA512 af6d8f1010ab8181c6cbe4c64a0d72c20ddfc56257cb862570c410546ddc52d2f1a67e58b93e7548573091b0e7173f230868c28bc6ed0abb8116f850f7122893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01087ab510b8787a8de9450a649d3e21
SHA1 0524ecf07c7308104f8957c3fe0c2e98356764ce
SHA256 b2c180b33cf3e3a3c2ff155d9f430b51410e5df7a458c78da7e97c3b4b0fee34
SHA512 5d83bd27b7515c8d200a1442cc88af77fc33f95b9768345b096f92b745328e609c2306746981bb7f74b41366e1b217ac0faa108fd6528da572dcdca8a199f693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b1a9a8cb6b385767040ddae9f1c19446
SHA1 61903f2c509131b6e131c7521ee2fca8bc420ce0
SHA256 9e8f11568c5b97d3808c00f4b99e3b9c4a18296fd25cb1c20bfd2350724e8961
SHA512 07da39d5143f4181aa25727c883de40a790e627b8425ec703e110566086ce5a218c473351dd9e46c02f7bac208634ad70e685802e0caddc8c77ef178ed6c46e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b23ec0f45d552985e67c04b654ccfd2
SHA1 8f363231d3d8fc49c7be04fa49253897ee431c9c
SHA256 5f1dcec0af2f8de0953d5f81b6b1ffcae8aa2a172e85346106e541f6c8d7bfa4
SHA512 94f1bc2b470ced96ef1d0ca278ceb13324314a20690f73a18a7d033304c8ea8b7fbd0246a91ebd27d0674047861cda4ee76cb8ba754604f0e456b86c41edde81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 4895698bd37909e852703c6d5efd1e8c
SHA1 f0b19f9c89ac0dbb7b8774e54d3979b29dc580cf
SHA256 4d60cc82cc124eaf59e658be24e23af72e7d13cee941e0b325b8388c4563e2e3
SHA512 29aafb55cf97123e44bc39c7320651582ae31bc78eb110ab02cfa52c0e4b2dbb0105732fcbb3fedaae21e47ab61d2d1c1565def752b3292522bab0b18e113847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 9ac698a45994543b48492d1ddf9f7693
SHA1 cadfbaac0dd70a2de11a955d963b49837aad3895
SHA256 361936021d00bb0718e5289ba6eaef001cdcfe994a2a119b442f5daf8d9b3ee3
SHA512 ccb735c4786a80d6976645dc6ceefb45252f3e3222582a50a99a846d9128a9b41c196187ce3d9728e5e72b461fc5725f2eede015a026449588b29bc25be6bcbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 c46b21e17b8cafdc1891e564a38ffe3c
SHA1 50818aaa9867bf9e5fae0a6b619c3909ea1d9c61
SHA256 de392e9a853a36006e4dcdf7248b9ad47836cebc4fd4216b67d9ffac1e21ce6a
SHA512 9326a719b44bf6acb113902f30a411976cc61ff3472ca6eee62b6f69ccb36c7448cb3b4ae62e79dca101828a08e372a6d625ebb5183be9e9cdf29e5595861984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 4729e849a10dc562f3b6bcc8f7cb7e39
SHA1 f9ee04fe4deed07340d1845c97f71311bd4bd307
SHA256 45986b7eccfe677befcf8c1bd90d422f843882220ca6ae87ad7cdf127e1c7a76
SHA512 88fe06849528e95900ce503b4ecbbdb2b28aeca819c3cd958c74898756155ec4671055644c67822c76e09638bd46c6d817e7f8a1d3f4e91683cb4df19ccab8d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 b13d6f6ed8a1817be0b98ec41e2f6e59
SHA1 279f3b912f8d0eaefb485042d80f0d1564c84598
SHA256 3c8d3e1445a0cdbd39c42c24e4e00abf98c47ae9c84e4de0324cc8818d4f6607
SHA512 5ff82e5bc1dff5212e0e147ea3cf49c69d73656281efa4fab44a7441ed10c7657d9cea17c361abbedee3307edc393801ddc020069063040a9108536a295e8442

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 4d1c9b3840f560fd17d5da1619cfde0f
SHA1 74c3aeb2e37cbd832352d4867d91950dd7b5d5a7
SHA256 a2aaebb8a02f99b97d7c3e42a84cdfd5af9d166592b394d4101661691f51b0fd
SHA512 2ed2b88ff95d915cdbcffc31ceb4e97a02fd7dfb0f62c42c140d70271c9461d942c77d13714845eea6c1485440a2704b15359e272e08bcde935d964854935bda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 1db734b0ecaf7372e39d26fd75a63f6b
SHA1 798caf23f067508f4ddfe02750d80cc6bb9dfdd9
SHA256 785ad2fe5826c8ec7f3d2c8e0e06823d560c55b07fb24ab30fbda56d7c97467e
SHA512 ebce4b1273dabf27cc8809139a15ce22581b3617b85fbcced8c50a57fada23da6b647127a214bc89ec02ec9729fee8c48192162d977eb0a284709bafc69a87f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 84e8e784bd8a6ae175330c08a12a47e8
SHA1 f33c5d08b17f442cd08f77b11f90deabaeb9c6b2
SHA256 15c54b1b9ab2910a150ec91e47b424633e0742a1c6fc665e4dd33e6154774f6e
SHA512 d43a406b3cdc23283d07b38f48b1bec3ceedfbb257051b51ff4a1a9eb919403b9dd380a133b11292c84e613fba7e5321f78e40f07657a4191c610e520db1b1be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 5cc74ef74d96bd2f54f3b2f00c61ca6d
SHA1 214e4caada7fcb21e0a5141500b379e00017c4a4
SHA256 e189c2e0d1987feaf8288c4a8b204f5f5d7097af5cc19b8b465f233e510dbb15
SHA512 27ad0ed0921fd8f07a723da93b09ae8a5697af5b42b37fcc69b4d66bb8e131b330454937a6d8779ba9e398a0b8c062ca781f23974286bd788766df72eaa16561

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 920c4f4ea50cbea876cdf6ed86ce5ebb
SHA1 af6a9f721f226cd575bd34cb20390cd46eaa889f
SHA256 a03479086ca713be74fd999e6721a8b330323f9636fcd0633b042d583356f867
SHA512 12d7eeb3a8e17a88d6e0d538c3cf9f4d6625e8bdf2706d007baa019e5dbbbf6b10517cb9235f7863b194d86cf937e75828383638c31698a2bbbb527c59957d09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

MD5 b7ff958264116f88dc8c738d1de67ab1
SHA1 d53251cc8ec53d54a71040691477a0b8903e5e09
SHA256 5bb0aa6fbcfbc09b665b387982f9ced1264a84612a8e71a5a83d50b4cf4ecc0f
SHA512 9b6acbaf3b8018a9cac20bd6b2f7554948023f8129fae800212ff1eeb5898f9b8578c04a1cf613c323004dbf65ccb7832e01a5c5210fbf04a98eedce19e9ee2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 aaa1d3398c11429309df446cc70a4b24
SHA1 426037d880450cfe67c0db4e8836d8cf67c3af33
SHA256 d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31
SHA512 5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13359128639051771

MD5 7a47c9528bdc4106c128839c21366dcd
SHA1 f0844a9e7726607b25702fd1ffa5f55565cef6d4
SHA256 1be9326575c10677173916e6d4af0871a475659df2c0dbc4c5e8eb0ea989393f
SHA512 98a9e795c8a42703d1afa4290724126e3c4fcb9d6f57a4a4712a98041c4a9cb289eb85697f405af4f92748caddcdcd1e0ba6ce3f1cdf501b33485bef744b8f72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9c9ca274-66d6-4ae5-bc6c-36436f7c5768.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 ba2cf214026b818a38ea265dc49aaf18
SHA1 61f4e0134ad8238fd4eb6ad42a80857dea1bacf5
SHA256 6c83ed80b5069f801d0573e0f690e60ba0947e60645faaa229465ff7c1ed1587
SHA512 df841c3ac096e329985618e1184dfededa6024d66267beb11a32465beac55c6071e43ca6fad39692e38720bdf79f831e0cb6d38caad96e7bd527c7caea28e18c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

MD5 90710861ebbb6b82b128a3a831e6376e
SHA1 cfab652d2441219676c7156067d9c1a927a5a20c
SHA256 c07a348f5c79b65090b84b8c7f6daa4e2660f4db23dba20770dc3aabc36dd830
SHA512 cb706dd063fdf7f1ef9ef4110a995823958585d8a9a8dd673931951212d4b98acd9a70176dc360efa59b144b315d5613d0e929ac06b0aad5fd1120acd42a61e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

MD5 82f2e524e39d69b9844456850ff49aec
SHA1 892d9dbf0ad01c7cd00d7b7a1800b794ab7ff435
SHA256 50dd56e5c72d26779e1d31580529009253e13170c8b345ce92acdae55a76d577
SHA512 0b55f727643090648435810ac9b3ccebe9f27b0ccd078d3b9af41d1db823ffdbb5638830fd9f32dc844964838c267d4f9c55b481f8f8fb5bea7c3f241f7a2bee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 8a4936f97fa9261b4a31f13b09847a4c
SHA1 bd835853b33bb05e7a2e3a1bbc96f133e443ebf1
SHA256 8297eb80b0612d5c1491492974ace078979e0218ab611079fe2f26a0bad42998
SHA512 14d3f7a4822a8e91cedd10db728893a1aeb7ffb69ea99c259a9a2d6376d8023f5aeb8492647301aadac37708e81b59896f55062c0a6e5190cea68fe714853a12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 6bbd29e34af3ea044f44293850f1d5c5
SHA1 d95dc8d63c48dbd1097e5a1f996ffcd4642439ff
SHA256 e20cffacf47bd21194869012e05d269976b16fcc328ecdcba7f82f99478242a3
SHA512 3288e09222cde9975d954b743ae179653424e0a6b3de0c5e1940d5ea4f3210a684bc8ba9068ec4dda0c7eb4f1c412be032b714c8e736d1a502c2c86149a05d95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 95eb4550c087e3a62617c01fc89e9b10
SHA1 ac33affb480c9aa40baac03b9b3944076c424785
SHA256 60b23685d3ec2867d9b4791de8f454eda65041525a5a924f134424070150f7c4
SHA512 458346111578ee9917e3361ecc7bc8ae969643b5a39285d70a0f689382cbf81139c19db8f84cc62e08e9e5f6a5f540ed51d6ad1ff79aa8578f291a4d5764ed40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 30aa92b9b3a6d324e0d597a31c9b2834
SHA1 1a3344659c0e434cf5f730866721301f3e54dac6
SHA256 5e6ae47b07fbac4582eaed50dbde622510737ccf2832690a37f9968ae6b7318f
SHA512 f8b644dbb768337b31e2a40c2a59a85836ad4a234ff58b36e3bca36a213319fb25c43cd555520bbf3d5b39c85194023678b6cec1e4587b0ec4b16cb9e7116986

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 ef80d3eb86f24770ed28a5cd8057cfce
SHA1 398b7a5c16930b1c750cb06a5f749314f1b68374
SHA256 4bfab5dd9fb36238c96d5afb2786d223d8b7e5e4c54a13785ed5feb7e4ef2783
SHA512 80fc3d571c1efd9f207d0f6178049295f67e93239995b5229015e27f6d2dc995026f856c6ee9e7af76600ef20000721dfacc14839533809b315fd905087dc819

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 f3c748b8beb6d784ceb5826b2cc612f3
SHA1 b85f0065e7d4f0ab431f53ca81269344037ea3dd
SHA256 48017e6306514cafc62b983ea9e2cbe2875859d9ff686a3f95d14df40720213e
SHA512 f2b2614b34164a3e23b7cc18f35a37f8cfcf0f2a2848dfe811a71b21c113461c6b89ac552dcdb319b6ff59b19ca1e49b0122f0b49b0c0bb87c32107bcd9b7090

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 98d48311fd77d98eebac8e9811387800
SHA1 6ce6e2b72211ecd80f055abac6d5a8804eaa5be7
SHA256 f948286ec444dbac29e43b4782554c878e60907c108452ac5edd91526602abce
SHA512 106ef7ce568f05aba86144d6b255ef2ef77d5e476a6f9fe0ebe4239675b79901ebc6a269e2d316a57b91d2ae5da7e3aa8325f7fd6cafbc36307e4c13666600a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 5c88844ac17dce42301193ff316425de
SHA1 82df8a5620aff3685a248aa4ced4223eec14349d
SHA256 b930be6a5a117bce85dfc6a032b9b59c61333650b9ab31e97a24b72369146956
SHA512 4ea97ac7308e6b80490af35f7cfa1b6dfe70c8b2701713918125ba01d4fb351fb07328ba7bf9edfaef3d8a533e463e21674b8ba8dfe7e35f6094e8a77e2d1408

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 85fc8b5d5de3c04a46ce9c0dc27c3056
SHA1 d7c149c02133fa084aca8e4970085fa753985f40
SHA256 0f5b557da30bc6ddbb8d96a703bccac2bc782d5d29798a7892f98e7b56cebbe6
SHA512 e3313ca7ba64d2040579c0a2f5ee3fbe31baf5687db8f6d9711d812db7c690f975c56f70a49e2d5e1bf5af1ed28ea7c535476905b284cc12381a5329c8b44612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

MD5 f8e1e8d816d4148358dfba48bd1ecc92
SHA1 4230379f542b22a78cef033f8fbbd996fb46c91d
SHA256 041141339a3f2bedf419400078e6417e97a11b7660aab5219d0188498114077a
SHA512 b9ed717ad518278f340f111267848f851a6cd28f7cec1aece4127c8258150decdb0c00feee3ff2f176b788bd6acef8b7f68565cae4c62de8a147c79a303b535a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

MD5 cfe5d157c0fbe59dd29259ce432ad057
SHA1 6f4d758b1a1036d8d88989c93013971153eb1c84
SHA256 db9525138f7c202954bc32698c90b457c0c6ced71f58907ae6e3d1361faf0f38
SHA512 a2f35d250d92ef460685af541ee739e06ba5238d7cd84fd7a00933e11c83878f3f059b19f5d945e7ade5cffa2eb10f57d7e4672d90cbe5a0d810056067157d64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70ef65053bb5646d44fe2ddb6943250c
SHA1 68faf4ec7bd943024830c7804d48bb458ef470c1
SHA256 7d88bebe6a5435c235df36935273ee2fed8d732646a34752d06322c0c338205c
SHA512 4b5d8688ea4359c5e844ec4446a1a1754371742b23638a2e55209bc6b6815f44e8abe2fb0f94cc0189715be604fc4bd34475ceedd017899cb0e5bf4e17879c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bbec5bba935b1bb6603f950e73ca79e1
SHA1 be1da9ac6bf0cf964049864c730ac0262c0a288e
SHA256 a6648ffd7dd4297ae1720e617fdc9ffe31149cbd2a1ee2dd68b891f422c88b07
SHA512 313a48cf6042ec27da95bcfd4dcaf49eab54f7249950667323ddefc208ea9f4125bf16c5df3c9f72c13233f4697e50a83c155e04a5d877fdb1ae7654dc540eb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\pending_pings\284e41e8-0177-4dee-ba0a-56521403e48d

MD5 f2d6564ce7cebc4579dfc7109ed715c3
SHA1 ec5096112d5b969f19817fa5e0cd30a86609953a
SHA256 98f0a56deb3f9611acd39d8956c4c5495a604dbb4f5bb6dd21bcfafbc678b940
SHA512 abb0d12c87acc3f5033715a10dca873df11c3cef0179b3482ed3c5f20ce185fd6c0a08dfc1ad4c13568a495bb9b83c80a5e0f37afa87b0c57e7e7490a59b1ad4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\pending_pings\3f7a57c2-0320-465e-b6e7-aa84edabd858

MD5 bcb1b234214baa4146ce137cc7affcfa
SHA1 9b46488a9abf11d13c3d6c84f2d56f9f69b3ccff
SHA256 f48d5505e6f286f1519cf6e5a26667984beaf519b25587b7018e28bdb7fd52fa
SHA512 e571b4eaebb7e13cdd4503c380d8d774d89e2e055f530637ff3d05c83a2c4431b97d412ae0d63e63b7dd4d8a54b30c93d2a74c637ac6c6ceadc0e96b9b086faa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\pending_pings\7295ceae-da68-44ab-b765-7a75fc407989

MD5 43d992440678b23a125ac02dec2f4205
SHA1 899daa7e56582d4616e9f06d620f024891e6d0d8
SHA256 2d96ec0df64936e9527db2a5b14faac5af0e386c5b56f623b1fe4c03c1fd4475
SHA512 1be584d905b3b75bc4fb2a6188320acfd488745c7c89f235424a4438ce9a0d9a60ed596f44ac7ad05b4c78d54da0382fe7ce09a2d5423b024b22dcefd8be7254

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.tmp

MD5 09cf89e1113ad97c704b3e8335804d2a
SHA1 7e9269b5becb65106f619e9ffbb7afd1b40429ef
SHA256 beee7b7c0be72d21bcb97c00228ce7b8b8071e885ce2286d467855e03b49aac8
SHA512 10a25f0a957cef4426fed743df985f98817411ed979707fa4f633cd4131d111b556074970be7dc88dbe465f22525bfffad65b6ad833c5ac80bce3f354bb73275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.tmp

MD5 ed9f0c0d8b93801a2608317b758fb200
SHA1 540ce83e19b3c23c9d7e6492c27ee37a2ffc8ebb
SHA256 bdc7919e3ff56e224578144c3c2a958f9bc172bdff01ca7f3a9729f57d512a7a
SHA512 7c226ea06b8d99a49088ff5c71644a3e02c812f1d0f208b84085068edf9c958263402cfa2ac474cc77dcd9925c8d1fead7468aeba36bad0a2f8be22303861251

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b02193d9329d515b0d6dc1530d22be7d
SHA1 6edd92fe11716b1e62b54c675657aa37f2908668
SHA256 0f87be1939f3f59dd6b3c771040160f1b04f82db446d3cc93484eb18a7453d64
SHA512 f47ca150aba16f2000bdf49b010562c42fc0b621a9d6e7e12b833d27bbc8f130c9b44e2096e7d45bacc152442383ab52d928eeeb076948b18d092c0e8b26ea83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\prefs-1.js

MD5 cc700f451fe985db15ab377f13eb3a31
SHA1 279c886b0286c34fb2c63af615bf5f5f3da0dc64
SHA256 aae549cfb27940bd4d844196de87095ff7b839d0bf9da373fc0fa4348b0650e5
SHA512 45203d85f511aef656892bf5f479003216ceb7f2da9eafc9c412cf608dedaefed04e5c2a95b8246838a6521f5012d4d13e12e09351bb7613c729fa58cd60081c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ded47ddb22fc0207d4cda8c877d0a5d9
SHA1 7394431b39936c205c186687ab4d01d742d1bafb
SHA256 744cf7b7ee9ee119374bf35415702a7538e977fff5cce19eccf627dc14f9adf0
SHA512 a592b8bb704f75ce61e16372706bed6d0f2ab8e980c57f53b7988977153e327250a995099ba0659820f75e3b6eb3a25ea3e9edbac338f43b91f042316862bd8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f6ba81918ce437a208d652366fed1748
SHA1 7a9a38f8ad6a31d4d6491159346b760423d4848c
SHA256 23b085ae7a6939257bacef8f9d1105bbcc7f6717c6e12f51cdea3ce4e7452cbc
SHA512 39bce547aff02b96e1120ab2c1f846dd22c0f3e5ec1ead849519304e5977952874646de80b2d5cce78945896db5f328780bb62c60c4933e9ed0ddb314bbb7414

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b7cf601421a3ffc6568d60de9c5e75b
SHA1 8a829bd0ea919c03c71611cd8b6b00a0e2624fc1
SHA256 62ebd1d4bc8f17917c9e9dca7b9e67e6d823f53922822d24df43f8b16050eb2c
SHA512 fe62efb25a9cb04dfe0dea3a67d7266eb6836b8e5c89e3fc971c7f26a9a8c5fa39c836cb9867a163e163bd048898c9ba57e6b416acc0aaf48821abed188f013f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f8ac96627dd7d63ef68614379c215c10
SHA1 90512ded33ed342e55ad4d3cbe8c3278d2f5dd88
SHA256 d3d20486bf41f69e556101cb083d8e7d9957ece115f86db21f3427a14e9160b9
SHA512 8b6d776cf8a75ff12ff7246bc8d983ee50a048546ce47107cf1992084e5f2dd3e203ac61310be2f7d8356a8ecd385db87d5ca015a639dec6b496281e5e8201d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c52598e9ad81f9157241e395f1643d60
SHA1 c076db3cfbf20d5ee26951300b86743e779d96b2
SHA256 b5d9ea5a9be6aaf582cf7b746a8c54df885b585c449d94197677fb587034e5f8
SHA512 a6dda496d7c68519e18c59b2dca06061b7f99075beb7682d8993601d6326d31fc4cca451bef6aa0b47f5128f77ece778d9eee683be1a05e7577535e6f92a7127

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abc4da3bb9e42bb76d51b8b934cc9b16
SHA1 40cb122a3b5aed2c89a008515648b0bca6948992
SHA256 60d7d8b55f01339909468f87ce6a376332d2e54ecc9aa151251fb86d49cc4baf
SHA512 4c0a1847b265a9adced0b24b5bfd529d23b3438b8371d6244a78626883c413bd276b89ea545fbe83bf15df1be5e82ab4e0106b7f689ae7e033ba13dc484649a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c5fae405ccf82752afae6bd2e8e879d2
SHA1 f4b39ddf8c8cfb55c5d87d1c8978c9a78d0d946c
SHA256 ad9711b7c85e93f61901dd852d732f29c9b9bc9fbfecaf624e5e76c8cbf559b1
SHA512 a3138256276fbd09fe0e5d25be28274de6237cd5682280855ad2e66af093fcd9a82df104a01dcf582cb406c128080d4177b8bf65c4d018c15d2badc77a9d280f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24ce6997f7c7878414eb0a3b317f2359
SHA1 e74f6dfce866b894d05d253036773c036a0cc705
SHA256 ad24e760de281500fe9f10cd0494d960e4431cc1446022a9459ce5fd0a78f2d9
SHA512 ef05864f41a827f229666813bc27a2913279224b0bd90520704218d9c857a863bd439cb912cc83b29ec66d3518c120d4f033a13172299aeac3c2edf74d26f619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f773b9c08752d8a77e43b752aeaf2e3f
SHA1 a729ef2cc315b7b50c8541d19d448fdd67579f96
SHA256 c2201c815bcde11a34bfb8e9410f7a4437fac1db20567197ccafa9ae52d48dd6
SHA512 f9710f1bf36477f093e065b9c9a751f634b8a4c8802a16f27c248e8303ee03acfe19f4580b99ffd4cbcc4d5696ce960931225d5ed1167e6a685a171127a2e678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 75c2c009483095c45a2542b0a6666575
SHA1 1b4cbb6354b171312160a88f91c6b2e3d8f9f7b8
SHA256 aa4c768259104732243dc67854a9fc40601099324884a45d39b25eb24fec20bc
SHA512 4838e43e42937fcdc8d914928ab10486f3cc2ce9db675cc4907c57ad751df82ac99fd7b1a8e44965be5b8ab173b674e1d3848a5237144b3b5babaf369f4ec3ab

C:\Users\Admin\Downloads\Unconfirmed 16957.crdownload

MD5 a2f58a117c60b1622eede88d2163ef19
SHA1 91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631
SHA256 e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04
SHA512 19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0cfbac789ee21d53dc7fd8dd18190a5c
SHA1 37f9b38db0d43d44f0df3e89d68f69efb7f647c1
SHA256 6849d45c9e605b9b71ee4fa75bda83baa0ce186f406737ce5798903947d28ecf
SHA512 c80ebb8948aa652c9510aa728d896cd353db4475ee91e2b2983de3764fdb24337a98e70178dfdcbb37029607f2f335143aeb4b19d783ed0cef6dc9d78958feb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d987707f3accf9bd0605fec1aac66e2
SHA1 729056f8132634566f679e1ded96e5f81f881967
SHA256 886e13cfe61033af4c55c0b5100809cd7705901ed45af976f5c017e61d05ced8
SHA512 53d3ccaabeb126f21fccca01ea64aa9ce1ff9c4d9115b7b6d7c802b784eb01cd769e72fd5b17c9be652583fa57d991b70449a9891f41efe84321c81816dca545

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 e284a7bdf53b953d5514c6abe985ed60
SHA1 91655419b0e29b53bebbd102127056f396af6bb0
SHA256 de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e
SHA512 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 76142ccd4be00dccafbbd8ba242568bd
SHA1 8d7646a724b466fa2e94a9540651fa3df6e528ed
SHA256 448b4ae8cc72196801a25963d311a8b7ed4a220034f80c1bd87b7a5cc88dad93
SHA512 c9e3d9cadd6dc11aeccefa48de830917c4fec20b6dfdc8ee47f83ee005aa288aba728f29158fab314190127d6542906fccd2e65dfcf347ddb08d86044d82689b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7fe7138ff720e20a69e2ec2212609ec5
SHA1 a9e4103a82840273fd1db543ab62f18b6fa55e37
SHA256 83375f1ee8744f9e96d319902d806ed31c61eeca98a0bd02b17063f663e7b127
SHA512 46483a27b5e11ef19a7f9a51e869d1c90d2038333cfc5add7995787780780675d329b1d03c611579fe610aaa573a0552a55995d179fa48770d978474fd69f4ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e57b6fd01a37000ab825d9daa57262b3
SHA1 59cd8f334f0d5fb93fa140634a9d3e63a3a8677d
SHA256 918592c3591d4754e8020583c09b20e4a79151feca641a1f7a7d7846e5a29db8
SHA512 2fb2dae8a7dfdc290da6cb1403adc4447c719bf6c33186dc8521c57fe2b76d09378c6983189631c7896041373f2f79943ae5100dc4e7b81373dea323aca87407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1ec771de842ea65932c29a2940d1065b
SHA1 287ee6762f8972e8c742b3edbf7dd1922f88acd3
SHA256 985889ffcce147dd89c85ba52498780ceda800d041a59f3fade2b097b5bca7d3
SHA512 5e8f260d6a49536a5d552e927a15d549c298be9f0ee4e45181f166466e77912175de0b1ae20d0ddb613248a17e37575cf6efee0477873b18c2acddaaf908948d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c9f3b29cb65110851462a26cc9cd0b6b
SHA1 8962701832f2bc241a0e24964105d25ab1b2ccf5
SHA256 c8a8a4715e037818bea687e4e2838efc763b8c20bb94c0feaebf135d7c734f4d
SHA512 36542b1f7cd52bc2a6746a7671d1b6a19795ba1209414d939dc54d058d9315ef088a9055a7545eeaf2d6e5463e2709fffb4ef16331c57e2574329564294ca82a

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\523f61d67bf4c528e001c52e84c35ef0

MD5 523f61d67bf4c528e001c52e84c35ef0
SHA1 f26774809dc1ea0bc7376606964ebcc06bfdc398
SHA256 834bd41f708d1393a528da769b015538b45b279b4af4969e1df54c0c426add3a
SHA512 d99d834d3632804160428367360f8a4c0ab6e1c9146ab12b07d6f44c30def1482809d5cac41ae84a64e5d8b99a4fcf2090c74e39b2692094168737501301b15f

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 c0664ac81da019c782758f7c3e420a26
SHA1 e2658bb23dcbc4c28bbfef9d88edce7e3259d96f
SHA256 df61d82a6082acbea17459992f30e0286ec67777a299e981776eb46f82371e69
SHA512 0ab2d873a91f31fbe371302f3fc831996d75ae48354e48a97070ec773589194783f6ae727247542cbbe546c4d5f7f8d2560b1ad4ae1b7cdb9e7aefcd1e449e47

memory/5696-1532-0x0000000000C70000-0x0000000000CA5000-memory.dmp

memory/5696-1533-0x00000000732E0000-0x00000000734F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 45dc316dd59fa853c4c0ecb261c512cf
SHA1 dd2aaf585b5aea9c922706d2f3b1c2cc65f67693
SHA256 fa59dc649f4a9a41d8fa3395b0a3b67eed8338b5d80272376c4ab9060b44813a
SHA512 dd5810a2f5471cfc3f1dbd681a5ac1f444d448fed00a2bd58a29409e4cd0a62f538753dbc9b8586de344346621fa479b1dc9ef452aacbffa4d1d220f12493327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5a37afe631605165a70b0a3633ec7a7c
SHA1 1cb9acce83c86acd8d88244b0ff308fce61f9fb9
SHA256 a605ff1c42ac5fa59e82b849f1b20ab38f6c3c44b8b8c802980bfe5324f7b145
SHA512 1d4a61349a11de01dfc028aabf18f80b7e1d7d26d8b63d18182e421cee39f67e40d2ea670c3c2ec052b6fdcdac2486777ef36141bd8b10e84e52762c85f5053d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93d1860e1735d8466da7cc98db646284
SHA1 ab04efdd575feb72100f0fb4cd98aea94fa3c539
SHA256 e5ea70a48cba1105823d9791e59fbe29f8db572623698ee684c3a27937a1d486
SHA512 d02464c75d9cfc1dc4fdcfa5b5de20558c774bdcf94b7eda5a8045658d11eb20745590af01628da96608b2a39865c86719c87d039f6cb8b8571eb456bbf64627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae19a96001d7001b4b585509b329e1e4
SHA1 d1d10b44a1ec3a208ea7a17f3dd07ded8c3176dc
SHA256 d78a704bc6f762a19821883dd9556827a47e0b8d5e0c98629ef95873dc38f37e
SHA512 82dedee5f1f524160401e716f7124f8e21fd3c94d122e2ea02146331c9bd5fb7ffeedf22cde3b5e2be6381133be74bf7b875193a9f8d95146ebbead07baf6df9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a256bd893aaefed5e9d7df690d5d42c
SHA1 eb4617d8670253544f22f6f40988f61c18c99e03
SHA256 74f1075593e2a577595389e6ec4354e404a4a524b924fb774ecb9306ec8efa99
SHA512 6c7df9e18d5666f7c76a7ef7bfd8bb42cafdf98533ade1da269616ca2a8351c120a15d9fd4484407b6dd5f0fcc100c6b689b448ced28191d975a2ed2d9dfee11

memory/5696-1624-0x00000000732E0000-0x00000000734F0000-memory.dmp

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 32fb47c536e6141eb4b40979c8ad512c
SHA1 ce7e816a56e5dd9eaae5f00fc47828565d533d73
SHA256 260489d984348a5edfa0f07c1f985006f1a3582a8bba4fcc926c1ecd0b81ec89
SHA512 31a57225866e28e9d08992a3133dac872a49010296477258140a67ed7a7fbadf526fc6065229f82e14c869439841099656799b0729d4de7562f7cdba1ec82d83

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

memory/5696-1677-0x0000000000C70000-0x0000000000CA5000-memory.dmp

memory/6000-1682-0x00007FFFCFF60000-0x00007FFFCFF70000-memory.dmp

memory/6000-1690-0x00007FFFD00D0000-0x00007FFFD0100000-memory.dmp

memory/6000-1691-0x00007FFFD0160000-0x00007FFFD0169000-memory.dmp

memory/6000-1697-0x00007FFFCE9F0000-0x00007FFFCEA10000-memory.dmp

memory/6000-1699-0x00007FFFCE9F0000-0x00007FFFCEA10000-memory.dmp

memory/6000-1700-0x00007FFFCE9F0000-0x00007FFFCEA10000-memory.dmp

memory/6000-1696-0x00007FFFCE9F0000-0x00007FFFCEA10000-memory.dmp

memory/6000-1695-0x00007FFFCE9D0000-0x00007FFFCE9E0000-memory.dmp

memory/6000-1694-0x00007FFFCE9D0000-0x00007FFFCE9E0000-memory.dmp

memory/6000-1693-0x00007FFFCE940000-0x00007FFFCE950000-memory.dmp

memory/6000-1692-0x00007FFFCE940000-0x00007FFFCE950000-memory.dmp

memory/6000-1701-0x00007FFFCEAE0000-0x00007FFFCEAEC000-memory.dmp

memory/6000-1698-0x00007FFFCE9F0000-0x00007FFFCEA10000-memory.dmp

memory/6000-1708-0x00007FFFCD920000-0x00007FFFCD930000-memory.dmp

memory/6000-1711-0x00007FFFCD940000-0x00007FFFCD950000-memory.dmp

memory/6000-1710-0x00007FFFCD940000-0x00007FFFCD950000-memory.dmp

memory/6000-1709-0x00007FFFCD940000-0x00007FFFCD950000-memory.dmp

memory/6000-1707-0x00007FFFCD920000-0x00007FFFCD930000-memory.dmp

memory/6000-1706-0x00007FFFCD920000-0x00007FFFCD930000-memory.dmp

memory/6000-1704-0x00007FFFCD770000-0x00007FFFCD780000-memory.dmp

memory/6000-1703-0x00007FFFCD600000-0x00007FFFCD610000-memory.dmp

memory/6000-1705-0x00007FFFCD770000-0x00007FFFCD780000-memory.dmp

memory/6000-1702-0x00007FFFCD600000-0x00007FFFCD610000-memory.dmp

memory/6000-1688-0x00007FFFD00D0000-0x00007FFFD0100000-memory.dmp

memory/6000-1689-0x00007FFFD00D0000-0x00007FFFD0100000-memory.dmp

memory/6000-1687-0x00007FFFD00D0000-0x00007FFFD0100000-memory.dmp

memory/6000-1686-0x00007FFFD00D0000-0x00007FFFD0100000-memory.dmp

memory/6000-1685-0x00007FFFD0080000-0x00007FFFD0090000-memory.dmp

memory/6000-1684-0x00007FFFD0080000-0x00007FFFD0090000-memory.dmp

memory/6000-1683-0x00007FFFCFF60000-0x00007FFFCFF70000-memory.dmp

memory/6000-1712-0x00007FFFCFD10000-0x00007FFFCFD20000-memory.dmp

memory/6000-1719-0x00007FFFCFDC0000-0x00007FFFCFDCD000-memory.dmp

memory/6000-1720-0x00007FFFCFDC0000-0x00007FFFCFDCD000-memory.dmp

memory/6000-1718-0x00007FFFCFDC0000-0x00007FFFCFDCD000-memory.dmp

memory/6000-1717-0x00007FFFCFDC0000-0x00007FFFCFDCD000-memory.dmp

memory/6000-1716-0x00007FFFCFDC0000-0x00007FFFCFDCD000-memory.dmp

memory/6000-1715-0x00007FFFCFD80000-0x00007FFFCFD90000-memory.dmp

memory/6000-1714-0x00007FFFCFD80000-0x00007FFFCFD90000-memory.dmp

memory/6000-1713-0x00007FFFCFD10000-0x00007FFFCFD20000-memory.dmp

memory/6000-1721-0x00007FFFCDE00000-0x00007FFFCDE10000-memory.dmp

memory/6000-1726-0x00007FFFCDE20000-0x00007FFFCDE29000-memory.dmp

memory/6000-1723-0x00007FFFCDE00000-0x00007FFFCDE10000-memory.dmp

memory/6000-1725-0x00007FFFCDE20000-0x00007FFFCDE29000-memory.dmp

memory/6000-1722-0x00007FFFCDE00000-0x00007FFFCDE10000-memory.dmp

memory/6000-1729-0x00007FFFCDA20000-0x00007FFFCDA30000-memory.dmp

memory/6000-1728-0x00007FFFCDE20000-0x00007FFFCDE29000-memory.dmp

memory/6000-1724-0x00007FFFCDE20000-0x00007FFFCDE29000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 24237809c6c4acae6dea1838f213e17c
SHA1 6483f87edb1cc7eb56411b53637a645b2768b33f
SHA256 b59ddaa441cb50bd592ab63b0ca964cf942a0c38c4d4f02079b719a1a0023631
SHA512 bbbd9c5cc38e74cdd2502b3f48c7357cd586999ef4c9cf4daa0307eca5f51fda8f4a768aa9502922d24a4ba8c4f32244294efb04e163b5179c9b9bd183c96473

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63e37421b4a4abff8e7b9a6f8b5ba1ff
SHA1 9e439014397e2bf88b67e02aca2d426f6f2b9c8a
SHA256 83d7f8c541ca342c862c8fad311eaa0b8271d8cdfb52fdf68bb28e97a438f3e8
SHA512 8e2eeb916bf7a3fe12d87776a70a18f04799029726f55b9845bb1b522c477e5dc91e8a19d5ab553f1011d1d6d64bd33bb3e36c5cacb5a7bbfaa09b0f8515687a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 19dbdcd3bfa941b0e4a809905a389dcc
SHA1 8b010b3e7507b52578ae548fb2b2103f6f5cd9ad
SHA256 236a0b4029e4c8cd73e52d8ccc7c51da347b4cb28794f242e0170fb825424ac7
SHA512 51662649756f49f784f5ac3b8393c9576a866290a353abb00cb71ba18b87bdf50745f7356b7339e2609e93f445b4bd92e2498532dad1b3fba9b893afaed0f39d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b28899d57d06614b1a3bb8ed9e9e53aa
SHA1 e2b39a6d3ac6664668ff79baabbffe6cb23b5644
SHA256 9abc1823c8e2c96e09626f49a689718262464e93d183320d0020de8e570d9611
SHA512 9d14914253e95b657751ddb7d9366d412613ad8bcd56e75a925f1323cb8cc840a25b2712ff1f3dfddb5daccc9bfb41d7619e78321557e7ac2d45f111ea95e465

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 aefbfbc7255e662537ab7c7aa1f94845
SHA1 853e6bd01dd852864bf43524042509a111259772
SHA256 349afcd5b336187db80118d14405b3561a694ebf4ca3a1579be92d90ed9361bd
SHA512 be9722d09bb1007723a1451469fac086fcf30dba4f16a32076b887e76017c3342279f9fc82a5a8966969d03f4ae3f73a06da81be766a2b288892bb6399dcb242

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\73feb011d6354aadb7c4421f883e4512

MD5 73feb011d6354aadb7c4421f883e4512
SHA1 a4e7fef2231bfb129d7d2b875f9f131659f4b7b7
SHA256 ff21787bdca29b6d8f1fb52d1bb7aaf26f8cd984ba0dada9f98c3531ab669b06
SHA512 9d792e6c7ee352edb374e03be337a7b27f9215bb4a06b2898c96a221794c08f233cf7e0cf4c40f70b4a891f066e5780f612f1dc296a03b2ad70e1e7ece6b3043

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0c826005ab414a9565b574b3cd4777c0
SHA1 cb04551c7d01f6662966991a740fa2958f7e9579
SHA256 c23bed76f5e6b6630e6493368a675dbe819d375967b679cbcdf0328bce1b9915
SHA512 954271042bfd833b878f047df57c8de0aa3efc6642621ec7a0e93d514cf42075b12aa6055122df4b364e447fa6ac4f876cc8427aa042ef002cc01ebbdc387a71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88559d1e349172d6ea2f65e44376530d
SHA1 89db89d6c0bf751ec3efb6101036bd9d51970e11
SHA256 f913016c8461568211f1cd3118c792571494462191ad23fd4548ed57af66e5a7
SHA512 f1f415d0693faf8da1d5f7710f12a9c6b5cf9bf86d21a9d5e040a0a751896693c896aefaab6714bc5bab4c27c5da9be896a67ba23e4ef045837bf996b6d8b23c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63a21eccc8903355d2fde0afd101be2f
SHA1 a21426df200ab72cefe7e6ff4e7d8ef0a95cb49a
SHA256 876516062bf4f14232bea3a0f5b55b731685c44796940e419e123d9837c73b88
SHA512 142b4b4ca192c98a30fd4ee9466a514ee720fea31b0532fd9b938e67250186d03d64a2e01e4d7b1076327384f24c371730393f9791c83ef41a96e79ca01653bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 83da0b4b6cd8ac569f4f07379ce68ab3
SHA1 edebea73d1cd3a8dc78000c3364cf0891365c453
SHA256 05cf316928d862551967deef3b351a88e5fc2ecf4ffabb1b745c38824b674d22
SHA512 8914597eb85e390efbd601014550aa6ab866045cb8f1a733684bab5f39325e63b1e64f929cefe718ebc0f5da6494394ff22f537e19d1ea0455357b4f32c29b21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 d1f604157b0745a40453afb93a6caa42
SHA1 3d5d77429b03674ebb0ba34d925ba1b09310df5e
SHA256 468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5
SHA512 0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 959ad9889a596e594fec32c64cabdb09
SHA1 d993c1bb31f092aeb9912021c8313f0d75738039
SHA256 8db7d699eb03f926cdbf9a7e11bddb13ab6cc59fdedf024a7dc3b3458d1a3cf9
SHA512 28fcf8d3d75c878c5a204afc562ff6ed5ffeb3c1916f3dd6c64338639a99411bf4aafca9763dcb08eff85dfb14613bf78287050c8e045c602a7f41f9408e2324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 ced3e503d13a713230d9a7d2a57b02a6
SHA1 6fc63551ab06da623354d8033fddc5a5aec54d5d
SHA256 60196170f61ae2c85f818013a0dc9e7959a539b706b1cab0645085003799b3ac
SHA512 cd128568e70dab55e9daa5269a2fab0fc662cb774bfa8b730571b77bc75bbd3c997e1331bfe4d27f8d048ffe63bf9d1eadc41622772b9d0ed94573032d8f55ac

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 e7f016f76b5f34d682fb33be17999a4d
SHA1 6ac39a54eb000b2c66c2094a346a01561c46fe7e
SHA256 3f2f2f49f1492b14e9e496e5ef4b0c54106237eb520934365a80729a1ceabe51
SHA512 1435cfa1edeeefc984b181b6c1e935dc145ace0ca9e34fc77df19abe7de8b7c04a0dd40c67bfcd3a815f609949dd321fda0d65b63eaa9cac8cdec43c8d65855a

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

MD5 7050301cab43f7d417a1a676a44d5b03
SHA1 395c50f9ac607ef14b9204eff4632450647422e0
SHA256 22e2a5e7cd9c57556ef6765b32aa99030e823a4aa91153ee0e290590965800aa
SHA512 a5a682918c2307829e9569af664dcfa2ee8b5bf8d28df5c865043a71baa65545b1f5ebe29cdc10ee179c725054efa0abdad208f72562a45de4ac1a78a2e04a95

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5f0b05.TMP

MD5 a82a0b3a1e2634822662174f1dfe527d
SHA1 7db5d022f346d2c9072e3e900d5822e229852291
SHA256 da9be416404608cb4989017384036d5040bc7cfb41b46435d7eb6b8994f3c727
SHA512 aa63ec51d89dd1aee79f375c91fe1e61574438cc8bbb2fb3e47e591399475de41b40f32647d9a814478b4d3cc842d26518f1520eef47eef67f90db6d0de225ab

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 ef7a5e01285ec42fb96e88b88588a015
SHA1 df7cf19f41b7f98cce8698afb4e57ae4885cefdd
SHA256 e5770edcce756c31c8ee15b33b99c61d1deda208e28b20b8f12b92eeb7f40d7f
SHA512 224aba3ce6dd7c976b11e763ae39684beaa9c2210fc720bda7089ab0025b666773cb786bdf3eed57ffb0d1b27276144b399b87f333a13f9649eb075ef2a7cefc

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 2c5d1638f76aa0cfb479df31aa6d1bb1
SHA1 5884bd880359f85ba0e33ff3837eb8dd8637b97b
SHA256 c340fd85276e07492048977b03752585247a30bcd3887a9f7d623382b1f8f2af
SHA512 8efdbf59eccc6bdf34b5d533ded2d617aca1d896868c7c417f143d7238b14cba7a2f367a0165bff61953d254545549da31e97a3f1d99b3e3848cd65cb8928e22

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 50440425caac60173e41f81139a394f7
SHA1 f51800a56e462333293b9336338f0ac5b1450c28
SHA256 68d7733905b779d7b62bbbbb881e7e256367cb87580556509d160a7971e05043
SHA512 eb4bf07e26c88bd98dadffce27c3b176afeee6a819ab42812315b825a122b694f95db4d450a758e0064b9aa76ce00963711ba53a1a1f0987b74d7dffc64958ad

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5f5eb3.TMP

MD5 d83ba72ee20a9d73cd14a336e436e6a5
SHA1 a59ef56588a005775b9040a8907f208c0fe9ff2f
SHA256 79a078c09dcf200ba73d569451eeaa5bc530dd1c5f4afceb3c0cced5353cf623
SHA512 edcc3e3c208a359cbdf7eabffb362f84b194bdc26cf7dd9ac860ef9ee522c5786467d4b3e844fd702ce6bf820a3c63e1250cb0432cb33c47d542aeb083cb7279

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5f6182.TMP

MD5 d93624771a3d4bc50c6d98cc09f6c29d
SHA1 db75459d403aa052961faea69e1e917d346679ff
SHA256 e61076aff145a42bafbbac2826ffd7cc7a02ce031a7e722220617556378223ad
SHA512 1120669d6f2000d2f12fc0a055b8a570ef1355c51373f41a330500705f7ebd4fc89ec8d5d4b0bfeb744fa90a49241ab756e9965d5cfd1fc7fc5060a26eb38018

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 7b78aa59d1c1774a8b9cc6697da7e97c
SHA1 99a5ec5bd7f987ff68cf37c6799647ea65ed6251
SHA256 8f8891d93f97ada3e62f51dd059a16aa1dd838640f80cf7917df8dbb22347a4f
SHA512 863b9a6a4042ed9757b54e932393fddaa3ed4ab32b37bc5c7f39a402c7048ff04ed5a527a31cd65407aab791a226d9150cc4290a3aee490959652c5b51f4b3bc

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 1bdbd51cae4af7ff9e2641d48123ef59
SHA1 08278787dee1f42e77417d6bad9cd5a4d68b2c15
SHA256 a1ae2d0df6fe16de6a64674e93c1eac50505eb8210ea454104d7795d41eef142
SHA512 a0dbfa266b91e57f9dd806c53dec7c0b0f3b0abb5081d9cfb5006f16ed0ab00de02c86a234a320c14e104f468b39f97fa202d08d3442bf40cf3aad8c4c72949c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\SmartScreen\local\uriCache_

MD5 47d41a980668e9bfae197488d6d56feb
SHA1 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d
SHA256 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43
SHA512 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 8c6d07b38a0ce1649ef8e78e224733b8
SHA1 7fe0038b1aacb0aa215ae456294209119dd4fb35
SHA256 ee2fa56581b2063f669973b7e7e8e809b587b893722c5667e898df1b6a29b71d
SHA512 287fd3031a7a59ef4bd74768a4ddfb93cff336013b6af0591a9f2bbeab58528154c3879b12d90a6974e549092ffbff0821048ab8b06162f3f89d88275e9464c1

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

MD5 6372efcd51924d40728d9934e21506ff
SHA1 f488530de6a022c7f6238f2b6270810a3a13ecbe
SHA256 80baee3dc9a75ade159098d70400d1635e31d5eeadc0b05736489c479dc856d0
SHA512 660f7376ebd456d40ac0e4134570f8828fe8ccc40b4401b13aca8208472d7cc9d313ffd8fda99e1f55393c79f9419851899b2c476572198acfbde816a4f00efa

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

MD5 c0734105e0dd72801f807e0d754d9440
SHA1 64251f7b9d49790ed1c0b3ada3dda3bffb6d6a24
SHA256 3eebfedd90d599be26214081ea3185dd342338e7e04fa772cc3418dcbd849436
SHA512 fcc0b29fa0f89d6fe8b015a2a6cde6deff06e3e3c7317e31dab9b5422f59da28ec86c7a6f756421e8bea78218ba6fad864354f35d86051709a0a173d3db5d8c4

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 dc53571d2ead323213d2ff64f1e1440c
SHA1 26b2e1c1b663c0e12c6abdb953c48a7090793fd6
SHA256 b561ab35f183a2b363a7470bfa5d8783644513f9f579fa36547f152ce9edf3ad
SHA512 2c99b62919bfeb037fb30253623a18183cb60e8bf51b41409e9dbdb2bff8e22568e257443deac8ad66df86f69a3be9ec2d10957d66740be1443a44972edc0c5c

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

MD5 d834ebd9c07164d6ffb4592f9ffe3174
SHA1 f4f534317ab4997c242b5d9f5210edf62fa28223
SHA256 2297dee26123da1c3e6afd7e82923992cb4b5b8116b39d5462f02a21f0898ad1
SHA512 7c9d41aef8fdb2ef65a6ff51e2acbc93c159cc51112770823a0ac50be2d8be8f9f958f588ac2deffc02afabc567261a864cd70a9c0e2691c207688ec4a229147

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

MD5 bfd262c3bf95ae4d043dbc01c0e485f1
SHA1 47b8bba2ce5935fb6db300cf9acc114c0169b359
SHA256 2559af76a9c5df2b99bbc7f8084f15fdc7917c90b43043308ee92ac7ce88023e
SHA512 ae3c294322486c287422ab095d3df51133ddaea7dac25d966852af60c66bad6995d7f51ecad3b43ccb6d1d162f3fb0ff4dfa00b38b0c678acc086233f161f901

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

MD5 54ffaf587c5128ffc501137808bb8b7d
SHA1 481f882a24c35fff92f3be2d2830491748d185c9
SHA256 c7ad35e04cfa1e462a21a0f1acb82856fbb8335d9ba24a23df26cecb90473831
SHA512 bb5ac615c21e091b6510065bb07bb0dcbf05e4e6ef38b15b00753399cbed795952674ae5ccf60b5f0f10705b50c75adb0953686c4193f857a5e4335868757f96

C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5f99e7.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 273a6a65e35be629695c5faa896594ec
SHA1 3d0570fec7fbacff868fceb7487d3f92a8994709
SHA256 1d95edf2903998469a42ad4ee01f5709d625aafa30dc857f3c99a3889f4cf558
SHA512 5de2f227855bbb1003733a440f1029ef5cac44dc3cdbb34f2289e4b733728c0dc1713b17b020dbd0822ba1901daae7af721e660444486b91dd8d5aa38f3f3752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eab28b6c2d64fe8c76915717023a62ac
SHA1 f2a6c7811c5b366adc7d528692cce27146c8ed86
SHA256 5a636a9e9c14b62eb9c26b8218e3231f69799a6a82d4880c8eb8969d73ed7529
SHA512 d9a7ba04c9973e173d702a9b72d6de9b2b55067605dff59accbe4f039b367338a9afd3daddf8f32a566f659a372ff2fe580b03346432e87f819d0808e9299389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a55452cd0c2bb555b087b9d20f48387f
SHA1 5c1065996b775fde0bd98a868bbe96de56f09426
SHA256 e85b26aaecd716e8b0342abe39e6c53ea67f0746ae5f46b35ae2b63944c007c8
SHA512 140b2ea6a1d0f38219a0479c3650dcdc13e69f11c21c7088d77095d9eee40725eb33cc108a00232fc730c6b5bc732b39191edd44a470eb3a73b027f2de7b06d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d40a319065d5e612c40f0d1a7cafdfc
SHA1 68f39c621d191e15556535bd50223486535a1566
SHA256 9302b5d305f350e30fc3130d885d05bf88edf843cc9a60d2dd705c8ff50eff40
SHA512 93ab077c4b387abbbf81a1df018f16db23d6a65705fa2094e85748eff91d878637216792fec52e569758a386fddfa3e831f77fee39decd23b10e1e3cdab63b8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8dbdc81915fb7ff3cfe8ff77a07c42b7
SHA1 bfabf646e16fb0b213c97142b2ba71a009299dfc
SHA256 40a79869f8c550713eb2ca559ae9d865eca3687ee42808d74c7575e05bce6163
SHA512 4217affb2f53c885e10dafce3933faae31b1660208dd02c1c4df5960ea05d4831ea1e2472c54ca80ef34fc4b5797737963958ccef29e8f301218fe751593833f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 edb1b8c3f90b75c179f38755596a8b82
SHA1 b39753e8c2560afcc97565500c29566ccc75b3c9
SHA256 4afdfbf7cefc8433ebd1a3622b9081aa3191940f5cbf3b7826d4651bf320bdf9
SHA512 f340ee2fc591ef651d0bb4ada5d2191680d18d7921b5fd9fc7bdf499c2b987e4439736fa3af1449187af932b71502974f4bff28c8cb6bd9f5f254b4141b7b2c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a9c284b14738ecb22d1c7fa2849fada3
SHA1 0f15a3e472689f3ef10a73fe208c4d29d9d08dc7
SHA256 998361aabf3ca996a2d347db09d107b7dc501ef349dfe8085a4449388dc5def2
SHA512 d72f6b8dc7bf0cf063f57328acfa9ae8360b3674066d2c45380dc057d520cb8bae7ddaf4276bae719a86f5c09521da910a70b1ced7f539b2ef8717ec8e82256a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 8a0e641a47333f5915945b3b64df19df
SHA1 f568c61dae06ff84b08b9451ceeba1ec5b723da5
SHA256 ff6ae2ff9d1dd874aa31120a6020091ac47aa8f97706cc802a91ef6c645d272e
SHA512 d5b5d31361fe41c7bf2e3f2840642407a607dd9ee12ea4c983243e21a11233742c1a0ebf6603174217113a5655bb5b0b11dac95f776a6a50c0c02ba365c1f8f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 0873176f1e3c65cf138dc1adb454f45f
SHA1 f1a81c9f71a2e9534bc8a82cc7042c4c3211a9b9
SHA256 657a265f15503ba5c981b15e310e7511934a9391402d9d28c400642f17a54d82
SHA512 ed0499c2b7c39ff84ecd2d8ef6f92bb52d265bec7228ad0c28052f4757a567dafde1d7ba6e78e7bdf131493aa881f957254f6374a57cc9f4c7e0e7a0e540c95b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b8dec57950d4b6e518a442f7e9b2f54
SHA1 1ac4557bd48b1954177b3ecb85eb40f1f9092718
SHA256 6b4babb27f944309142b074861e01bc4ab0479bcf97e320830ec3838eb20e01d
SHA512 9919d7f059678f2d59bc430312807c189e0a44d9a62d82237610eeed23d91191ddc4a945b068adb85dab27f1a794585470822b8628bce83c74608b58104da8bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 791ba3198258a110e218cf59401dd5a8
SHA1 76abedf55d2fc529287d4984a76b06c9f6003d82
SHA256 535edd5a7709812e2b7fb298f564d155979ace6d92efd4f2d03851f781d1eda2
SHA512 0024ab29e368a310b7dab69f723ba6f5f11b3303602f46f50b7ef8e16e4dd176a80ef43483e50d8efbf3e9265934af2c8ff2b4a0de0f185cc6b2f69f848613a9

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sedny5uw.spc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ddaae00f1a1b523d0c8781dba47b72d
SHA1 0887e45a6fc36c2a79cba73096e8b1c916c1a4bf
SHA256 eaa773aaef9f16cdf27914f600d3258c6e6f9c8aa253c69075e14261a84a3ce4
SHA512 1a9e941c8db5a75dc48514dbb5b210730eb7f72d1b6ce176f131c561704787804718f712af909de99a0e722bfca223beabdf4d4c9a45a3af72269d2e0a5b1575

memory/6800-3372-0x000001EA63F00000-0x000001EA63F46000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7aae3cb31a78ff332ce705bfb4d34540
SHA1 012d2ac940f52cae176d6bdfe564fa04d3c40dc7
SHA256 835505941d0b7b2a1368a157d1c33137c27215794a2a70ddaba405c3fe0e6a0e
SHA512 f7a4d1f66c65736f89d209f6648ba166439e86b2a9960ae30b4db0e540f2303d9d01dca2656a7cc99e795bfda97cd35aaddcc5c10921a2df72794315542d30aa

memory/6800-3383-0x000001EA63ED0000-0x000001EA63EEC000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98eb7dfc4a860366203377913ed40624
SHA1 13d7825095335c483afa0c09c8cfab28f8940f5c
SHA256 e3735ee0d33160b9771ac4719c4b05b67857e51c87f8849619fb6e9f7bc4a8a6
SHA512 e7c04ff7d07a369e18ee22d971f3f306e38aa6f629fd62d4375397665cf4c320a31482cae88c9138df9372f3dcde3e5ace7e03f450c44c7f30cb4d1b9cc31220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a7a636ed68f0be854040d42d48419527
SHA1 1261d93de45d30d0bd5d6ddef33e877928e91bbb
SHA256 4d3576b11a299d0864820d5cbd4170175897e4cf2e931d12b8d57aae9eef1ba7
SHA512 9bdb769de5f402718ef5e20f625fd799821b1d89e923fab1da2219997f9dc08bca8bd05849c3bd325339779a6bfc84a2eaabfa6a620295ec3894ee456831b3c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bbdc72f94933607e60828d66baa31d5
SHA1 bf55f68d70fa63d068278d45d958b1f5bf33a57f
SHA256 cf63f39242df644fd8f98b9a1b53d166469a061aeff60e3fb85acb03319fd41a
SHA512 ce3b404961a8d477c58fc7b30588509781ce8be1245275af83f4f4c685e8a89ad9a92de79c6d362651d1baf96a0832430fc87759ae6eaea004eaaa79184a4d99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25189384a02331a0bae8633546b29b0d
SHA1 6b0b4eff568ab29d60a6f0304c173414213a00bf
SHA256 06ec7dd22e4384043ed5e438350f6d96f18ed2b22e7695aa2f8729dda32b8269
SHA512 b32b22a3388c1a9b0c94606f8291077bee1f1bbdec3a4f9d8621f4a00e5480b3927660632bb668d84996a463504237f377d992775952e7e33b1bff4e889a8414

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 75ce4ea264f8f6c4e04e7c38808d4544
SHA1 89822dff3ff7f624e6830e0fa0ff295da232bddd
SHA256 4da238afb1aaa0ca1a87f6213db54a78477cd962e1edcd156a5ec9c39adfca5e
SHA512 66661c636ce6b5a2a34ccf0b391aba0ad399daabaa308b25374cbeb309d732d2c3f73fee7829547b83f9cd4ea44f9a15a139514f8425df26d5daadc24c919b51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e530dfa5a681f298cd7c32b7e0fd45b2
SHA1 1caa61b31ccf4d954830ed1d49def15fe52b199c
SHA256 eef7933aae88e0431f3eba2b79cfb15ad2424aeea51c6b2b3fd3c0e4e0196ab2
SHA512 e2fe089a7b335308138b22a8e01c802533dfbfec9651d7f04c5e216f65708d606849d9d3d2d2e846553335012d6bc53d0e3a229613e93efbcccb8899b5f931bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9032c580bc7b8920b6e3d5a6c5531934
SHA1 4ff3b84206d7ce99e188099ed09db8b7c3c30c16
SHA256 a2f279b5f571cce5152d8a708aeb756426bd2354158f8ec0a03f5a5ad2f944a9
SHA512 29b99a265b36ecb8da52ad5d613705b0c7699c5b252b943941700281179392ad3579273809fd1a85087fdaf55e2e005f0aca31beb0a3f63bc39f99399155c4fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e1a97ad8976735153e1ff08727c351c
SHA1 a612b8e1f15dd00a54b9e75d0802ca823692a03e
SHA256 5d1b8c4d638780f593fa20436da18afa6f99c2a273fd0d9ff22c75ebd3a77892
SHA512 46bae428e5e9cec150701eb13e956a01575378da87926ca82885529587850a178ce9b52861138fd8e93dd59a305cf76062684a2f0172912321272a41c1ab8860

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19c8dd70b5e75d7b1888df2974435b50
SHA1 240534efdaa940cd4d6621a3e057e3787d054f58
SHA256 b1846fa8166be0279de989474ec7fe16bc16a03c054c8dfefee01239ebffaa35
SHA512 85d15eaffe4b67fbb6aaa74b7d6d70f5bda1632ee6a60ed6bf24bcdb97de48d377fb92d99371e9dcdd2189c3689d48e3af83c9c1ce0b1f949bc81f0bf3688e53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7f3aa5ca74d9598b8475909e13179e4e
SHA1 7be8920d57f3ed218eed691373412a3bc49ad82a
SHA256 b1c22919eefbcf30b8b1baf9bb1c1ee97817b1ecc76d816951d1349bf4cab54f
SHA512 982de98126706c2c025ebd931c30e3572e22cdee24f36864e863f0180868776bdc0740f2862399eeae28a8e96e37cd805fc5f34da625277fb91f923e3ba3c4ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 110ed1d06a83842ddda5eb3c40449f0b
SHA1 bf6b18fee38d8619841bd2aa0559e1e215db4d27
SHA256 2fe4d461919f82e0b1841a98467b10d2d91cd1f75a93c6c2f686ddb8363d90dc
SHA512 b8d6f5f1c8c0cb3539ad91314c523fbba60c3512215bba41ebc86b121006377810cecb134eb38db01de91b3c995210c79cc0db299aa2b7767ca6906dc717d29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6b6e5aa8dac09e09dd51d0e5f5eaa8ab
SHA1 92a7129ab68d2834c6c46939a7b60ef76f86198e
SHA256 981e5fb334e7324838cbb6e68b75342ee2bfe9473e3f3e1ba8023af146648c88
SHA512 1fbfca44fcc8d1adefc7af6deeaade32170123195e40998c74b6c7ac5fc61ace343c17c491e9a37380a786c23eca35488a64c2bb4e8cdecaa92a94858cd3e1cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d33c1457063f55997fea1641a3c59c61
SHA1 21a9579134ba78e1e74a263237ec0986e75fcf11
SHA256 8ee02377ecc414d75ad155e89fb41e429963778851ad33f724ed0d34ab7ba16b
SHA512 4d893a1805711ff6a15f2682d88f67dfbdbeb5b723192715ea0412df7e7cb07c58047a78ba4adc4d9d93e3761bc1c547fe7d74b2d697e0d5ba64ac3c8dd018ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b3f5752dcaaa2248c7c58375e61c4096
SHA1 888ac1f7b3ef5c47b32b13ea12a6097ac0f3b349
SHA256 ad3749477fcbcfa952903f121bd0240e1fa8c3497d977a073b98d229ade8387c
SHA512 ecf039dd744eed9a6c8ba3ab61efaf8e25067763a68fb7949b931c0a0f8ceaec6408cbf6d46b540cb395c5e585d5b55c45762cdcd75185c6024a20fdcdf9331f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e7c4a12396dd15fed7bda972a744653
SHA1 95d76525ba70599042a74b624a54187c0c7d5367
SHA256 cd647898f2f9b2c345e53fa2de859f3310ba080b0f6454ca185a43a06508f8ae
SHA512 715fcc2741e37631ef4ed05750e0ebb081c66c98c854a1d494102bd1d5d5d0a25e646b2c38796ae48ec0072dc933a588332119544d0c7121198c77bd2d2ca51f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63d656938a306775571a482d7a02cbc1
SHA1 76e3520d0de90d55730a2df28283d44dbda92af8
SHA256 556807f6a4efcd1b0f857f36b10781ab694299b877501d2901943e870cb07970
SHA512 e43d9aabfc9b5ede455d53cf1781414e36c05025047e610ac4ffd35d8b457ace49c5329ef7423933d263eab72b0b0bb18da2d78267972f1a55f91c5d1badf737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 812212296661d6493d976ecf43786c30
SHA1 abed42d0628d1b7fef7e5a7ccb9db6f85d894ff5
SHA256 5d9b3d29bae43981699b54bdb64359191f9a206f838451db8adc646efa85a7b0
SHA512 e3b826d37b0d0747f8322ad9e4c1f49462411f8c3b56cefea58773f75029fb7d40bc38d99216d019ce11f30bf80577dff25505a76d583333e4eaefee7b5aeeb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc5f4030bfb7e5709761e30dcd94ab80
SHA1 391347aeb11f6a968d13126aaae9533e476b7b27
SHA256 b63e119a598f4494ae851f0970cd4670a680dfd0875593a73cf936e72fd11b25
SHA512 86fcdbeb15ffcf667c59503557ad40c9c0d5bfd3cbfd6c3104f4786aaccd7f3e5064e25b5e4cdcce6ad21a61227b9842c5599557fb6214aa7ba9190db18596f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de595b97c46a4957c4a4d74e4d9cc2ae
SHA1 19846e3375ca62aa54a5bcece7413492318bdef4
SHA256 ceebe27a1a9c4607e53d1ad3f9e5ec9d1b7e53e59000345257613af0071e0f7c
SHA512 359ae2d6bc904efe934e64638537a472a43e1916cbbb2fcd555fdc241429110d5be2bb369a8cdd6039f7e549d5c8c5e0ca0ade2ec7bb1c51eea187af52a73237

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 337bb154ed41738fc9c9297494466547
SHA1 42a99f3b80b79c0be55aaf30415b1213e757f504
SHA256 ec9fd3e25bfc5b5261f5e38368414c7e3d3dbd041e6d2ba359933b9913582fa5
SHA512 34bd2d1d7fab36d8925912e267d8f06ce6c9939902c8ea41f69c54ac12feb186366b713f76c87908aea8e58fdf5b9dfa6c642370335a1f7775e8b05d1ea9c8be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 2646bf1b116c0734143f2506bfc0a765
SHA1 4257c93768c9ad1d38ac0de4f450a217fac2599e
SHA256 1d73071566ad49fd8930e43b87f418329eb97fc20b21ff855224ba6b4d2e25a1
SHA512 36f61d5cd93623a96271d9ca5d624b9895c4950d1b911c879e55a2c05c88471a645e46b451ea655d72de61625e3d4066ce8d89e370131f23457336199f5f8116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_store.epicgames.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

MD5 8431d284fd57b4e74bc31a8c532b86ad
SHA1 0f30993f639a092119aa4ffd0b23ab1b7670d22f
SHA256 33d6c818a47ecab7f90459759212c1fc26be4ff06db4fcaf08775347cdec0226
SHA512 2270d472cfb11bcf806811634d8cf6afbc277e1ecfc644f71b4aab717cbf59c751e3e5802af304777d69fea048533cab7630a4dfcb96aedbf46c55e4b2d816a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt~RFe62af36.TMP

MD5 6674b1c446e33eeb98fc368a28852b8c
SHA1 0d8416fc8a35003124addf0059a4dab62c61a2e5
SHA256 3632ce40865cc0e0aca5dbf0a619178aff9b70797cc5b818f407e793b6113f70
SHA512 fe506fa0804a2799467708e306ca2f8d9780d835be2f64f0c722f9ca32791735d39ecfafba345f90e2ad29371581814e8a7ab69f7549d95ce0c2c294b52a126d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\e7554770-a18b-4bc4-929d-8a63b9b67533\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7a5c263daf0d61887f84bbdd1d3e5b39
SHA1 96b659e9c27a4ef5845e28cb439e623497aa94cd
SHA256 58316d77197497a1e70d333f073e4f92eae53c845593408c3389ebf38c3bbdc7
SHA512 527ef666ef073f38b009eb6a634cc69cfee4d0223ce69ca03ebe08743b71a93120b77436f3841fad0116dfca6aee8b54e54428c743ca4e8110c4ab6c5971cdb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e445d5a85f63eae1353682105122cd25
SHA1 b0feea6fbeea24595c970c45c5c02bee52041198
SHA256 b93b4c87a3d6ed8985b162067ed6159dd7c0087fccbd196c5fe6fcfafd040080
SHA512 bb95623eaa8e83de6cbe5cf3b6cdefda9b07c5104171792bb9d3e73cd21faa78ddb2154a6c340afe429faf12b6d86c8ca303d3c371d55a4a41454e16b6383346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e587212d7adb563cd7944747c197c6e
SHA1 0415862bf16a90d1a024a377b9c275e7975d90c8
SHA256 88a9974c284466a7c8e109d0742dbca2785b8337e2996068be90ea7ffb1b9551
SHA512 efc210d92e715f363e56ecb91ccf615aad0b2866f0b9336a0653fbf77d9cc88e89007405afed988c589b0eba9be459e10a195245a1e257b9224e6c21efb2fc92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01dd546f3b6055401792fcc20453248c
SHA1 1a88e2a818fd377ddfe11a7af5a1d392587df2bb
SHA256 57be0795ccc055487dc2120474788bdc12eb769bf9fae0af89232554deb6adf4
SHA512 a6feb35685100aaeafc60fa8a89cc74d8ec2f52e321f27f9929c199cd3d8fbf0f80217069e8ac019a6c149faeaea90099592aa8b56d03c6c1736e8eee822a7f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3811c36cd3b857656b85a681eb3d6b75
SHA1 3505292d03857cc14cf5b79e867b64218f69702b
SHA256 cc9bcd366afaf20a7f16c2bdaeec8f7f478ba478f4d7562806add44197632318
SHA512 f71495834be63d23f1b89bf417ceb804938c50ca8cf370eaee4d7819d95938603ba10978d961a7370e8f1c8c2196a08329563bde0e7736e8920e77acb01d9b5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

MD5 9650453c95b267c983b2850e6b326bea
SHA1 8d45f1d77b15d15d7937c37762afb25485088328
SHA256 8468ea5878a544f7c041d8675669d30bfea476b4bffe96b54b84fc69d7e07ed4
SHA512 c0b23483d114741bbeced13f8afa3ef3b6bc23fd7e86d49228b1a6bd7b6d99c4bc67545e1c2c8a0a8f8b1b22ff187c24513eb256aaa111dc056043d7fb40cad8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5a7a0a0a0a584b00d289041554e4e492
SHA1 e4f5d65c564e51497b9157b5a0e2de64eb911a6c
SHA256 9e8ca7bd57cacab186393f3df22161069ea1ba4400bf674782d65ded65c140b8
SHA512 155f2add46573c612fddfd6ed33adc1382925f06f1fb75ae81d8f393b9196f9f3ad8bad528a3b2f590661e804215b0a4ba228bb79a76b128615a3a4654784352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\5369c146-d4ca-4e22-9147-9c691480e07b\index-dir\the-real-index

MD5 ce64723c12328f761bf8af7c27b63fb0
SHA1 5682a964e8d9ae168231bcbfdac5b539e2d17307
SHA256 fb9f95b9b58a2e800ab4b47a161d9ad8cbefb38ff82f00d94615b4a1b261bae1
SHA512 b64f73ebe3b21240c3542b2510460e6f36611bfcae860b4ffe2eca068283e0f6fe1b49a90fdaa26a80f5c67daf80165d5e6437dee736ff22f411fe49a612e961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\5369c146-d4ca-4e22-9147-9c691480e07b\index-dir\the-real-index~RFe62feec.TMP

MD5 c2c34d7aa74142b3fef647c370d30186
SHA1 1a2061b13fe6b40ac1a9c4739854eb6dc7ae77a1
SHA256 3a9e7a76a82af315080b1f7cd287a9df42366fd82686ee08e4406a7661678950
SHA512 11c9e99f00d85d64ff51a703bfa3a1755ff56bfe988b24a0834a54ea57980ebf9ae24648c9841f5f5810f315a619575ffa508f73d24e01ea0fbb793afb8f6f32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cc4a72523076243d558b085d27f6e049
SHA1 7327b8e108d30a97d9266ea62f4c4cd07167f34a
SHA256 86abaade0ec0275c52dbbaf93fd01cb6543c73f23afd076b0ce323de4aa3b540
SHA512 2f79d75dea879eaf718e52c5255cf33ec9e7dfbb17808b7ffa51cbdb394ef840307e8cd51e61c7d97990d1de411c421d568587945b4c70b21e051efaf4d13922

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a18f58106960bc7c11c32469822a43d9
SHA1 1ee94a6752c59eee9be12b7fe4fb232f39585b5f
SHA256 15c266424887d6e23623efb789892043eb251501c2dd80acdbb3934c7ebce18d
SHA512 306c0756d797126058f55b52838eb004307b606d1d4ed8f266577696d060f280281a6eca6ea5490da272dae542b057ce325090ac6dbf6781247926c52b3746c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95966a157637e6f1b1a98d4901e43bf3
SHA1 8cbc1eb5ae3ea25c66deddc203917ec31e245b5d
SHA256 2f019abe58ffc982bef14400df9b12868cb9801f75b49f148a69361f0cc08906
SHA512 76e83397aa33ff8e6d5b61c81fb6c35c0a96fd8dc7df1841e16c8909cd6246e36ecc7770efcb36063737295ebfa8fbfc68df6b93be8d7c6fcfd82a73b721ce99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\e7554770-a18b-4bc4-929d-8a63b9b67533\index-dir\the-real-index~RFe6329f4.TMP

MD5 f7e7bbbe4438847b3659e55980fb2d54
SHA1 7665d261aba33480d71526881ef26451f3f4c125
SHA256 87da8f8ff619eae41cfc6b0d10a3dc53532c03342d9a6cc8903beaf412aeb974
SHA512 dba16c667ede98b655b7b54c46192587b102414fa3d49a0a3ef8009dc53dbc2a492c2bc8250f921210cfe599fb9091f1f9cb1ac3383785119bd81e3f96b20724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\e7554770-a18b-4bc4-929d-8a63b9b67533\index-dir\the-real-index

MD5 ccd2ecd25c5dc77a2a24e838f7e77776
SHA1 fe01a1b3ae9e686041d2d039da2098113dd5e542
SHA256 1aa1ba87a41be62383229ba9ccfa2d98dd334c02177307c48d76e1b6f3fb0ebf
SHA512 02455657f1e55a59ea3d043c6f0cdecfefbd4470abd6199a845f19f075b478ebf8d8e843ba1812c83ab210af0717dd6ab0bc0e4017a6df5ad94667785589aec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

MD5 270672e06cb503e2b86055062fed0386
SHA1 6c6e658a38efcdc5daa51e721a79516774e020ac
SHA256 c04523a9e60cffc395ffa3650a4494b95127ccaaf514c88150d521812c941084
SHA512 621f556f4cf9d143ebd93001a057280ece9915a1038579ca4734ea7e5567c550faf585690c66c2ebb1ae7b4a413cfc0e4cb1c633d41477462653a9e8851ed8c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

MD5 02ad44ab8a40682b5b47f3f31171ab24
SHA1 b743a989e5b86cf7d165d79170507bbb5ca6f8cd
SHA256 f0297a6b5f26a794dd2c35a62a1e6812ea1ad206358a73ebd59525a86de0f343
SHA512 fb8e1315d8c21c10562b99663906ce8adfa850acb3ac0abb3ac554091fec7d1a2562215da3f85ae8de84d4dd76458ff7f3988d7d7f5ec27415781b44975a786e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

MD5 18217e12b9a6780c97b07ffdc86344e8
SHA1 f429e8b4fae12cb2ca6bb026ae7ed65fe357fb74
SHA256 d0ae1460084460ab2fcd7e361e9ade3b58c95ecc90d4e2e8a7b10f509d9b6113
SHA512 46db205c0877c1ddb409b9af3b35b7e336b72c1dc46d29a8604485c78910e6388662f69aee976f5adc4a95aac86b3662547d251899843393d082578ecf790f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 76cf4ab1add4b886d61080a287362472
SHA1 d78a1d216073ad6c7bdb5d2e668569c0cb507ff6
SHA256 694a8869081060555659204dc87c778623407912e75d8c7fe4886ba87f999a43
SHA512 e0e5fecea4a6a25521889cb40d0c92474970dd3c5584dcaf9a80e0f5780d3493a3851a93e83cbbb70b250459449908ca87c0095a213dfa6aa9cd132f0caa6214

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ad

MD5 3974fa105d64eb833d8b38c8dfd82332
SHA1 c021bd6b4063a558d39468e342e5d6df852bb75c
SHA256 b1c910c247f8ac50116fd28cdbf5fc3ca100b22f88994382bbd1c647eee185df
SHA512 899f3b9bb215ba26ecb99cd07241e8febbeabe4fbcfb5a25d57cca60d306ba99c0075e3ff741d0670f2d2baa4ff62eb0be31153ec69350277b862afe0459f53a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f6cf3accdddfd39f_0

MD5 02f2ada184f755cafd3d86e293b4dbdb
SHA1 7c47444f2b24b10e2c029cd4ad45e1863a64fec7
SHA256 6825870db2f92c90a04dd52fa571458c5ea342e9d77f693d75b5c5e75d12915e
SHA512 f245618bd73a9a2e7be94c121f4a8af41b19c95ab0eaa3f256cacef3821d8888cb9acb823cca8c2fe297b486680bc3e8b92c4409fa612aa7ce5e87a4ce0db539

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1845cde8fc2c0a1b_0

MD5 2dabe5f7a7cb3290694fd4d860bb2bb6
SHA1 4b36bde6e26ab714d595c37b4f17e7304ea4773e
SHA256 945a667366484c218951802e11bfe1403416d4cfaf10595719dcbf72c7e85ea4
SHA512 f08a6e4e1bff59266142c052bd97ba2e7c966f628e77ee4fb70a6f8f6300e75430ead07ab3c796e5468775ed15a59076584db0987ad28b62cd7423917c44ae2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ac873b8688d75deca51065165f67c80
SHA1 d56f1ac2d678bac19e034e4797440329e50138f8
SHA256 9cc343689d75167c7bdd4e3fa74e08734ccba56f66df8e03b5879ad1c7b1f364
SHA512 521131ecb1e2441f0310bed04f842a11bb02ec918c95b3481fb3b4b10f45683fab02b128aef32342066ff125796a64683c78aada2fa754df7938501af18b1c06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b5

MD5 a484f2f3418f65b8214cbcd3e4a31057
SHA1 5c002c51b67db40f88b6895a5d5caa67608a65ce
SHA256 79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA512 0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 580ed487c025f200570616b6db6526d5
SHA1 fa36bd1d99a0e01e6dbf1af931961bceaa52d1b2
SHA256 50a189aa82dff3c9deea8a2254c285bbcbd5149d606dc28778ec481d7d5dafad
SHA512 3d4299e4bdf8590d7e4708ead255c81091c003e23ed87846ecf8231d96d2b2f7418276004e07279f1682b3353c43a9d037438797ceb4df98ce4a8fc4de930364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4bffe978ba38efbbb6a9833b3e2f5ef3
SHA1 ab745aa28ef5e4a2a00be6920b8879679e570bd1
SHA256 efe9ee5672dc3135c31fcaf7746d599b4e1f147f5b64be18f07844979ea93f7c
SHA512 5561cafaae2956daedec1b42b565c96f2b64c41b1c94832beff7f84f589beec6c1fcfa8bf0e2b2d4feecaf4e7b0f3070575e167e95932b9ae1eda996be8f29dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a489d3fbac93f0742f4024c8634f7a21
SHA1 39ae59b763e52721711c6d501073a83d78717493
SHA256 4b6ed5e947bec5d5a1a74ee1f0a4dcf7ebef13407bed71df044c652054af1b7a
SHA512 23176055df5d1ac291cc022d8bc3d3bc2511c121f6edb27a4aae1a18a7bfa0c94fb8a8ee595f85c50ce64a096039229bce162da78cc6cc714363e3209d769884

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ecdbfdf680c74121052d70e980bd6145
SHA1 591d671572b8f1c4c8748f60fd5e2722927b0d45
SHA256 1a794db3e16862223f8ecf3072910f17e9b9f05fb1f0cc0cbdc49cc2444e1f0c
SHA512 3069c2bd6625f31528d6695cb514d5da7c374acb3d94e5c6c2923bafe11630b11386d6e2cc17c151c0a9468bd766a81657b9f39c47b265eed57a16d509b78343

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 537eeadfcddefaf4b02c50117c4a5640
SHA1 76cd642d69fc9850bdd49ba23bea7f963443447d
SHA256 ab562df4b0c6d51ee4de161ea5bc54d36fd0ecccec244a99170167bfd20bd8ce
SHA512 610c41bc71e6e444253871c5761c462117a3fc37028303b28e2e82a423aaacee608ffc9fbb5e45a8f554cb44a8b7d40ea4aaa1c3a25a878a3307ec072e819bef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3cd2bcb0742bcb2b801ae2b48f6decc
SHA1 ce98e2bb56e501691d39ef14e4fe6e0f5601b019
SHA256 b78c21a29401613d10d1643a4db786bb7720d69d050bff20c242b3c8831dff42
SHA512 31806885c9b7b459fe54fca531aa0b68d4b8de8f134bac55e4093bfa34f82edfd04511b3b255e80f5e75e43d22853ceea93ff2bb5db90f1a87319fcecf921b72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a56213e717ff1259477487a81af89d69
SHA1 ea3d2a10b8d46b9993fab80268baccffe1f49f67
SHA256 97a5e5e8c1d3b941f8626b1a46ce3dd628f9161baa4c4f7483a02b6863a2c7a3
SHA512 98a6667cc96361f966b0c3826b1039c2e4393b8673fe86c317e835aece41191a3eba13d70eb2f794922297e4782be0aa5f03c83003ce9885c1dd542297ea64ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15c786b45227695ac20a1904ed3d519e
SHA1 26b09a1f3c1a3cb3c630c5772e92715ff14ebf6d
SHA256 72439dbdc3fc31c860e4ff7e5a6e96740b1d06891bbee6a86cbd2a5c393d8095
SHA512 d2b3db602534527102cd4f2b8e9f3e9daa5683d8d09b05fbe513adf6205ee643e956e491e05f5270712eeb5e7d3748c75a471fa0549a54af90bc4605f6423acc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 159e6445fbb883d44118861f9b7afad6
SHA1 336b2543fb80113d816e16b233da6dcc1c818328
SHA256 8218d39274d664e70a6b88359bcc40e791007906316e48ac114e504ee60341ae
SHA512 d78a80b43bed963919d51c71ed20e823b92769065afadf6dd28e4612dce1382a780b3fd66a0440137ff6a0f9f3464d513c5b819cd39edaa0f25e2a4096c94bd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cf

MD5 c8dc195bbcb915d2e3476c415cebfaed
SHA1 71624b2828de065c995e4c5bc5665f822496f351
SHA256 49c5241fa217574ebfcc7f93d630dff8f967533f08e085b96f772d985de0943e
SHA512 2e2ac291f6a5a083c3bb661fbdcbfd51bd74c8c012726c46ea883d1a687e098128ebf06538a96f9583cfefce52ccac04c32602abe07e2722dd0b1ed5518ca08b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d0

MD5 fd93a665db48a2b77737a3c0829c5e54
SHA1 6e7faac7da87e0fedc79915858dcd6e67b4c4a90
SHA256 a613a3b5e418fc4fef1aebcd13651c2bf6cfe3bb5325dc70520a7d53e98ffd1d
SHA512 15c76c51d4dc4451fa68511fbde140889af868b684df2d80e7ff7b11308baa3e7044bd6d7d13fbdd589c33419c705f265f2b624e79da72e3f444bd2ba4101b5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cd

MD5 344ee6eaad74df6b72dec90b1b888aab
SHA1 490e2d92c7f8f3934c14e6c467d8409194bb2c9a
SHA256 a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196
SHA512 2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ce

MD5 5366c57b20a86f1956780da5e26aac90
SHA1 927dca34817d3c42d9647a846854dad3cbcdb533
SHA256 f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa
SHA512 15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000db

MD5 3bd6e8b735a61d32c66e6c3750e903c3
SHA1 682c567a2bd2530afd794f5999030a03f56305c1
SHA256 809bafd21f2e8f5aee3c5b002d865086ce84e5cf4dc4a18c2e6d9f7ad88bbfc7
SHA512 875969bda2db5d4199f5105f49e50268b5aecc1285d7d86c2e8fa1cab1986de727b1fbd8e673244596d0ffe10a3517f0b8827fda4df6bfbc4f95f0bd192438be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c19391397995bf153cfd1b2e9ee51732
SHA1 2048c546e929cf5a99b9ea8d34eb5d387a01c23d
SHA256 f4125b68786f4e47113b125ac51ba9ed565d88b6566ee435cf8f47a9d7e67355
SHA512 72bf429dc92d80bc027344e556cf842484a5e313f294ff29ef7f9e7b841a277c2d2b0dc54e4e17261ff2f6e896b874bea4fe37a805445bd113b395b381bb404e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c480743a19b0d772c5f9157088a1b56d
SHA1 9fe96d388ca3672eb3685cace5796a4861221a03
SHA256 8cb92ad5838e97a2cb610421f85d64e3fa399980b483ae9c3bba1f7e24f427b1
SHA512 bc4770af10a003473e8ef382ee9c9d43e913e3934d91b584fc9e9d3bd2cc7b821014d73d4019faced7ed9fd5299a71faa4a5cb05d55bb4fb8c8e924c3b973444

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ba8c38a12e9b84f5a7501cb2051acc5
SHA1 dc9021a2907dd0c0dffd71d8955669c3f9831af0
SHA256 659c268487cbc1a9634a1c2a50e77242edc2070ec0eb230af2a5e19c49a59109
SHA512 33758ddaa80818b671c9a74600ae1d3630470826eb084e06b2fbaaaed23413f850c95a67cc3eb99a40a059278cc30d9efc7ce9ccd9277d7fb47afb5cfe3cdf27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e4

MD5 d8ed13b015360f76026fde293500acb1
SHA1 a6add39c0b819746001003a1cff4d0f92ce0b4da
SHA256 86e028a4fa1ab191be93cd8c33f60f7fc61a64a8044d34e6064c2a1ed8eb2889
SHA512 e74927f768cd1be1d78261f0d830b2d4ddcd0c687e94a40c3ed059f2b189e700628d4f10050f8321cec00d76af3c7d89efd60aeaa88dc0e969e4b4d361b225b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 deda0537d184a08eb92f240165904e68
SHA1 e5602f44ea322502020be5b752c82f76e30766aa
SHA256 5b53a2f0bfa3c7f67574ff69b1e280eb50bddc817fec3372998809f401dc6176
SHA512 793929d2ad1d616dbf92d9e4adbcf5927ee9ca7525891d94fdecb5db3465313f3e80ffc4d6ae9c243d1671b2f15fdf256794cd00534ea76a1c698b98cf2ce332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dd

MD5 7a945261a8c4d648fa3c32a62d238773
SHA1 2bf551561499a97fc6bdff0ebc37b880fc779373
SHA256 97b57d3901e222b34deab977538c816ad200846842a37264371a6215fc8544f4
SHA512 cdadf955f7b55d60b864b60eadbe4e4df138b5c2c3fcd35490ac46355d227e7a43b5d3f8ab3db740f4bd5b254a7ee4d500eb671f9b69446fa750c9d00207f416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dc

MD5 a4894bf60c3f08c47d6f311149fb0a51
SHA1 49d0c7647a99ee34c6a54ecb36e087c356950924
SHA256 3f13c8cad3273603655ab6e5007c3ca59d05436d2ebf658efeba1ba9ddb03c1b
SHA512 e3b21a8d13d994d1fbaa5b03fb768accb1a181685f73b8260fc9206a50ebe233a0faa31b083a255ca3c4548bba4db98ad11ce607a4fe6d4f2f1328d24d6aa9d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e10bbc4a97a2e809_0

MD5 d7968c04e6c35a7338549e0792450a83
SHA1 aa4212e52737ed33048824a932a402647125908c
SHA256 6972d423e787bde7993b240976ca72f5bac0495db3cdf7e2da1eeff8ab7663be
SHA512 52689229a40c583901769c77bfde399925745b9d4f0fb1956c32bc008afac1a6efdb57a162400681eafc23005ccc39b982e742b960bb43b336374aea07b3e992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\275963bd5a1a90ba_0

MD5 f49ef4e3e5361f6b3df45504c6f270ce
SHA1 ee07a0a2e03c11fe383ba206b6e5510c3b0aff5d
SHA256 146f8f1af598a9f3554c47f19c777d15519aece5513504798d95aa238307e649
SHA512 c696425e95c68cec82f969d271b6fdb7bb0e1b54a41be970a5a587515416d1a668d66902ca8a194494e4f99cccf5f887344eddfdd00a8e394600a5d0c647bffe

memory/1896-4984-0x00000000032D0000-0x00000000032FE000-memory.dmp

memory/1896-4986-0x0000000003310000-0x0000000003320000-memory.dmp

C:\Windows\Installer\MSI14EC.tmp-\CustomAction.config

MD5 3a35350940b2fa2c5a9c57bdb25aae3f
SHA1 f4d32d9e007478c80c23f7b70245d6401550ce6a
SHA256 361f2f5623b1e11403827ffd625c9edc5d7977d584393d6475fc5e6559c3edb7
SHA512 62756d9247cd6ead152f00d5ff7627e3158e5f0beae00520510830eeb9b1ff5b3a33201bc81240bd31f066198c6b639e3f2cbceb9155c2ce994900ab3a685e8b

C:\Windows\Installer\MSI14EC.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 1a5caea6734fdd07caa514c3f3fb75da
SHA1 f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256 cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512 a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

C:\Windows\Installer\MSI14EC.tmp-\CustomActionManaged.dll

MD5 2b54558c365370886723974967a60b45
SHA1 faf9bf7ac38bf35701db8bd14321ba5e97a0103f
SHA256 a7c459ca67d6388eb3c8d16a210e1dc73f6abffbb8a78bcf071c22f809942afa
SHA512 a47e0589fe690d45eebdd540033fb1c0bef88dbb6a9ed6fdda0b989def4ebe5683a387ca2f72819727ba5ba372368bc35f76fc6bb32ef860f298fc13525bab84

C:\Windows\Installer\MSI1B75.tmp

MD5 f54843af156794ba61ae0ec764251229
SHA1 069ba2232c67729a23841ec6c69021ce63b59a37
SHA256 02a22318281d8f0475076239a63434189b142f2f533ca378d074ab9eb4e9cfda
SHA512 2d687454aefcf93667b4d044092f549650c048e9311ed0a474f7e573f5bc8f9e3e18cecd00a69eb6f2fecedaa23cc63ad882c193b310d52dbacc6e8049e7ce5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3446f5febd8612fd7e98e22378524221
SHA1 c91ccdc6ee85bb456b357c7ecbb923daf1434c7e
SHA256 25ac64949f76bd4d46232b3c3791d7e1ff8e9eecbff730bb1607ddfd44913516
SHA512 09227b52304bd50064cac03f9dd608e5a563cb6efbe4d8c644bccef0714da25d9f8996dfc41837a6af9264d339fb7aa148b68d698b083aa8716f9aa99bfc2dd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 950f056fd6f36b750806a3bff9010edc
SHA1 ec9996bda08394de417fc19443a49eb4afe90ab4
SHA256 b5c142a8cf65f442fe48672f707ad442eb32488f248bdb182fb41bd4d368bfa0
SHA512 ab49fb6b5800dab153348fc0c771a03c4bc07e29f8720172ee33f81c7fbdb42272cce89559a5ed16bb7f478aec8ea96a7ccb2a6335ec98136a887936a98e5c6f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\nmg_CM.res

MD5 8e658e24e91577b14fb18bdc90a2e1c5
SHA1 2a12c0df79a4b42f048c50ba66c942aac4a256e8
SHA256 829e57b045199ba2d82b08baae8107b9875c7a99488ff32e7c3e225ea16a8a67
SHA512 eeed6686c5ca622dbeb27d18ac89606d55f759c8f450860adc1d5aa956aba14f5606aaee7a173846e947b7274f6be9ca039bf0838fea8d1fae08d2b6b0b386c3

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\en_MG.res

MD5 7621254d9d701161592f4f0cbbf6f7bf
SHA1 d41412336a9893e9a9dd439b13a3c65435018da3
SHA256 db13f9c7b55bccf734f5c6d3c56dfed65eda9dc7976e24f0a862f2408a6e529f
SHA512 dfe7eacc4058d1862eb6ef8305a388bd27249fe2b91df08c3102928b066454b322fb55ac7a34de0e27a87d2112b6a374e674b27b1296240efe46c5bb135d0a20

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\shi_Tfng.res

MD5 264c63861ceef0e1a4cc72d014aa43fc
SHA1 74b6aafbfe5d4dce23ec1950246d948a8af12cef
SHA256 2c7e3796404241f7ff344f6e838eb3dfb77569152bfeb1880927e4347b50c642
SHA512 a65e31c1fa603f4a893236a84d56b04a9563e8a9520100839a997c62a2d749c3a47ff862f195d8c731194f1e9ffa9d7112214e6d3c06fac5c940a26611217b9b

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\bas.res

MD5 6134f4cd4d6c15ce86537d2613927036
SHA1 59d53b482f70551d8dea499a310e7da230219a18
SHA256 68f743aec976a4117dca15a76760cac2f8580cedfa64b9c7d523a8f7bc0fe081
SHA512 aab3c6a451737433d25e38d86d21f865d944541d8c3a1ea23d937afb33c3a06c56a436afa997d42343aae8395607819a1a79f0fcb60a8017ee4c6e4c9a140172

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\uz_Latn_UZ.res

MD5 f637999c3373220f35094ab85161afbb
SHA1 24891e13d210b7e6b7d0053cbf5a945566f79938
SHA256 eb0040acad7de2a57e33a3ad90fb1711651a7ff071d21653a3b6bc7aa39cec7b
SHA512 d7b2cd72563f0a9015a2d3239d4660a3086262f633b680128b0b6f86c3ab8051838858133488768d9bd0d1db97f64c4b61172a7f6f7556c8d2295db48673708f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\en_MU.res

MD5 4d8b9ed918a6a21826cf6acda10d7b8b
SHA1 dec9bb0c1333322c691b9318a9fad5e0987319e7
SHA256 e26840bbac4f0ed8e3601f62abb775fcc16bf38b70785540025d1818f7057881
SHA512 7ae98d692352c530ae50ab24c00c7f0aeb6c2f74c6b77ebbbddf4bdd04b21e48816bf3f2698ee2b014d703f56f9e14958e28f298cd56027492c3a300fc4b619f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\en_SD.res

MD5 847e775630f25d5d30746d2aba9615c0
SHA1 a538e1d8a5acdbdec4c3fe3123a46e6311a466de
SHA256 4b49d73f1dacc88c3c58bdc9c73014345f9535ad76af80b72881ca618e0ab804
SHA512 c7a9c62d9ee17004fb9dabad8b1877d80387692b50447d1cbaf6178cba89e56fa4272f7292ba9e26bafa7585c403580093a5e022031f6d0b96e44c7ff4357bcb

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\th_TH.res

MD5 c34486d88a5544f3392a4fb031eca28c
SHA1 287ae38b9011fd9bf97fac414b405f1748b748fb
SHA256 f7835f43b81af073e115dcdbdd71e6d274c476853ffe6befcff4a6dd26e02cc6
SHA512 dd334e26082cd5f5b9cf2dd581930db2dcfc8ae136fea02b0a7e8376baa2c0582236086c7d973a84c14eb3f873c6f540e70fe65917d757c6fa630e56cd780c35

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\en_CC.res

MD5 68ae567d0c236da786e332a837c30299
SHA1 dfeda196ef4cd20bbf63cc94d213ad031bab3dcb
SHA256 b008ddd5d12fb7008ac7f0c345e57100ef0a0b69f6f92cb34496c34386f71b7f
SHA512 60e949b0ab3e6ac8209473f4c19bf87eba3216f1de345f93e88cbaeaf68bf6fe7ce4f2dde4eab9966e1da237f644e116ab5f5dc107d846d3fc7d3971fe380734

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_FM.res

MD5 7b933f365b0f6a04c6db118e4a5c302e
SHA1 193d872892e0be99bdeb813cf9bc6e6b9ae2022f
SHA256 21eda0dea9e1f55f8e7a899b005526ea9d3d08e9338b7a57524e35c0d472d903
SHA512 91c56392f9924f26bf28a803377b5ef517a3f4d0e5dda3541c0a73ba33bce1ec6b78b325c59b4defcce830c4133e4bcaf118372067a5d9d05a0ac4e592d75980

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_JM.res

MD5 dbed6cbf5b4e215e7bc058594652c5c6
SHA1 14ff2242eb58ded4ae8da0315f21ad1894cc848d
SHA256 df819c5400d36259bca9e3f7fbdafb6f2da2ffa00c5cf03695d3a1a5a20e8592
SHA512 0312dc0174e32aba5fdc8edc21d06dd613f0bc9bb24e1e502902379b997406d4b5e2a0c17e48bf582594c5d0988fa8dd3fd9a1ccc9fc386c4e453683196f2ec8

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\fr_BF.res

MD5 2e5503409ec26800fcf6a9b1d64dbe57
SHA1 5962f8204c362dfef2b60cda43363d4811d686c6
SHA256 d5d3c00ca62f706f59183248bbe5fe5c6fb721e544d3a665a8bd03b4b5f73478
SHA512 649675774963c12d5776f5d8d12580f79acd476c21056662d5391ac262e82a56adc751807ea94f8d59979733bbed2616a8bf1bca16af5d89350aa473e21108be

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\bs_Latn_BA.res

MD5 c64f71ae20060954b9e32c5b9da51c65
SHA1 1e33967c51e09874f6a1de9a9c3539db9ca82a63
SHA256 1f132ca885d786c508137e5a798dca175fdd0d486a134931fcc3803db934b735
SHA512 caaad60303a93e38e881d7fc3c711d7a52acb59511a65bee549193067f88b870bff2daebddfae6d4ed366f93d3d7003ec5b0ac13890b9187f9a37d2be8831d17

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\sr_Latn_BA.res

MD5 4f880c5d6bddf339f850a87f0dc7be2d
SHA1 90f0e7728bf802b7e962db8434d1c562705f0613
SHA256 b175f94ed5ce958a83aab63677471aa4c0b2ea04faba7c42681a5aeaef8e5530
SHA512 c9fc5b2f71f055d42c8501aaaaf6e6b6c290a6018cf1cfcb993735a01868850d0b3c5eaad3a611c80d456af9319dcf1f20ce4a8a0db54736ba8c8d7089b54144

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_SX.res

MD5 7c270f310229b7a3bceabd9ae3be08b8
SHA1 b4fb1a986654111beaa667e79a6ee7efd3958c21
SHA256 a865ec010c2680b1674f3f258f1aff7a401e7ed6459f98c0699287fc05b8c520
SHA512 1967b7f33051c0e665cde999bf594921ba1376017895e2cd74b3863d8704beabe9cb4d7e44be46c038225a24c205a31310198682885e8bc7a14575860c5cc988

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\ca_IT.res

MD5 cf788fa9793fea6104e904fba48b9ade
SHA1 5105a53f269a6c445fe58f0ab7bb501bf5790960
SHA256 d49d36962528cd70e638fe62c2a675838d5f6d13c229f6a107530d58c458d100
SHA512 b07ced3b04e2ce33b0fa215ae03002e666d5408f31ade8fe84f46e2a7474d277b40887f090d5db6abea58b6a8df385f952dd614979ad903aaf31b524a06aa93b

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\en_ZM.res

MD5 5c178e2fa9f7bfafd04671973597da85
SHA1 77beeb262833524ff0cb993f282abefc05b49323
SHA256 dfecd526162a19ed0e877a733782593d1cf496e5d1435248c06bdf5386f36bbd
SHA512 d4fad5f465b41fa87df52fb0bae6a5c4cdd48c3c43be1daae1de9b55b962f217cb666f47f7980599caaf0101aad46895f2a3f07e872a1b44146ebc64cff860b9

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_NA.res

MD5 84781fb37996ae5ed3c3e0e3beb4455a
SHA1 ecd887370a4453e67a642a46bef4bb4593c0cedd
SHA256 b94b6bae10b1b207adfb721f38c9bdabf1b3619c2c82afe24c7a0f823f9ca38e
SHA512 fffc82be344acdafa125a7a9ba3d79939f695b3c8a1aa66d8c0092847b7487385c979175f37d7df39eb3334f56621df78d3b2b087e7ae5d40972dd37ed42b109

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_IM.res

MD5 8e8f7836852a74de789dd0f4c71797db
SHA1 7509333c6d134b2bad48486057f91336dc1aa009
SHA256 d338e130fafe30c63a1dde8b6478a23dce8d1a3716b776c44fbf9e132a392c32
SHA512 4c39dd6462ea0f1f0d674bb06e8a5153a86903a91b0c04166a06c7df3b511e6ce83cbfe19d7175c010867f97dcb80723c398b4985d68ba162c30dd15b52d1fd9

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\he_IL.res

MD5 a0e7f0023efe9d9da802a0c5a941f8ce
SHA1 e4522c97b99704605469449c21aeef8e03a0ad3e
SHA256 756032017e2d9deb9ec1508dafb605009eadf6d859ff309bbcd6e49bb2d8d9f2
SHA512 2b06564fb675f51d96e9945a303d9aadaeabb8173222ac644ac3415d5ac1aec958d70f651a5c85561cdd79e0f4b713d43117332a8536a251f4fb48800076ab01

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\es_PA.res

MD5 df8c1b6c2e9d796cc17fdc48cde3cb5f
SHA1 6b58526e194eb5461eb52568711cf490fc6ce325
SHA256 6423a955dc8a45912dc4ca81aaa6ede3554c2dad3efe200ff97428ec88995da0
SHA512 7c8085034258ebacda4948e6fcebce0f4d9b56da4fc6377e4cc94b042fc54f9f775d93d6efbd9877d9e453c9c31876f905e8953298c71c37cf720dee2fef9db2

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\en_SC.res

MD5 8ccd09fd382b155e658cb8e38a69d50d
SHA1 beb2f210e55b9b72116cb9ca3b5a654e7bbf3066
SHA256 673b9967e9bab1bab7bd65e184eeb02eb5e8dc38f33f0970e683b9445c967cc7
SHA512 26d1444ac0d0dc7bd1a5e5081bdce4831fb7768d6c93747e6bae049d88136a95d13644763aaa86e4dea7cfc40a6d2ef80506a984e650debc3c036822d881282a

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\coll\nl.res

MD5 74852472abc6dd63b12c4766472c9b74
SHA1 5b59504cccc2a557a39ab15bffac0270d4e4014a
SHA256 bd31f37629afe5b5ca7801f26f251980f6f6a737c01c3c5be19e10b8f4840f00
SHA512 80e3f257a80030becd995377e912bcb62940c2819cee559441cd3b9a141229a7e071fa75b91b4b868dcdbfd00ac389f5250c7d49d0f8096e8cdf9b045523d0db

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\en_SX.res

MD5 9195559cd1c871889bae26ad19ca0c24
SHA1 7106db267cc6f7d978d00d4a9829010b1e653375
SHA256 ab6683282cd7cd5a8a819796ff415a8c97933eb2a77e5f6b8b42048dd336eb70
SHA512 231cff0ae144af4382b9f869807492ece979a809f0f4a912b8b41e09ebf4cc6f173ec62a507af72c28bf825a7f74624b1ab776f293d632038e7b3590c9b885c5

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\pt_MO.res

MD5 aae879c1e1523cd47b76124dfb953f5c
SHA1 9e6f3e4d87189a381ea5ca35148e2bc4c2618686
SHA256 5ab1e574c48682e6feea216e71b16150335eea3d23af856a0e6f71ce715de137
SHA512 7ff20635476d644ccdf277a9dfdb01dc95fbb46c92c4fd119cebc16758380935f09b4dd1b6b240e9336465e637ac47cdca02c32dfc67ca0ccb170b2b17ab89df

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\coll\zh_Hant_HK.res

MD5 446a3139b2628b0370b88deded4d5382
SHA1 73a290ecc02be29b6e9dedd1dde7b0633cb5d5a8
SHA256 5107405e84e52f18e47aa7071f183e499a2c325e6e4bda7fca2b59ecb55d81d7
SHA512 6e6cbe46747664442464bccb8dc93dfad4a786c6ac390eda705c083498c898ff0d9083afa411e800f1dfc1db10799bee110e7c5371b3f559a806d72d42cdeb0c

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\az_Latn_AZ.res

MD5 3f209b3aa35603dcbb208a74caa36c86
SHA1 249de057005be697205333aba0433c5b04653bbb
SHA256 f3965e339c622c96879dee316de42f9e9f693ddeb7a52fdcebba027171f2c86a
SHA512 02411ae5728814057e0ca78d850eea85b3aca16dfdbee97a7c01860da3b82640eebe60960938c7f64b05d9e9fe8bae0b826d242e24b33c40024836f716f17e31

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\pt_ST.res

MD5 0314889a62d29f92898f2e84fb0d88d6
SHA1 5e274dbbd7f357ad6d09b3b822a4b92d3109c8b4
SHA256 c1991718a07aefc99fb6206f3bc6c99afa7ff678e9f6a01b4a475ddc2b288b23
SHA512 04b0c28f2ba9cc19a5a89d0946050c41874617f8ec2cb3c1f268931446af51c4b3850f4a3a627e14eb34c504435f726cc4f8b11733fcc5f2d73ef2371bacb1cd

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\es_BO.res

MD5 7694951ef25993c308c192cb7f702a4d
SHA1 65c2b02876fb4c07ef7639d251c32e3752cfe22a
SHA256 abbdcff69a749e45c85eb908f6228f7a2aa7626ca79a8bb34193c6c56099a41d
SHA512 7de1eedc81ea2fbd7609014f999be352059dccebc7f14637d84f7b3e51cacd7cd17f2bb9d43d074078951c69911bc7ec8591d2330c02c73922a695763d356fd1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\es_BR.res

MD5 10e40df5115f3c4978dce4da2e0d6451
SHA1 bc28046e014f618395e2ccccc316c17ed91daa4a
SHA256 876f59b33ba2ca4dfcb619bae86da6165df4955b09ec4fc989bc4e8fd4f1df89
SHA512 00e5df6097b58acfee5b47748856a95f4e0cd920ae9c33a4d6ed71425b1714e7f2dc6031febc5ec4ccf216a1e3e3cab2a3950999dc8343b746ee20747dbcf6ff

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\rbnf\es_GT.res

MD5 01ac728b63d66869b5a2d94a2f88b64f
SHA1 e12801ed14cb0b7bb6252a3666c9c97820f15ee9
SHA256 59a741f29db4fd6792c6b24842f42aa8f9ef4e61c3f9085fde8b92f29c76960c
SHA512 132080285a86e399d3f920f470fafcf39ac76d5370a492bec00af161c2c537e8368335f675e006b2ee64f6ffb02a78423a4bc7bb636342c5b92f13f4ab4c3e39

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_CM.res

MD5 a2fecb24b478f9a9e53e5bd8cb82947b
SHA1 3eba18a74e53bc95b39065ad1c229181284f3bde
SHA256 55d9048a31ccfb28f5da7a418a221d2cf8d488da50dc7a125a7bbb0eb7bd01b4
SHA512 69a04cf483233f71dfe3e3730a11e4a5e86b57946a3bc9be823dcb7c5e0b3c26c771962242e226c82e8a72abd29133e90dcc0aefafa2ceab146ed4fb321439c1

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_TC.res

MD5 d6186af2d25663529a1670149401c51a
SHA1 cc73aaa889e5f7da2fced52a80448c64c5756a9d
SHA256 c3dd2043cdd9a4430624cf43fe1d7c65938e1a6d029ed3ee2632796a8d4abb5a
SHA512 c94e2e44c785414bf4894caece699225411498cac344f761a8a047a4f82c15bd26d9f78834d515264805ed6454bcb3ef05e7e622e241f2e2c9678cdd0376ce31

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\es_CU.res

MD5 9e46895540fd75ba1c21cc8bca9446b4
SHA1 09c5d01771b26a3f003757fd9788d13c0f10ae26
SHA256 56b0002469f572cfd0cb8c8becea7a1005ea8f7ed1d3dd308e0c4ad28a88f0c6
SHA512 b7b792042aba5729eb852ecda456087f05e459641f62c1bc6e951f3bd72a81b8c6d55a995fc07bffd2ce342cf87618010a4ad63271ca4518950c9b93b9b6df85

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\pt_MZ.res

MD5 5e3e0a089d7bacd2f1ac2684ee9bef02
SHA1 4bd888ae18fa11258d13f8fa615d8915777ca4ee
SHA256 f963a5003bfc4bcf7a310c34bdaded866bfe24561fef032e89fecab13bc3ffbb
SHA512 a65c63add4db82803f2aca5d2ca2ebdadd12faff258472d36b0f735617104c352ff28b49afc19446fcab396e1febdc9a08bd91d2ef43f96ee25658d3a216c4bf

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_LC.res

MD5 08408c8d145ccd952dd7d40baa4853d6
SHA1 cfad7e3b03106cec4678ab39cac25fbfb34dd5df
SHA256 03ea59d7659ee65e93d76e0744b1a0497d63bc278692f2a85cfe54a1f8d7f1a9
SHA512 df6c166aeae11ba470f588f2f7fb096493c74ec973ac25a21d354f92fa775189f487ef639bb31d59de64b4fab68b4045f1e3267d029ed612feaa57f2fdb5495f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\pt_ST.res

MD5 1ebd2cf7b1b1688edba5e6481651878d
SHA1 d7475c1e2105a5316f89bad639102a22e59e8206
SHA256 8840adebc3abc62843f8e6350f2e28528a3ca15d65fa9979bed3bf44566867a9
SHA512 208ef55200983034d2e782b061c3c065e60832cb443d5b4cfdbe9297d338e9867089b7f26fd2a7bd7c25bdd11e8b5c7c7bdaa77a409dc679a931256ca038aa0a

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\en_ZM.res

MD5 584b7ed10634a00ed0e4f58e9404cd0f
SHA1 f167a677fbc727a61d5ac6a326cf1f2eaa8e6073
SHA256 d3e4b494d598c2c08dcdbb9379b164c95158bb673aae0ad789124f46170937f3
SHA512 f32c2e4fd559487d4b3e8a67392d5989ec99212453e1afa2dcbbd22ab69c3e21c589790653d357a5c048c670e2961a1810af3718823038ba9523164478468d0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d5

MD5 add93900cde9bb65a856ff06b0b5dded
SHA1 f70c048573f5338d876e30ee0a775cb22d83ad9c
SHA256 d2d45f5b10d8350316b7428692b1197b2563e4c0e3c2bafad703c493f17ea8b0
SHA512 0ff057122f0dd08a46e23c4476ad5720a0267e3489b5d8971431b4bc3f5800846c2bcd88f0dd75d4b8d3397598fe6c80d9ad8932c709e8bfc4b5f1d1451bd42f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d6

MD5 2c59535f06095ea82da8ebdc866abd20
SHA1 ae4a3ad4998d7e8ac5eb0ef2fd5573b445bc57d8
SHA256 8f90c2361aad34201fae4071cf92e120a948018aea7dca3ba69807d69fff6780
SHA512 586be7eb1f2f30f97352a54b9f07fdfd5c5041d20ec49886291b4f81f4b7ce699eb46a56cf7cf3ec51330ac71929e44b5c5e4ed24a31bf70cd3e58f032316914

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d8

MD5 471b5637e5ede341fde71563f895cf37
SHA1 73941a9629a5e6668fde8555befc863a8e1ce650
SHA256 d32222d6a97295042c6d80dae3d37fe1e0710763283d4c0438dea9ccd809c5e2
SHA512 d102f33d308ff594e971650f0a14e9c0bcd6e3bdb39b1ef7633bc28036a0ba15a6c4e2f2312781b272c86ce4d3cb00485dc3df6710b41cd5459ebba22d3a0e84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7

MD5 711d9e05c3529cbe4724a75105297f0e
SHA1 f4a0741980756a4276cff202593a28cc48e57439
SHA256 90828b9db6eff7a42c25c008b81b280f84a691699126404c47f66c19bd7b7fbf
SHA512 f9df1aed523a8ad437ab1c2fb53d14e316335998f7c46d44ff428dcbb8e3c379aca3020b7715544736210b1da8ca535c6ed210db991605dd1c0839193facdf99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8ae3aa8c5c0536ad_0

MD5 8cd4b313c17fbbae8baacee05a5889fb
SHA1 6687cd551ee635a5a8d02047cfab6e036901b51c
SHA256 9008d0cdaa34adad45a1400e623e41fbee3a237908b9312da966c22a70a7dff0
SHA512 580cd2bd817dc44f9634129776e1fee318ae917c7486d324574455693bbd4bc85b9bb67c0ccfe22788c9d8946df9d7094c0dfc7d6b4d204d988a461b84058516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f4dbc649d96ee5a6_0

MD5 917846623023db04b776f5378155bd52
SHA1 de7745daff0d972d1d5c1e60e0b5f7d2336658de
SHA256 430a2a235cd56b5ec4d2a324d5097d4d360bfffde37783f1a027879109a2584a
SHA512 3ef5e4dbb0e6ffd195419845ec8e1b66ccde237d692fdbaafcb26f1aadf7e4465393ef65d36ee8f5b301d1cc3d88348567b88a63a8caf2d03943c721c9b1a59f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\en_IE.res

MD5 f290c99a3e9c928023e949819dfe38ee
SHA1 e24ac7970af336c9455b5211bf1b865237d46e05
SHA256 6dd348d1795c7e999a650b6cbf254544f9d62ebe48f53230334bc0d6fa44d47d
SHA512 873c23e1aea6243172bd8f8efa2cb1ed8580e1def84764cc05a3638118d4c01f17f8f51967dc050c903727cb1784c4ea01d274a45c4969d9fe1e7efb881a0379

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 fbf64379fff62cab31d6a15c7d530e1c
SHA1 74bb5f79a328fcb5ea39c11813928a0709e94467
SHA256 84345d46a0800a94264b419427560553a0103a7c7042d92a106da59d9943ac25
SHA512 0a9e3a8230b9f94d1da210be359edd153291bdbef5b7e3143108681b9c847796c3d0670247ceed79e2051e48c79d3aae99be7924c9838c050e2c5bb28769b785

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\ar_BH.res

MD5 ae6774ad1b4e487d0992d22700f9087f
SHA1 46b5c49c76a7106f33bfa9bb13ec5b0f50eff50b
SHA256 dc359b3a630dab0a5b4e728806547747fc25105b70abd3b22e8bff20a3995ef5
SHA512 095b725d6f78b78a8f77dfa461b716a480219a969efc8246045bc0b93a18ba1377bc17bf4ff99b390038db71db3a387c4b6c658f858b735a897d41ce6c34ce79

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\fr_SY.res

MD5 4cf3aa31b641864ab60ef738b2b9903a
SHA1 92db1cf0b23b8d187b404b1693c3841f16152bda
SHA256 4d2bbe1d4d9d0a4266448241596bca9da40a34d96e4fd309a205350156de0134
SHA512 e7e01ab79ce30f51b69b1c7094c325d55e08da3703c05ed0741b05d30b2c4d662587338141aa5bf6ee9015ce1dff2094982a40ba58f4abca7cf3e8c1a954e2ec

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\pt_TL.res

MD5 606dd5e86352cba8a2a4f4561837824b
SHA1 5c0059f5cbdd887fb652fa79ad87aac0f8865ea8
SHA256 3a85bade8a7a6db69c28c9388ef247294248df06f9d9d406198479426b31d70c
SHA512 66c908320950530c345997b522e12d7d6603df931fe32b43644a2ddfa12be7795c9582c070adb744fbde9df287816fc8584f5f1a2bc2158abd8bfc9ba4b20e0c

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\sr_Cyrl.res

MD5 85a6974221a7807b04c9e016b6c8904c
SHA1 421c17e072a104975c29e5c4a51575c5a9542489
SHA256 939c1da1c4ed3e97227cfc94d46bacdfbbb8d2bff721ec42618b641db731ad3d
SHA512 eadbc62801b0d5aba4b9a2bbdf469f007493fe613e04b640aa511383a4e3d707ac0adcff3e5d80f1598090e12cd65c5985dfcdf0cf8d46af807bad00204182cc

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\vai_Vaii.res

MD5 a60e02569784ac9d5c76e3021322c822
SHA1 471960a6448f26bf0216f28f071e3860f1d6a271
SHA256 338496ad90df4581131f024dd945f5d7455f0b9969ea0c924e9f1bc142083b18
SHA512 a2d57f8efbe4e5d0b50faf54c6c44ceecf0ade4577872af3cace9df64d1733a68325494694b03e3517877560bf12cc124f662aaddf8c1f68b97862e75fc0cef2

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\sr_YU.res

MD5 88ca5d2b5f3baa53f32d1a17affb3cc4
SHA1 b603ef247d2e23125e79c34f3695b44853a2024e
SHA256 413c50ef83d5a3ff6c6f693e50594ff033a0301dcb807c2ad1efdeb25fcb7642
SHA512 be26d85b7ea633275de857127a7e8891fe0bd1eb66ba33e83ee6b652a76c0618bf052da6a43fb9e21394941732d9805dc2fb801a5065b7ee8cda6ea77ff3914d

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\rwk.res

MD5 2dc65410add51f24840be253b3de1e6a
SHA1 555d4e6eb7c777e657dc6fa511950b6a31426ba1
SHA256 e8647fd90a97c6c221deabe0e4e4f833e3b726c9424091695e2419045d7f2b60
SHA512 01bec81c93895a11fdb507bcfe01386d0d590e20827aad4ab59ce50e25de3074801996fd2b3ac9d8231af80049dc5ecaab8e3ad38ae8fd9b4135706cdc53f60f

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\unit\pa_Arab.res

MD5 6a9273af56e5d1f6f2d24203334ddf9b
SHA1 bd7ca1cb1ba90b6036803043b8e351e6ec499da5
SHA256 f1d94fcb430e36370fa030c9d9892214dcb624289bc5282d432bf2a49378a08c
SHA512 066cc289321c632ca0657aac15f9f0e121c506b3ebd752e19277a5087417430e3c40525e0b410b930ef3a238328906aa64bf2a53b0febb26724918333c500508

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\pa_Guru.res

MD5 7b02e28612fbff1a60da141244aef706
SHA1 78065b63c9d24feaa1f72752a39d3977449bce1e
SHA256 15b23903878e867c7f8638b46048ffcbb245789c344bc16986851a7227687909
SHA512 ea8c726496990c7fd4958181650b21b89fce23c5250e76bfc3b7d23acf827196791c312f96ff71d5fd0f90b03603646c26b3b31232d6fa2630492c4a315552f5

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\sr_Cyrl.res

MD5 c2d04d672f4df81cff4bceead9be3750
SHA1 21413dc219200658c148c7adc2a3c47e7d4c3ffd
SHA256 ddd8f7540d9a540ea6967bf394fddaf7262d47fd2484d4467cb4d2c747b6dd32
SHA512 6a15d00e02638fae576327c856aa81a476fb76621febf62bf1160d6afd8fd7e5ceaf12fe7cce072bb45e0d371ed5be67b3059a19a45f0e7d452564475d69b598

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\vai_Vaii.res

MD5 a0838e6d15b5072dc03baeb7f98ed41a
SHA1 98ab23737463e55ada302d75545a9bb32be19272
SHA256 825e5f4187683fe01e0fff595d7cb7cab8654c5699f0d8386e6c3625a5e3b19f
SHA512 b4f64fa488f5af2465e5f986c7b505df49c23166c022e13dbe764047833735551f67c2f3dacdfff46a30847e8303df96270471f990ac48353e6a5baacafc3d2a

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\region\sr_Cyrl_YU.res

MD5 5c56677a0822b6f922124f4e4ae5a625
SHA1 d1a78f3f6f949ca8c8593dfd24a8c248642bbf38
SHA256 7d0e61f3ca3dae5bb75aaf6318bde4f128da9662fe1d75fc245f5d4b5e4188ce
SHA512 0090c31c35af1b6718f4db3fe7aa2e6f06240b7895df417ff9500e08c66a9f9d98095378558131c2d96ea129fdc7df30be876f4b18b887872b0addfa9c3a59a8

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\lang\sr_RS.res

MD5 522cc1a65a354bc4ac2119c3ee5177e2
SHA1 5ff152aa8dec7e82399d07d29d1dc12be874f985
SHA256 fd32948fd9cec6e575bb7e29a4102cdbf852ec752cf47399a028d04528c489b3
SHA512 e95d63da5e61069be80017cbd7be335ec4a80d44a1acf9638c697b13817a832d8bfa7afcb562f3d9c36df13de27366c78ba0866bb9e463f5af455ae0983e385e

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\sr_Cyrl_YU.res

MD5 7a74fc755d1e0d6d48cd5b4c2361592b
SHA1 f35ee9e8b2b8ad42d48265ab5f32617b664a77fe
SHA256 028a167d99b424b29176736eafd35631bacf7a4f087e765c6e244cef0d12203e
SHA512 be38f81fe8d53b9fa2adad5d2b403dae7e6223f6aa4438f5ddd5c3be3b88795a720e90197a96263dc8251abc10f96a7c5e987dbea84a00cb88f60394278f54f6

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\sr_CS.res

MD5 03b4c2777b2ab020f0301b1f57b4486c
SHA1 1a8fe984f91940e6a8b86f9433bc64ce5d875b87
SHA256 2001732718d567eddb29306e39fe186be95cd30bea89a14a5cffda73c6e95539
SHA512 d7ff5c4032bb90e9123b3054783ded9abac3b1413da8e01f80bfcf0a07169ce7992b89454c839b3f5d1d4633b5ade2ab093a68e9ff09aa825e9303c371929859

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\sr_YU.res

MD5 a1a03e4ae0bb3120daa7f925f9754736
SHA1 244855f29a028c974b0e908cd8e4cee11f65e56c
SHA256 fd67c6594b5413b30f3d04973480904ec2179107b767666c37a8a55c90918ea6
SHA512 04c5b3ffb40b64422f94929e0181879cb7de1e8d07d5b2c59aca1e5e88a33503ba3a6e377c064c5675d0522c49f6853bd28e5141b9227846336f2686d551e987

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\curr\uz_Latn.res

MD5 1960ad3959332481f6d916f056b52339
SHA1 cea9c67afc66f20e4104cb6aa2df781bccadfd5a
SHA256 dcb5a6234f2f38bece4039140f59ea549c5cef8191cda68fdae9d5b6106d9b4f
SHA512 c7be9fb55877d5418afb221f94f131e02a2c88c55216e2a1b9967b3dde70b47336d8878b97cb64228a7ddda55dc4665517f1f8e8df2b997e2895afe62f9a3986

C:\Program Files (x86)\Epic Games\Launcher\Engine\Content\Internationalization\icudt64l\zone\zh_Hans.res

MD5 cbf1e43602d294e22f60cdefffbe1133
SHA1 e9b337c3ee0c3fe63b741faa70a51fb5a8475970
SHA256 968f1197df1b8b6f2ff8113b28253086818ea2c8e21c049509dc10d50adeb7f8
SHA512 66979d342beba1c32521f3797499c19fa3895e8efe74ae6e50caac65aa72b282180bb3be55ad6b4a479c393e992f88f0f12b4d2b5429fefd5681076d519041eb

C:\Windows\Logs\DirectX.log

MD5 1e3655020995e2ff49450f4158688823
SHA1 5f9f49b592ae0ac70f7a5c9c44af9917e1bd9220
SHA256 8c89383da8efc9face043ff29b2830d071eea8d6b5fae997773823e34f9be29d
SHA512 2082db2055d081f2821e5e2279668000ec4630d41aa17d6af0ddac889e1ad61ad39d2aa8ba98701bef9e72e41ab4c3e3dc7606e100b6fd6c4a826aedf3c06555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25615bd432c8567b426442698127f3c5
SHA1 44421bac0d5c82c38be8d9af1ba85e0ee73b8587
SHA256 092021f6af017fcf56b067e6d82c5930b8353107d376da0c2b506a4c06c515d0
SHA512 3517ea33e63a1f03d41a8f29ffa75c296f89c887059b85bea1f67f796a09bf5309140390e4dbf42458b4be7a1125b01f9ee01361c44283bdb34372010daac8bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9ef5aa4e2928a49f9bb193e49019da2
SHA1 bc2dd824d3aa42b6355cc7a624ae7470628e4c3f
SHA256 1bec5e8b71faf34423562eb8eb2af7d12f1cc4ba53f173871a4bcd40b943c870
SHA512 98aa09732c705c4d72f9574152bf631ba20925043b424f94c744f095f7f2d395f47e4435d5d4e6552e26a517450e2106db7783eaf5d0c6177f51c0133e956378

C:\Windows\Logs\DirectX.log

MD5 95048ba2f3850cccb57e44b75dfddf59
SHA1 2c35d491df26746e09650e8dd3dffd5bcec6a56a
SHA256 958a3a8ccca441ffb7f355d349a912a1066cc0505059ebf5f36698ba2028e89c
SHA512 508b668f71c324e2edcd85477a2126a5530487b0e9d96effdfb3cf41d675b4a0e833fd201162e82b78ca70641b2a519f899fd3edad4d5fecd2b57e916456c7a1

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\dxupdate.inf

MD5 e6a74342f328afa559d5b0544e113571
SHA1 a08b053dfd061391942d359c70f9dd406a968b7d
SHA256 93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca
SHA512 1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Windows\Logs\DirectX.log

MD5 6031b8724ffb62b624f5e558b498983c
SHA1 2844f857292590c3eaaa0df8e8027d9a24482ee7
SHA256 5535cfd792d6861f2a99437e27567a3e81b15ff4730465c25a07617b42607830
SHA512 b398d4385b1ba5f33b728c4e484dffd0d2290a7298b34d4f97c980ea21eea2a3ce313c77d7698f5fbdc4386a504780723b88018fbac325e7cf73058cabc0eadf

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\JUN2010_d3dx10_43_x86.inf

MD5 53a24faee760e18821ef0960c767ab04
SHA1 4548db4234dbacbfb726784b907d08d953496ff9
SHA256 4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862
SHA512 8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\JUN2010_D3DCompiler_43_x86.inf

MD5 1a86443fc4e07e0945904da7efe2149d
SHA1 37a6627dbf3b43aca104eb55f9f37e14947838ce
SHA256 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf
SHA512 c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\JUN2010_d3dcsx_43_x86.inf

MD5 cf70b3dd13a8c636db00bd4332996d1a
SHA1 48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7
SHA256 d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1
SHA512 ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\JUN2010_d3dx11_43_x86.inf

MD5 fb5d27c88b52dcbdbc226f66f0537573
SHA1 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a
SHA256 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0
SHA512 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\dxupdate.dll

MD5 7ed554b08e5b69578f9de012822c39c9
SHA1 036d04513e134786b4758def5aff83d19bf50c6e
SHA256 fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2
SHA512 7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

C:\Users\Admin\AppData\Local\Temp\DX749F.tmp\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Windows\Installer\MSI77C2.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

memory/7408-10299-0x0000000002ED0000-0x0000000002EFE000-memory.dmp

memory/7408-10298-0x0000000000A70000-0x0000000000A78000-memory.dmp

memory/7284-10310-0x0000000004830000-0x0000000004842000-memory.dmp

C:\Windows\Installer\MSI8C98.tmp-\CustomAction.config

MD5 01c01d040563a55e0fd31cc8daa5f155
SHA1 3c1c229703198f9772d7721357f1b90281917842
SHA256 33d947c04a10e3aff3dca3b779393fa56ce5f02251c8cbae5076a125fdea081f
SHA512 9c3f0cc17868479575090e1949e31a688b8c1cdfa56ac4a08cbe661466bb40ecfc94ea512dc4b64d5ff14a563f96f1e71c03b6eeacc42992455bd4f1c91f17d5

C:\Windows\Installer\MSI8C98.tmp-\CustomActionManaged.dll

MD5 2cf9fe3247bb25daf0aaddefd6d40763
SHA1 dc9b4f8e2bb6e202500061e0e03dddb102e42f26
SHA256 dd24f8ef3ef4b6bc58b08ade93e4aac64856ee681909201b42cb0111a45fe9e6
SHA512 4af9a34082dd04179a080918c88fffd2ddbc1d7e34779c50f8b9a2eec9cfb65f2de3ea016fa0843de97dfea5b0ca7e86f07ec0d7d1358df6a3bccb54c806a11c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0321dac49f61897c3db64603f7d8a5a2
SHA1 183014f91adccbcc411c23d9ddf14bd0b3ee77b2
SHA256 78a02df3a89cd56e4e6b4685bb73190b03dad90bdf72caa358f52ed534505d44
SHA512 dd5ff97906301cf8d71853a5fcce3877d450ab677e510aa553f3f1872c57ffb1cc511ff7065cc295b1a8dec4a5ae2f41c835c228e1550c491a66114ed3f1d498

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\es_BR.res

MD5 9b84eaadef2b13417945222d3b7ae8dc
SHA1 3acbbd417ea91eea4c72b9e1625d0770cc4426f4
SHA256 0c540094fdd875524ca0f0a7410f61569e8870a78aa1269cff0bca46df972e8f
SHA512 27cca573d4ad55dbb23bcc6f61a1ee9265af353d5e82ee97c84ec70426320cbe8a2c9985441e62ff5444acff9b9f7571470552afee9a190cb4690a49c6071294

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\sr_Latn_CS.res

MD5 9ee41589d13a2102bb2bb339776c20b6
SHA1 853fcd8b6beff40f5cd4e7aa18b4a152ada9f284
SHA256 f16dc33a45beb025c9db8ad3f78cc0b339ee1002db0419f8c819f2b11ab43ad8
SHA512 565f44a7ae65f2ac693c179bbe94ba86a34b2f0897b59e9e986e0ba90172498d3390afabe3b3566ae50b0486ddcf89e56550782c58e55affccddde1d6b6e2b30

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_FI.res

MD5 2d23af6f7fe7ae532f9e762bfe487a5c
SHA1 4742a78fc6d26e800814510d71749a05da578c97
SHA256 e9f6ef5729737bbd2236826ff878786d5009a6772997d0b363daa04017bbf83e
SHA512 03d2f1b5e1edf75d120cba0d19c5370fd34bc3000599b814b3d02519958e399ba61ce9ca98ec0798c7fc78c2f9ffabc488f0db921537681f99163f0890122e77

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_MP.res

MD5 7410a2e68e5324871e29ef1ce1ec3358
SHA1 388e5b0078c343aa1608d47e27105fa1263d5728
SHA256 4b3e8a2d4c07e0c906afdf11dbbb3a471805be44e6af6c1234622b3f1d2aa09f
SHA512 7312a8d7c021ffcb839fe5755efdb8e42bdbfa6d316e9d4833a7ec5cabcad5756bec57153bcb6d82e3f5593a8a30b2f96238454b54d3208c13f114286e50f1ec

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\ar_SS.res

MD5 18933a825f0fc4ccd2cdeb68524f851f
SHA1 640cfc46024f16f989198b416141dacac18cc955
SHA256 f73099366d30dd36f3de23e28f7851b57454090b3af7648b1125e343f1321b92
SHA512 1ddcb869360d19b469fa9db3147925ded100a931f47ce4fea7b6384f0a3af6500fd8d8a8a0672d8b5cf6a47eea0d874c4445c1dad9ab16b72c14bc7f7ff39973

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\shi_Tfng.res

MD5 99429a48939e3a225d47899070309528
SHA1 36a1f05d4fccf23b1ba16bd50e95afae57c50c09
SHA256 fa96aeab1127f8c3af7390de4e541f58c54bf15c3f6710613fed47abe3afa9ba
SHA512 c704259c73f1f7f75bfddab84c0b7b1342623dc13ac03212f05a130be3cb91737fd770842d5ca97e4065be4e677ca3cd8994d6b00a9c510b91486cc5b4c5877c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\en_DE.res

MD5 082f542f9c9d9ccddbfcf1c88e499caa
SHA1 7624426143832dfb19a02f9e6c0a3c5517786218
SHA256 975717fd8d6152607b7dbfabaf14d6b2b91f258d72b1ac444548453e2ef54df8
SHA512 bd0683f66845321ec651b22e126b58e639da4982d7b8a5166d43dac77b30f7f660b6ee7360c162a100336acde3254c5e70003f252a27e4dc3329768712668d2c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\ff_Latn_LR.res

MD5 51874cd570fde1ef76584d484f003123
SHA1 972492de9f6db03504d92666faa793a12174356c
SHA256 6712ca123b9c3b3c192b15bed74912047aa9f473113c7e79eada47db4f3dce08
SHA512 4257742e18be5fb2b23d26badb2b264eca1752eadab99cffd2de930697f797e010a6f3e935eb3c9f884ca710bae5eebc472a14eaccdccf2aabd83263fa81f0a2

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\sh_CS.res

MD5 7a89e9a370e8d0e313ba5aa754e5c449
SHA1 a496dd9bd098b73b616735a39f7c1d89090db418
SHA256 d7e1df633942f0a1fe760b0fea2d4d152f79d98369d85e5b1ebdb4f7b82abfe5
SHA512 3cf2b4b5ef0129b38fbc0fd7d951a01057155a063918f3294e172f295179e1f09f8a2dbeb78a4d6981f71d1bfe63acf5491e4c670696b71f3a8e6f5ef7c8a519

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\sr_Latn_CS.res

MD5 8aa325294c2fd5deec01ca244b93aa58
SHA1 011734465c1c1150472a55b1acdfef43c7b06b33
SHA256 15c66467f6c3c3a65cadf4350f3237733fc5f7fd4107e45f967929c2cfb01b49
SHA512 d3ecbdada97c0504726e191964b4aa041f257e794b9c7b40ae589ded5016125c48599cc30a2152fe3b401b0525c9fb190354d6e9f840df97800ca333ea927f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19b770d5725d834ab2a636c38737c84f
SHA1 229839453ea01d9394665f3962bcf5e72e2c8e2d
SHA256 d49f0f95325a45ee6d68edfb633bee886c3dc4e93fb8960998101009ebdd7866
SHA512 393198784c727b36aed584c711e6e227d2f7af59c3d6746a99cc50aaf35723f18032a28113eea5970df12158f2ec6681257f7ca97a6b63a27f2f78f53aed529a

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\en_FI.res

MD5 a64132e6e36d6935bf54bfb465cf7638
SHA1 53d1256a4df87e42b8f2936d87ea3834f59ecb08
SHA256 00b9e8c95990eab1d1db82341778fd29e54063f122ca20e892f4bf7316c26fb3
SHA512 b623663283954c71b5638b30194da393e9f1dff0cf9d14e53f456bb7ef954be2fc8dd5bec33b7c67aa013dcf1fd176c66b3eb2a2a759359c3fc3ee714dc6ee06

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_SE.res

MD5 a3cd4cfb2a1ba42247c9686225807918
SHA1 4db66651d6de29451ceb1b9ed9e188d6d6eadea0
SHA256 c8ca7fa12f4f74d2b7c10823015519765426403b9535b57a08d7baf694ae7521
SHA512 eb7f4c10d3b593fc6b4d436291e5e990001c5bc74b1da545c69898cceb5d126f9cd9a589945672e3d0380392f949b62256ff954bce19dc19502cd8bc5ea8611c

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\es_CU.res

MD5 d1ed7e86954b36ec7a46716615e51424
SHA1 c24bb9669785d7cec7c6957ae7701af0171ae313
SHA256 a45e28e4db331ee08eb719cdee2870608b96b0df6e7b650e71ac6acb24c18624
SHA512 e341f2a7b63d4d031d6e2172653d1e36183efe71d07ebfcc7124c82358ed3eb93ec46ed926e9fdc0b4f30eae2027d46b614717cb5fb2f9c596d801c74267f9f0

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\ses.res

MD5 da2fa9dc69b9d0979a67b83b05ffda67
SHA1 1df72f24492345c85d60517bfde6510cf609f907
SHA256 3eff5ffe90f37e814b839016c729f94bad790bdb1d9d18817badaec4db3407bd
SHA512 7e1fe92c575d2841cae95ae8f311f8e2861cae59dbe0525407ece7ba80a534a0dde808944ed4e53cf862364b340e326695288ef02e5b0125a5ba8ce3ab862083

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\lang\en_NL.res

MD5 5fab5876af089ce3960ac8bf4cb51aae
SHA1 56c1b74b88f869696057c30cb38f2bb0b6a963fb
SHA256 968fdfff72c8dd5a2c26f14dc6287839dcc1aa401aa16205acc50c4a0b2f4aea
SHA512 35287fcb5dd420cfe9f520af55c36c00ab20b0fd4ad48bb50cac19917f9e87ed77af4585bdb2105495f06147dbbfb85bf5c5fb44326488130b13c936d9b822fc

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\pt_CH.res

MD5 978e12051d62b6012b92fd4eb96812f0
SHA1 5342929f64815a320c27232f362567a75e7ddcbf
SHA256 cf15d0233be6a0a1ed479997b7c050076abae55a8a810958fcc749cddf363072
SHA512 142fcf3abbff08b4fd8b54006395fec4378f52ff8a311c0e6eb2a714cad51fd111c2a9ddfdc7beeb9e1ccfb9e7d5602d33c6f358a4bf085f0de4095345068eee

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\zgh.res

MD5 73c69c57b33aef2c0727dfda891b26d5
SHA1 fcbb492532e487daf4de8d4f8884925ff3b1412f
SHA256 13afef8efd97579cfb7c479ea1b5b71dcf90fe527f4f9e7ee78f5f7ef97ecaa9
SHA512 ddb84814465ea9cd26c061e49d03779c7fc4b11c4e6b3466d8ea24614d7c838ca84e2d2b14312a4abcb24c78ac973f1d589b4579099d55150c9a2989bf665020

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_AT.res

MD5 6988f2e95328a9a51c084ddd3a054338
SHA1 2e30e9c8a136f8985fd65efd0432f0425c15de10
SHA256 21867c6f23fb99e8e980fc1cabae240c5eb3d671e7484194187f8b7004f17843
SHA512 a5baf33f2ec5678dee356e19dc8aab000b276220fec6134fa610dfe9b26293027b36103761d6a8a45113a043a53689c7ff5d48f3c537bf84793279688816c9c3

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\en_SE.res

MD5 1e75cfa71cdfdad76380f71608a11a53
SHA1 6d270d41952740a0b4e813852f0af521f77d8286
SHA256 6da6cf999e7b61168d7bc2e2c21e88f30064dd6f182a50d3385b916b53a769c7
SHA512 d7387976215b94dea8be2962486d27862ec8393b84a9590cd2cfe282addd1d65301de0198df1d95dc4336f6d63300c2e06c5a98fd2dc7baa9d0c61a9f8532d44

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\es_CU.res

MD5 8502b5b5cf8ff0ac0239ad4177a21be1
SHA1 94d80d600d5e0e241979ff136c9369e6699a4e0a
SHA256 29bd99c48e6b952990c208543342883cab53eb68202f225eb293747a8451eeff
SHA512 99ee900c8fc4be3c17772f11d2e537a046d60e730dfcd1e246c7540988691e08a6188c6759720f66ab71108577ae791b3590bb7c7ea55f64f9f8a47578528039

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\en_NL.res

MD5 2a4f7c96aa0e9c0557c2856b0c72cd8d
SHA1 5fbe1fb0b9cf064d1f9dbd98b0648f915d025308
SHA256 618335972bf3299343e40d0dcfe21470b221055aedbbeb4bf5c09da5c998df00
SHA512 bef32a756dbccd2a15883a75173ecfa3d2e630295d837bdfbb65dd1b993fe224ad1163d500af3f9090bff7530e7c25b37cb98ed862efb13bb9b6b7cde6cc51aa

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\mg.res

MD5 4f95c48a9c4159d6627749ee512b257d
SHA1 3e2381f9738403a24f4bf2cb5d775f6c846d0959
SHA256 0feb9c6473694a4c78f1cb0d89d2455df6ab40a1c7b02103c851fbe622dac880
SHA512 49a12457ed5188bbe84831cf8aa384086698ed5df3e605fa5c3f7d6762f2d27d22995f5fe29454b963a418b6fff2b78e17ceeec550a6577de09d82563a09b232

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\es_EC.res

MD5 35371bb3ebcae55ec196350c1c608f4a
SHA1 1bb4ee0d26e57059fcc5d32b5a114753b480921d
SHA256 33301b54393153e40a050a5819dcad5078d4b4ae9eb7e1ca906e7b05f0df1d23
SHA512 c4159219f10dc6fd4aded5f194a5ef1bb7fda7adb508f063d989a52daf51c5f6b47c737547b7bfc665456e478b5175f4a7ac1bc17a22f0f31487a4dcef8ae320

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\sr_Latn_YU.res

MD5 514cbef4886d54aed23144b3aa05edaf
SHA1 f442a0e8f56d355ab8522df0bbec1cece89bf781
SHA256 96d1d9268b17d977dcb132ad277e8455a59b0c6ddac7ab3117bc85994e4b1c97
SHA512 86377b2655874404e292b3f3ee869ccfbcd930002fc65ce291587a9b75d7bcf6a1f29ec5ad6264d25def534cb39eed0967cc8c4a87316c5c6cd3a73e4f165df8

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\en_KY.res

MD5 c5cb1c87282dfcdf3b6a40f4e41f251a
SHA1 faa70a03e20cd1b317ca66db702d080d20809389
SHA256 f8f44fb1b97baf2c6e6d39f91ca0d66ec5cf4c9a828eff2aa0752d4658364dac
SHA512 d4c981a23fc66241554ae90b784e09743a1f29f689fef1f974d72d581578654fad72ef4af458c4df72b8aeac6236207d0488d110473155dd8785005592718b9f

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\sr_Latn_YU.res

MD5 ce55127b1fcc3888a81797703f5ebb94
SHA1 41c9a2d294b61f92b88107680ad46243b40c3699
SHA256 10dac042284c569d4da24e29fd3c0274b89a0b32fa06cada191f2d3873553fca
SHA512 d62c664647cfed4859287ca9f3948faca795b1d300ae885b446a65134d36aa6fd216a6ca19fdd6ba97a76a3297a27cd7f742789421d6e1281cf4c917b923c835

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\rbnf\zh_MO.res

MD5 cd838bde437b8246547e3da5b56bc92b
SHA1 7b56ef405386e67ad77e890927acf9ce8eba77c4
SHA256 be404d9cc9737c0a22cb01c5fe5ed35c37cd87a22c5dbe18893af3dcc8946816
SHA512 d9c4d18de93f999801b873680be8502ed67da0665c04e3b182ac1a3bb02e34f82c3b6ddca54bad84d37d727f030e2934c73a81fbb6d4779d02ced04528e07492

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\az_Cyrl.res

MD5 ca8b438f4e17056ef5fcefc231433aa5
SHA1 344346eb61a633e5075e40206f6abec7ea930f4c
SHA256 633abcc57ce9c650409448b097e913dbb7c0a47a7fc9adc552b1fb9679eb64e7
SHA512 37996b08968548e85165343c1f664a20899b0f9efcc1c37845bc35e9ef8d9e69dd02747d99245493e006973454ffb8c3708b4d0a439a92d5132a10750343bb0d

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_JE.res

MD5 0f8af8afb2eb884c5b3f64d61f543a65
SHA1 9cba67bf10742a50e14117fb13460a5b4e863fc1
SHA256 be85546033229c488f2b5867d698b7784c34bc0e01ffe5bf5a6029a711abe843
SHA512 52b8eb0956338068b7ecd501d169dd4729356ff4034aa5ae80fe8e34f62a31292a1d531f1a0c6b0e950f9844aa79a33e0dd21e3a4f61fb0b7719cc692cd107c3

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\sr_Latn_YU.res

MD5 3a213577811436f09ff24d0df8d5bb64
SHA1 412a7d31d9bf049cdf57cc29cbbb81b73bc856bd
SHA256 f290ea9ae14ea99460199281aee05edb1532d2c47715999d01c1f6a4b91fe976
SHA512 1e10de89f72496207acaff7bcb79342e5ac41be27caf134ee07c36768d3086c2b8a80b49e3d77f37069f378c9b86ee18511357d61b643c2cfff631556fa2f2aa

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\zone\pt_GQ.res

MD5 f296d3fcc79936e98f21165e870d5d2c
SHA1 e80750375415f9d975f3b372a3926edee0171024
SHA256 c340243d5a2b7fd6da05ebb7113dc4a516ff4f02cbaa48caf1e7ef5aca0baafa
SHA512 af8d4f6d49d618cab159dda4e545b94cdbbe8e7e8c9c87b4cefd9a7d8103b7f0634a06b02dba23378a8dbc43b431e8509ce42c6fbad15d21a0ceb639d25f3d9a

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_TV.res

MD5 e94343ea5ab93b0ce143ceec3372fb4b
SHA1 8d6304130bcd97f2d40eb7a64b5f00af3c584ecb
SHA256 9136a34718c06c856207659a088864952eef5bb8fbf93f93aa0cd7179fc24db9
SHA512 530a57306bcf289026fda171ea4fb26d138d39cacaa5dc124e8f9cdd31d758b368a60c0d2fd102c66c220f2e9e0633e19a14ed4fbc9be564b819977280e64c70

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\zh_Hans_SG.res

MD5 9d9b9c544d250f573b187fa20a37fab6
SHA1 16c2b4227d4a969e336292b2a9c3a23a51bd9505
SHA256 8423c2e865b10bb622270ab95f80f6f2d34ff4b4f3f828b0eea928eb8757ce47
SHA512 2928c40a6f35ee175eadbb4b96dd26965dc7c23243740dd4a96e0679dd4d9586549625405265b4ccf6b80fe575b6ddc46b4adb53a181b1173c3dba52f7493f39

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\vun.res

MD5 f09ba6ec637887bf827ce42f664d181e
SHA1 e8b2fb8468fe264361ec4a788641e06461a94764
SHA256 cd71ce1afeb8c8186b7efe0554748ee91d8f1b9cb38f8e7e96ba39bf29594523
SHA512 17a26d4186aaecae49ae06f9a992580dd3a11a20db5e22486f2b76a4ed192074ce6911cf920aca84614eafe758124c1bc9455282318c07b78cc8783fd8133573

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_TK.res

MD5 05c3d8c04759adeecbad23c2bdfb0f38
SHA1 391dfdb927c9e899d03e36e4194cccca7ba0a49c
SHA256 6b1389234982b98e25eceddf46cdee506d0cf54262c4a939708642c6b1d7126d
SHA512 46129707ec0be21605331cf8356f7d744548e21f9199b8d0f4986916eabd9bb41365022fd54747e6655c1424ad2be53503e2382fa5027f350d92993dcceb463e

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_AT.res

MD5 5e2442424d57a925d3e43be7ae0128a1
SHA1 c1fe5984bd6cf8e73bbf1aa9363714201518b9ee
SHA256 4ad92885e76e8acae904a396c10e42e0acb1dd00d00fa23ec26aa686abc6488b
SHA512 72d59e56a9415c6e44c4453a1e0dc318de075b10728cfe981115b64e0aadd885638061334c91d446e3864c44e0d3650f213f07949c4fd964ce25df59946f0d7d

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\region\en_CA.res

MD5 558e0fda40bf93f5445f09e14f2acc09
SHA1 fd9e71b80869c8bc7870fd2946d2c3b84eba5e0c
SHA256 cdf68f3da7c805cc6792ba6a17654eb87e429f01be96957fb2f468444e334d4c
SHA512 46dfc8c70742851b726ef03359880d49371a03f9264bdf4e7b5a0c47da978ef19c8034dd2d56bfafcd6329713f8ea40077535bb4bad4fbe942cf7830fa7bbe6f

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\curr\en_CX.res

MD5 4b29be91dc84e7f6aa49b4da4c713352
SHA1 8ff7934886bc6c413d73ed9346d0861fc727a593
SHA256 471e0eaa79eb884f8ad830aee0e90dbb71d23333bff6b75bbb81d2c07953992a
SHA512 d0341d781a179cbc793b461e09739f7b942486196174ba2cdd096c77b05d5214a4a1c8a4d8367c643ad72b047260f6a38f99fe62fd6341c27ff9e1f2ff685a38

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Internationalization\icudt64l\unit\ti.res

MD5 53685faab150d418afcaa1df89946567
SHA1 d6efb81f7ac56a634b23a850e335a5f2cc2b0ec2
SHA256 2d86b12e755a34c120c4173143aaf22f39d95ca59e979aaa465034c3e3f895de
SHA512 52afddea08a555688ecdfb310eadc6b48cac0bf12b94acd74b64f4ccc4f17ce66393b8b87854f2fc48147ac9e24fe527e9b37cdd56b4f17f33ba80523abdb453

C:\Program Files (x86)\Epic Games\Epic Online Services\Engine\Content\Slate\Common\DownArrow.png

MD5 f7ca647b01eb35e246440e51098e284b
SHA1 d1d667730bfd799634ed20a7727ca22dcea23197
SHA256 251ce24b8ef2bb2371723afc5c7d1721334aee24650fcca0cbe1c967b739275b
SHA512 ed2fd4511168b9bfb19c781140b4fc286dad6fa4e2c049af400b8ee676727fcf5e2735d070f32c7ceab6058dae895445e65bed0f2c767547ec673bec3cd12115

memory/8508-14420-0x0000000000470000-0x0000000000556000-memory.dmp

C:\Config.Msi\e6511fe.rbs

MD5 02642ede3fe389457e1441a98102abe6
SHA1 65f4a1834899a5c66f23c6200558f9c3a5e6c96e
SHA256 5fb83888291b4f198159527bf68f379e97462405f7fc044cd8ccabbab6b19f6d
SHA512 f87d9f504c13b2686a864374e490c6853dcb24a6b0f16240f7cb926afe84f34b09a25417b32ef3dc841f3c75514ae1e4f72129fce5abd03bb614506eaa55c5ec

C:\Config.Msi\e651203.rbs

MD5 e8b18d84c1105eb8a3c3c013b7578330
SHA1 1e69f25e84b03fb26fa7145f562637899c798698
SHA256 41275e1cff1c90587334df5b1a572442b594f3a6ad925a54ab6b4e9882a4218b
SHA512 bddc29d9b88a66f19113c28f9ca4961c0b4531138ba0ef4246c8fbfdd95c6960a70fb3033e27fddafdabe90e2349cc3fd69893bef3b50d32d5b6ef06c2086c53

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c811c78c6075c6818268890c72370f2a
SHA1 72efc363ccb07d27d0bb8859509ff96a910368c3
SHA256 73c93f25d4bd5200dcfc0ead616859fbf65cfecdba0b1a4e0ba42f711487e099
SHA512 8877bb8781f0c021044e51722530a679330fd36213ef5641aedd25a2120cc1bab7977e7bd702fb2a8881c8db3636e9559d72c28e61a86e44cbf37429e5ede333

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e6e51c3117c51ee_0

MD5 6760c84bae9fd80410320e584249c04b
SHA1 d645458ce0d8faf75d497fae9cea3ce8e82c19d1
SHA256 0ae2bbbe16a88a13868813da62821704f506812f72950a90fe1c55bfb3f918a8
SHA512 a6bd2b20c1a33211382ee953d79bd88c50129acbefd7e70945ae0f07159cb75040405c2ded61ebe38b4a8ab09761c7172b047bfb4d5b84a68161103d796bd265

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 177d5ae24c0ca1759fcf461f16164159
SHA1 9223315a113332f89fb4186d341860751ee83df8
SHA256 02e585441ef6ec8a5c43cdb963328bba25d3037db71c8f54e86c9a45d0ea9d2c
SHA512 8fee51b93b9729421eaeb04fd83e7c5a6c554efc05c8d7e0b0c1d547cb0bd5fdd156b82f3072998b1cb17bf4ad853ae387ac503c5d8a6eadf8ebb9cc8e7eb017

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf1ccf630655cac056342fe3c5a375fc
SHA1 5d550529bb2604f6d08e77ed9ca9b5c57c0fe39b
SHA256 81738230e0a5c0798a44bcc23b8e04534e0e98d3252280965a9c4136222a281a
SHA512 453df719b83cac23e42a905690bc0c2179b2c9aeec0f4e723fe5b1dca4160dbf2090dceaf5039af920ea63fee2b21981ab5f4226564b7b61b4d2317b4a02a17f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a847141353337fca183baeb48fdd06ed
SHA1 31f1a8d3fd56d78340e060a72a97856c4da3d92c
SHA256 77c007f4f89b6930a8ec28275c83c8d31adb9704e39b50331dc99a74948b6c2e
SHA512 96912ee07e7c4dcf307d3d1ff23b60ae65209dd7e5e68b04b8627e3835c36adcaeee293ac088396a72f9403c1a1c8adbd3b5efca1d87c7b6d630168d04753414

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Plugins\Messaging\MessagingDebugger\Content\icon_tab_Interceptors_16x.png

MD5 83fc04799ad79e72c33504e55fa7a1c6
SHA1 194020c318b8132a783517dcd742ec25c5e73575
SHA256 f0f3dcf500f030fa404c0ef4ced3b4e37308cfee7d8662b6824e33f1cd1ef707
SHA512 cdc3ffd01a93b70a701b19cab94afbe37fd17d7477960529ad36fd2a4f2e4bbfcff6ab1713d11e750708a8f122e54e0affe947381700881cfe052c440a50a804

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\New UI\Window\Mac_Maximize_Normal.png

MD5 571934757f836559a8dbb0465457e316
SHA1 2ae344ef5539dbbb4ac24feae0fa3e6e301ffbfd
SHA256 b857dd0a43e379b6629144d8b4754ae26a2ffdfdbe1736675deef0e3aba0db43
SHA512 edb174cc88021c1eb4aa05e5770da16abe5fb2a5c0036429a4c359a1ca9a955779eab08977747b06ad9f9dd196ac0487c6ddf9516f9afe3bac33b3ce965f76c1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{508C94B9-CC16-40B4-B945-D752E825C9F7}\EDGEMITMP_B233B.tmp\SETUP.EX_

MD5 5070a34dbada1aaa375cc572b5fc7d0c
SHA1 e74b7ef714755870976abe3d2b4a7db0b9cc21e5
SHA256 03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20
SHA512 fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69d3ea369644b4402479796ea0ce3107
SHA1 13264fb432615770cfbeb4b901a102471df83bd2
SHA256 7b76db198241200fa5223c7035050830fb93a51868574374235f232c9530e2cb
SHA512 a1519bb07f1c6d220f0d75872b7d504a11359230dc24eeab7ce313fdb9833ba2323ea41c33e63e55570904957ba7b54ce80d5a3daa40f490eca99fc049377512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c69c9ca647c831696402cdc7aa286a77
SHA1 38eef3c409d47fa7639f7fc82d497b9cf8eb8bed
SHA256 1cf769f308e7219d069b2955df1e8b5fdf12e27d7a627ef39b40cfbd7490d7d1
SHA512 3e25f49aac07e64c3cf0b9ae74b45818d208aa3410ef212f03e7082e93bd6bb48f3ee6e9bfaa8cb6e9e8649448eb6fc9ff848284782a331e5aad59e7f3514720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74f80bfd66d4e0e3399781e72f20fcd3
SHA1 8e568f20bff30d42b692993f2eb7d947430b857a
SHA256 803ef09329297e761ed8988574dda14515d45a84bbb98dd7ee90d3ac4f3619a4
SHA512 9ed829a38b3745efa6a0d6809a6f6b0e60ecb70a626b4023ade37a3690cd4c67dc40563dc2813fbe125c40a01912032be196f4b6e4d2e48875e548f6c8c97d3f

C:\Users\Admin\Downloads\Unconfirmed 49387.crdownload

MD5 7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1 1751d9389adb1e7187afa4938a3559e58739dce6
SHA256 2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512 cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\ar_JO.res

MD5 825c655e66a8706e0a6186265b79182c
SHA1 7f5332da7d0e212f62a51896e84c01b137558bf9
SHA256 87c751a030504b6c93ff63960b3502705f6125c9a687de7786eb6c36ba982b9f
SHA512 d33b86814453e512dce2ed5618f7b30c98f1af4f560bafe593e6acaf5040f43f42c62c20884d819364167793da67a2b8d521ba0895fec877e54f78c01ee767d8

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\ar_DZ.res

MD5 528150163817815d3e2650792b2279f3
SHA1 38c916facd62fef600c27bed89e4e9cb6d1372f0
SHA256 1a51dbb5c4cd2cd572d56423865fc0d95d572fc6426cdbc2a39dcd370e344b8d
SHA512 9fe69ef7dc50fdd1aed04a50ebf3b121897d56ffbfd54e586ee22a66e14c524d8c5e1036d61e445a68d4dd7052f3d8933febc94bd63042389e46900728b50d93

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\bs.res

MD5 a822b9c75fe11af54909b142ec7c7ae1
SHA1 0e1ffdc7bb343bf182036a3aa02b4afaefb902ef
SHA256 63b27e0dece4c56b46b01b940ee40dfc70f24ed16549965ad39cb5d5d4647ceb
SHA512 715b87cdade594bdca171dfad663131aa9ad1b1244dd2f8fce5e4e0d38b379298af05131a043c789dea09dabd995443c13d8079b6aa02bc16651aaa148d8198a

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\iw.res

MD5 ec6a5257a8dec7c0edc49931c9b33814
SHA1 d45888e0c56bc815364fe609c78077067584cab9
SHA256 115b20d6b1a4a4d67295079ff0d33628f600668eb75dbc8b986b43c56638b34f
SHA512 f906e8deed2ceb1a76a57285ce15404863887f34d775cf283e02755c10c838c6a223764ddf032801eeb1a7b989ff648fe617c1ec7d476460620430cf608e332f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\dav.res

MD5 1392ea69a62cf00ba85ce95ab6eb8ab9
SHA1 4c11c54d4042de6114ad7d3a1ec4be769e6c896b
SHA256 2be1d03a372174cae7b1a3fb840fd907dc3b386a36e4919e773f9c0c753e64bf
SHA512 bd0c8942f12d7db14bcd278ed6c0fbb78d11862f2fdee746793923091216ab54a0d4a5856672c393b576891b4fca8ffdaeaae210a060ba073d7674a39eee1588

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\az_Latn.res

MD5 7721b72d6e81a0f713a6d57ebe1a013e
SHA1 1fd64ba1fbd011b96b228ad5b67cd376fc57a45a
SHA256 4d177f2f8cc658d164aafad84afbb372b7b70c61d4a0e6437ac3fd510b8c7167
SHA512 f3c3d609ae54033e071a5b79c0916896b651dad135f0030f0da6cf1886723a04952a4628e9e0cf3e1b3e4c1fbc691468a565545d8b3310b0938abc7bb0959b4f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\en_NL.res

MD5 b47e9660fe30618f88039419c8475f23
SHA1 7f17666dc08d5983d42e4845520ca1cbc4088338
SHA256 7333c0831ac0a4c4d05c97bc62933652edda4990b3db1639f12667fc667cde3e
SHA512 950310acf817e4c35725969ffdd8d30b358806c1b0c992ba01710efe2f032c48de7ab5238904363af8f49c5de864ba7367c3a1ae222a29b57c5f5afea51b729e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\jmc.res

MD5 cae16b5cbd28771099a3aa4bee4bff22
SHA1 b692625c2d3a2afe65519f57b20235e7321ab332
SHA256 199da3398504ce87f971816f6f67d7505d7be136bed8b5690e4e6845ef2ca3d6
SHA512 d2cb5abe1e38e121a66220a29dcec48ccf52d068a2fb59fd85225ebc0158d51004df99bfc8decf530fcb8dbb4be297e9687a7509c6083871c44c8c17a1727083

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\az_Latn.res

MD5 c22ec8e4b84b84647296660688b6d7bb
SHA1 2fe414fd38932dcbeadacc13175680f8c0abd8e7
SHA256 37ff94daef52a8b76ed3dce758a446bc79ede3349f84134befaa7225c99d58b3
SHA512 ffa514030d42ef8975fa25b9a20e94a0dbbe63edbf9c4daa74631a8fe0ba1a6ff4552aebb8c6d69a058e2d71f7d169c498e5a42f8fc06465f1ea61e821c0a15b

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\mi.res

MD5 747693f3e57a448ea2720bc16572e56e
SHA1 361e79fa3fe19f4c0cb9cfca55ce47b1dfb46436
SHA256 75710c94904534ec7b46f85db9b0723c6fb69766ef2764d008fa2afca7baf53c
SHA512 b09a9a68944cdd9a22f7f1b0f02dab6506b934a26dd7b2ad6b3b412bc39175ba336b5bad6a32afe6ce0721732fd3a97945717a351019f2a6afeb16eb51c03efc

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\ha_NE.res

MD5 c177b7aa90760fb221186ebcb1efdd58
SHA1 3dca7953ee83e5aa19331259e3cdba45fe64decd
SHA256 b4c6c502d250ff8dd61d2867c70f1c7719c15390561075a4fea0e47304950244
SHA512 6e133fd97246deb378888af541353abff1adcada02e2f915099ea1d08f77956ca95284d83f7300440ba93c991c58ad574579f58424b47ef45b59d88ec625b1e0

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\ta_MY.res

MD5 31352977e2aa647e46057625746ff873
SHA1 9b7eba98417759d2f37faae5ee319958172b3cda
SHA256 f7321619d91853f3362ba7193eaa013f70e76802536dea28359389fe7944e9d0
SHA512 b921153f47a755a6bdb7b7cf932a77494941a3cd0aef88cd3e38a9e7b3f61a01232de159e481d9fa3987fb0221ba606ab3742862f87afdd56c26476a37f9fbda

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\om.res

MD5 446b6a45c60e85f1366907f16ef759cd
SHA1 1e054824496d4bd319c90d87c2edbc9be298cfba
SHA256 e71feb1904a9e793cb31cadba271ca034adf0c08d02c3494b23383da6675c682
SHA512 8a236a2a73e648853b3a5691d8c0d10626c476ae490353e9ca0f39bedb6ae7ad8a30b7e5e2347cdc95f5de37385fd0025fba6f198c265eec7169d2f52f518f6e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\jgo.res

MD5 e7b7cd07ff02a1ed758f11932cbab6e3
SHA1 2c3e259309a4031fe4b6c2346aff7791e68bd16c
SHA256 cf7e0f5f5ec867d03a0325d1968461f9c50d36a872b3a30ab725f080dd878de8
SHA512 ed46fe6859bb9a133cebf1d72dbe9529b6c76a9c7f60f9bd60a6c38e176efa969309b25050c0ebac62b2a48dd2cd86ef9b30554e274bac116c88747f9a30e3fa

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\zone\az_Latn.res

MD5 d648984b881d872a677c50d1c10a77ce
SHA1 22dfd55a4bda0cc540209fadf31f3761b7a36ab2
SHA256 08618f8748fe2882f54184dbd2f83273ad1c52354acb8e4315d6cab364492f1e
SHA512 c31b009d2768040bd7451e21b3ac487e2d5319949dfb460cb7fbd46fae67e0923b604e9d5887ecb539e04c6094766223963985cfc80776470adb4d3e213fb9cd

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\ha.res

MD5 29363cab7f20aa0bc6b7d785a0b17d75
SHA1 f13700c74be6c7f8653ca5dd2ea3749bac2df8bb
SHA256 f6d189de7835cc54b95ba380066fa574cb6e624d1f6a4fc5a19898533e290081
SHA512 7e46553ab5d115d2930cc133edb2670fd1292988eed296a6b4756ac525a4c31bc056687549d3a6383a369c3976cf9c729942590033568c0126197805dd30686e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\az_Latn.res

MD5 9b68ed9b23c3860c12b694463d674ef2
SHA1 ff01cef068dfaea97e0afc43945a4457ce6d6e36
SHA256 a6fe98ff5f118748b8e2d3ad5e4b4ff0da680b9755a72f93f3499525c4170ef3
SHA512 4b9936e92e27e3b8ee48cde3d75574a40bd797d1f7dbcfb7e473f182355025869c30596742a1fc67d4c6f87a82fc758f3fcb503b3df10d61e724f0aa45f08bb3

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\ta_MY.res

MD5 cf910c94198f1d415e241cb7644a9830
SHA1 5bbcd10a7f464a5e5ecc47f94de71eb3a4844d3d
SHA256 cb701f199a91520e73b21a7674402446a7e6a5f462d30ed088f40365bcb1a4da
SHA512 331b0451f7dd00bcd4a861738216b0af7d0e45b101039a9fb2368669b5e5a74d987c6e97bd2c9513a5c54fb8e57953d5bd1d89ade1638e5b583af87c0e66778e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\sq_MK.res

MD5 b260cc5be1e1e5b26a796378cf30007b
SHA1 1b6a07b55cc84bcf000b1f1f8e7711edf324d143
SHA256 d65b74edb67614753f4148ca210a81d140a478131b728ffcf8c776ff174d3b95
SHA512 1ba09d1c520308e645f41183820a7b33a6a400a5ff373913aa9d22c10330844908d2236904d3e9532632b771bbec2ef495aff1bd4248d6d2ac2c6ed21e350726

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\khq.res

MD5 c8ed738283cf9e8a087edc4ae9771c96
SHA1 6aace98f7ed1d77722b3c29ba9eca6db5a0b2dac
SHA256 994b8de74d3916a9077f92b1a476511db1a01b7130abbee84bb1825a5948ab90
SHA512 aaa280698f4b8447240604bf9e5fb315a3fc2fa8e20e46736f157425f08b834b9359c79a360250d7d5ef0b4d87d167e0a0773bc7cfd4ce89343737b008feecde

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\es_PR.res

MD5 c706b6f7dd8ea0ed95d31db12420dd24
SHA1 7c28d7b41fd958e39b538c705798da3d4a5ed282
SHA256 8e57a4a360e6cf3baf174757a8e168116cd338b0df5f6122fc2344e8468e2731
SHA512 fbb13461be52cc1000bb94d05b4a1b2efc3d33f448ee07861e9e89391f435ab6ec8f00a210f983ba8d471cd71fbbe75f5619d894db7679a694dc3686501690c4

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\region\es_AR.res

MD5 23ff1e45b7f45b8c1cdf06e183359019
SHA1 34a374d2661e3e7620a680a3eb08ac3015c15645
SHA256 70da312294d03a617a82ba66b202faf9013c1d75899bc4fabafa3f584ce84fba
SHA512 f9574d339fc5c258e36c3c6b85cdcf7bb18105547205c7d6a8640126f5dcc23f63b38b0998ce1e7b5311a0c846567c905447cc7fddc33d71a2448e70d7a8110d

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\lang\es_PR.res

MD5 333196aabe6f149a5546009212e23480
SHA1 36d233968097b9679813afa6029362bed4ae5232
SHA256 53df05e03d09494fee29761ce28447301c3b4e4ce6f28984c18597701b0afe52
SHA512 ef4b0ca74b266aa1e46f12512c541992e4bc81aaa88668d64cd920476b32f09698528124cc5542108d850192f215a755b7f67106af56d7498dcc25316ca95cdf

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\unit\en_HK.res

MD5 31cb7b76c7956e45e041026558cfa226
SHA1 71216a3e97ebc506ab659d07b0fb60ec678a8f23
SHA256 bc3d03ea300fbd81784fd96045e026cf8e03d0941ea2a64dfc7a062a7b9391e1
SHA512 826e86f72d4b2d13abe368ec598c3121c1822cb87bd3d1060e8194d5da7e74e5a7f4784dead49e1f02fef9bd36b01fd1202d72b1d2f8532f85791a20c243c07e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\lang\az_Latn.res

MD5 d98fb5f9e283865fc645efd43062c7a5
SHA1 be52530bf72c9e226a6f9b01f4617df3baec2cc3
SHA256 09b1ad733085b1df053f02ef0b65551ccec422b344735d30adfd2cf9941a600a
SHA512 e1070f6cbb347011eff23ea379583ca63742eae2d7fae92e4a76ab5ec77cb0133505fea0e6c288c08d80acb3fc2fca916d5590728ad49c8bd2bd33321ef0b6f4

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\curr\nl_CW.res

MD5 67e9488b28861446d4c26e82d94f4a41
SHA1 53bdb3cf60910c7294b73e5afb39fe394a062bc1
SHA256 852ccfadfd1cd2ee8f7c33c960234c0e782432eefe1d33adf0dca9ea41a27426
SHA512 84d22911f11fb2c3aeec6289ec5623b3b4c8d97dcf34ed0f46a7345e94d5ffe1f72fd3991e5dfd46a378ae0da149379ca75eebf42a86fee1bac50eef92365165

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\yue_CN.res

MD5 12dd8c36cf20b5221fed4ca8d148690e
SHA1 49fe57bd75e718fd72d81117bdee5c4c0bf187d8
SHA256 bc0c6c650104ee38a032aab0bd27d3627087549d811bc2ac1090fc675edd1426
SHA512 74ef0da76cd1054f3b73ef05ac00991f6425db064a3803e2e16c2715729cae32b059d97daed98c3a0fadb797faef30e8520d6335ad41a33b0b1efffb6d616035

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\yue.res

MD5 b01f5e12a340daa68ecf97bee56d319b
SHA1 0ffee54d754c18d881cccde4e3e62f1d510c4a6b
SHA256 288721eeef5c876abd385c1cd229ecb72525b1fe396651adb546cc681abfd8eb
SHA512 0b2745ab2d7e702c06adae932e248024ed4903a05a30244c6cfc56e6bc45b0886cf3f3d6231f693a48fdbf454a3bad44f6fa675b9d7716eefa53c67303824570

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\sh_CS.res

MD5 22828a7d641c2b46caf27ee76d771b0b
SHA1 5c2c34608ed1161e4bd7cd471bab22258bb86933
SHA256 2ff2317b37fbfa2470a02052df89cec26cec78bd8a30bcdbdc36d8d874a84d04
SHA512 b77ffa9eda88505a1cb29c2b00f1a29b4d415972c4ebc2fe04889f8601c771ec9bd11956d7334a0a474766cf33bb3abad2715b0358bcf9676126aec9132e226f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\sh.res

MD5 8008b9dee0a40cffbcf57d7734003a47
SHA1 1a4fe2832062ebc1ecd27affeca8cbf7d91881dd
SHA256 11921ed1c9b00c83e37ce919fe114789a8f6b14131f26996bf6f564d2d3f5a14
SHA512 f9db4a4daca509b749193bc0c528c2b497a5e11a25b6884c47fb7354920be62c0ba9dfac1f5633d000ff6c714241751bd5d417227a0c5862d259bab8f2a4190b

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\no.res

MD5 1bbe2ab5e1ede037bb3cf2aefba458bf
SHA1 8334e95069c469a965159ab4d6af0c0e7022723c
SHA256 75ec6c5b53abfd9e459ca7e44e0b3e661a782b04cebf86199d7569d3eae942ae
SHA512 d77bd93b55c77d389ae863ebe0a3bcfcbb294c780561ae88cab3158bc9f4c651ad213f5f66f2f1044d9e7724fed07f874f774b6e972fc399b51c41e31c0c979e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\in.res

MD5 10b328ea87427ac0a91db7ad5d9043dc
SHA1 34ecd90be5ffb01a9df4afb11dd68d3e6353c709
SHA256 137192ab9e551b5215dbe7072638ad3ec74b6b3591bed05665d6243fdab63aee
SHA512 25c99ad2f4157c7c08430322cd2821fdf1e8ca3dce8474fc9a2038f690bbc58e09a1e26ab594dd8fcf5ba87548bd3371911e60e6c879d1c7e981517a22e98d4c

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\ars.res

MD5 aa8a7aa673d89ef3789a8f51e0a80829
SHA1 052fc49617344392438bd75f84e6f7662c50d294
SHA256 0c3e87ec57077f2273433a6859ea6ddd7afc5b2a272e475eda076833239882c5
SHA512 b96a6bf5258af5d6ee582e2ef722f31017dc8fe8caaf92a912aadb4e38e10645f451fccab8fc5ee95b48df52a2a9e760f12c4255ec80b03bef791c6551227cb5

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Overlay\Engine\Content\Internationalization\icudt64l\coll\bg.res

MD5 3c36dd32064b9abc9700b51ebfdc9feb
SHA1 3020ca291091b8175bd6282dfbcb7ab1a2e8509f
SHA256 5473e753d24d1b03bb1b0abfe4d9fd14377507b1ff19aadb2c35c57440858766
SHA512 d079635b3766020e7f3c4c9b95934d692045e4083026ac570e9ba14d16bbcaa41ef1e1f0090ba09bce4f11a95ccfed1cec40e30aee34525dbe957f302ee04588

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2e9a4beaf72f7658d15a0f6dfb57460
SHA1 aeacfb292bf1f62cb69b0531b8b99e0bc4b05836
SHA256 81decdf0fa32ddb7a7339cb9387d72199e2039fa0f5b930cb8c723bded663d65
SHA512 59c8eb651bfda0d50393e3b970e774956b9730994eac1c3591ca304038a0d17730e7ad659c32ede8db2f66afff5cf4ce5f616d145bf8b03fc02b74ff205bf59a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a17ba02aa1c223c_0

MD5 14e3d5ca6c00cea0fce841812c6d9634
SHA1 599ea5937168600088c350a37089a3b53b086d85
SHA256 c70c32de971ef04db1ace37fe93b75f8b783197c178f39babe6bfcf96c5e6ba2
SHA512 832d6ade9773bd03d9fb807be3d5cf3ec66943099e0e53fcf521b3215fe1cb9a4de7d21f5e94788154ebefbce389cab627de81f9a31f266d30152db525527b94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b0a8a50c4ef1f919_0

MD5 9f5136d2d26007f84805611c646d05d4
SHA1 2350d1bbc27b99ef4bcf01a7c394d3a3d83cd2dd
SHA256 b6ffc27026fcc08855e69f676a9710cb58a874343b70b38ac07ccf2d427df958
SHA512 ae7973a9c9e0f399ade1011e5b185f833ae98c2c4f7802cf86a0b527f2623d40a51ad93a37cf7945bd12d030b2f1013f95b0a74b4990a1b2c6de67860aed71cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 676187b8cbb0854d4d7c9035ccfcddaf
SHA1 75d1de00b9a258fac417daef502f289f382af858
SHA256 88c690cd374ac9b21f0799a9ae3bd13c06dcb907b6278befff067fb2307a9e87
SHA512 4bf67e4c415abef53539cc733340322a3237cccfb1a30e9ef2b01af2359b4b74d659ae369342abceda55ed0407d0bb56ce525f9f90b7cc73aa5507a1ae3667ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f13052bf22c3d99cbdc1aaf90b132275
SHA1 e1e1b4f235d7dce5c2455eddf1f668abd4d05e42
SHA256 258de61b03234e8fb2fc1b996cead3741fdaa77b37900bb855bf2309fe902443
SHA512 dc60c72c924e6aa42d14e46aa54bd7c7f41cd8201483f0ab9c07d557b87110fc8ae9a3029a6e778714d3c2efa4a8d786e4af573247ff04c89dd1c85546a900ff

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0301_Rawmen.png

MD5 2c96b8aa0b02c6543e3c2bc775e97c7b
SHA1 201b1b5236450e4b44cf2a22422d83c1262dc791
SHA256 f46290f09521b1c7676b820e1f5b6212bb76d7a627e88defbd5b2da148639e94
SHA512 8fbdcac4d983ae90c5a8a707991d711072e9cb767befcfbb211f63836bcb3ba6f06ef1de9be0f70d47f672c520c36150ffc7c7834872e9679f9fac7911098c25

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0411_Marketplace_Spring_Sale.png

MD5 d2971e310ee13bc2dcbab715e0763fd2
SHA1 d580f1ac61fd2af3224712cb0266bc498ed9ba2f
SHA256 2ee9553a934d3c860a5e2aab0b1ee96cd6d54543d413dd5830172fd327fa6d1d
SHA512 2b508f7216ac8c1e05438a093ae949d2b81dc9c530d6414cdb3870326d16aae4284358ec84844aeb6f4ad2cda95dbf848a787e09f037e4688f02124517c1b65f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0312_Free_Games.png

MD5 834f76649cff6eb2e4dd4fb52399c788
SHA1 2982fb6cc6670496a0b22f48f7f154e35238b9eb
SHA256 08125ffae52053cd4e1a1726adeda74af030c63e166d389d94887fac6b5a71eb
SHA512 0123b53ca074ee1b566b9853d73f909d4c68142463d60dbc399a4b5c22c9f4f9b3a65cb67781d5de9f15d53cf69dab8ba4d24163a3479be5b0eeb99f40580eb3

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0901_WB_Hogwarts.png

MD5 1818706ac6bc88e12ec324287868b414
SHA1 b223acf741c28b0c5c8665adb75da2f4cf89ccca
SHA256 4218316fba7d72a2391b35bcb5bd3b8e0b7e2f8d420b6e9da2f9eb44a0a9527a
SHA512 9d896de5d72ebf961c8e1eaf09f74d0c77f374e1bfd5a24e839074fdd3850b9707a36ebfb5ea509c510860d764fb2774d7bbd7cd75637853ebd48d3945165ed0

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_UE_LibraryWithStudioBetaV2.layout

MD5 bd2ec392cf32fdf140c3792af66be2a7
SHA1 05d5a893d190ddb544d678834ecc56c7a9298b14
SHA256 e3a4fd152a80a523e24f07b0ee51d627912d135436957c25be31cfb5c2402a47
SHA512 b474eb62e3ddc8278ff3c25c81378103b2ca8caf1973db3943ab47950ccb2ab2021d4644f48d84902c556a8101f83eef0ef6ac56467d6d2c3ce793ac90a25915

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Binaries\ThirdParty\CEF3\Win64\icudtl.dat

MD5 80a7528515595d8b0bf99a477a7eff0d
SHA1 fde9a195fc5a6a23ec82b8594f958cfcf3159437
SHA256 6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
SHA512 c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Content\Slate\Docking\AppTab_ColorOverlayIcon.png

MD5 e789ea5024fd5a86451510d6eae0f3c1
SHA1 eb7471fff980fac48241993cbcd34ddc924f57ba
SHA256 243081b822f4f694f43fdd910271d34610064286e77dc8bfd1ecbbc3632c50df
SHA512 95606466135fe3ead3c602a82671cfd7be447424b3aebc280f7950201549e7dc9b57c65fb6150bc36c0d3bd038bbd6ebc95ce9a4d8af39fde3c76340be79f2b2

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Content\Slate\Docking\AppTab_Active.png

MD5 98098c68f01fe1628a738aee48c75b96
SHA1 f39b972de4125d7149b5c826a6ced897c417394d
SHA256 4e4da145aa85ef36b72d18e44a8c6bed03f292b1b20071991c052bfd73d54902
SHA512 23243e5a45b6bff9c3e163b43c11da16a866175339a32372f0f0737c87a470a206bbfe93fa72e2952c891e637b88d41e0a6360e068f12504115f13a2f910e2d6

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Engine\Plugins\Messaging\MessagingDebugger\Content\BreakpointBorder.png

MD5 5b6ec4eebf6fdf67c3c6fbd673a46370
SHA1 53181029fbea06aed2e663392654737696f5b4cb
SHA256 8f6c088620c842670ec544dfc4b0313795d8e52c4203472848cf9558d06d1597
SHA512 3a9478f764f5aa6fdd239b4217dd9a60ad600cd0f06f108ad23f9f2bfdc71387457f35dcec3b66f497c00a838bf7940a6e3c9af718b3fbcb73adf0a212395a0f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Font\NotoSansThai-Bold.ttf

MD5 84b81463f0e0d6329dc89eb3d0249ad3
SHA1 599cb69499e7d28f257eaa5647efdf505503b1a0
SHA256 f58889dd92142f30a4c6e5045519c4d12de22009670f046051c830c8c50c5833
SHA512 fec62da281a04b30322f89ec745f61f606a8510a9f92c53b21ec0356531c2aa3db40fa150be44a55c62863d8871138769005ee2bbc5fc62895ad84cb728e2499

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Font\NotoSansThai-Black.ttf

MD5 00319f0dfacab6e781b32c34b138f3ff
SHA1 bb5f61de6b13bf382fe46efc342f8ec3077afcc4
SHA256 d3d833624f40419464a9a3b871e9c9df32e79ec264bdf2ad7be183a61873275a
SHA512 17f68932744df4c47d43884b389eea4a5446fc4e471e028280bcc796073f39121559ae4c922131744a190e61fcef925b8296f26ea980bf97424d430511e1980a

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\UI\UserCard\Menu Background.png

MD5 77aa8d3442e311f8d22a36c0794e6433
SHA1 63b60e0210eb22b187624858bd679d5cce097e0d
SHA256 f0c23b8f4b1ec6b18ec079606f8569d05883e8c6141f01f0f60d90e7c427ada4
SHA512 c632656f472ce781c33de8052f3c52350f213550b6fad0ce4a017bd65b9e39a77f75b0ff2a421d47da703ebdfb3914c5bb8f534b0c25b669f7c8e37bf8b02510

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\New UI\UE\WindowBackground.png

MD5 0bcbdbe3b786bf2ce23ec11d7f1f0322
SHA1 355bee41160a2dcb582bbd52ad257b7736596035
SHA256 54fd76816d11d304784660bc4938824413a6aaa2c5608e141dc00c7cf5586b3c
SHA512 686b26178142b5032d6ad684b1eb4742937137b00d54e409ba941e37cdd31df40ba7cebbd4e48a534d4d5bade36e12edfd15b14df8a931a05798a6e8bf8e186f

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\webmodal\fonts\BrutalType-Bold\BrutalType-Bold.woff2

MD5 0dfc6422538b3d86ce582109b873e084
SHA1 bf006d690184b9253468f98193fe36fafe1cb5f3
SHA256 a6f0df6e385325b7a94aaf1005890c9c6d090205098efd6afc55a3e920d48e2c
SHA512 671138e08916868eb562c452d13a4a9334843abba75dbf6e686ee3a07770848b96b93abf06df15e666ecc29d9b0b4b153c3afa14ff1fb2175bf9fb89b15b1903

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\webmodal\fonts\BrutalType-Bold\BrutalType-Bold.woff

MD5 7d12e2ec7b3852a53f4efa5095dc2a8f
SHA1 831a6bd9801e95d9dff5b6b1fc24c6da5426bd45
SHA256 a8f0f6a6e0a08aac0d9002020de8f75719831f5db620c85e3f700574af5d5cfd
SHA512 b166e1dc0ced467b6f4f2f4cb4682e2862490e270ca65128a97c1cabdc2acacf7106f260597c64906ffa9088e0ff272fbdb74b1c64edc613e609eba5b5122379

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\jquery-3.2.1.min.js

MD5 473957cfb255a781b42cb2af51d54a3b
SHA1 67bdacbd077ee59f411109fd119ee9f58db15a5f
SHA256 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
SHA512 20da3fe171c075635ef82f8de57644c7a50be45eb1207d96a51b5eadeaac17ee830b5058d87e88501e20ec41ef897f65cec26a0380eaf49698c6eaa5981d8483

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.ttf

MD5 75e941272c93633c1c6dc50f797c2f87
SHA1 9bb4c25662d298f0f026bede5e6ee5a95f98e667
SHA256 f892303d3b3e710430c192ddbf9e0750ccf7ea2c6d239db25b28e960cf6ce638
SHA512 9bff10dafa35123057d720296aa9e44b7be1c0b714d1669004c5d68573fa694a18ead674bf8d77955fd248978495f1ccc89adb23cf7f82836b0445b764d540dd

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.svg

MD5 1fb009dba27c01ef3299d5f90a6fdc34
SHA1 d643e0eeecf3666634271126a4def092a1408426
SHA256 5de5c7f84fbc8b5cc7460e5a755454a37d971f7e5e8bae39afdfd84c4a88c3df
SHA512 e4054e7f967f5468a6a4bbe511fe0ad1d03cebcb47c03fae3dfc3911ce99e7eb79725a38910e870a8bc2256c149e0f89fb1a27481135ad64b00cdb4cebde4975

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.html

MD5 1b332eded87c47dade95bf4b302fa113
SHA1 4604c49488aa1e4bc3fc1c4f903340eddedcd6f1
SHA256 cc8244dc10342b727f2d0b7283e270284ecb6ca103f42914fc77c177a692305a
SHA512 d5fa1f18e0fafdd7d5c415e8d3df680cc196a80b38f10e133e5217f33e71ed39ddd7e515c55df745fd0c20cfe040c2027edf6c579fc6657a2872fe8da4fa41af

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.eot

MD5 434233315fca6a10ec6d970432056f2d
SHA1 73d603859a98bff519701d59f2d3b1356c57581b
SHA256 e1b7408ef55b2876cf9250938d15ebdf19ab3e674ceef39ff78fee96654144c9
SHA512 a355d02851559d231a9a0e05ab7e8768602c32f7e52f87d50eeeee8238e2e58b688d2779ae980ddd7599bafff554cbee0c089fbeece45cf1b43db5dab24feada

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\modal\fonts\BrutalType-Regular\BrutalType-Regular.css

MD5 6bd54f8bed5d1b6795be23bec6641f9b
SHA1 63e24d57b441b6b6f137c5b19e21b3e43dec704c
SHA256 31f8aebb8255519e3b8b5742844b0c28aeffb16fa8fee648fddc2d9677fde476
SHA512 de240354cf1f9d3e3212c41586dfb074657ad82b5b8c5ad4e059cc9acba8cb826b9d941107361887eebc9ea3b88a4bc80f236aa2af418e1d322e40ed192047bf

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\installer\i18_es-MX.json

MD5 639ecfde372ca8a7a6d5309c207d9705
SHA1 0c7c638e46edf8f70b3ef9e5a2d8b0644628e68f
SHA256 e415e145172ea731c44cdabf3dfe37d54cc46a68007d9b44377f8398e5fbcfdb
SHA512 843bd3cda43c790d3f118b5240647bed6fec9846f1e4608bfe534f06a753ed9ef554c4bf167adfb518e4b45262d63871ca47ae3debd1aeb09ca97326d98e71ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7408f1461634e545_0

MD5 fb7581fc4a73ffcc71c5f8ecf297d428
SHA1 8f1f2ba7f5deeac7c4329b5286fd41dece9f79fa
SHA256 7398ed8a96ae5f2768c76252589596dc2e85e2e86a83d69df62eed8e8cbcb94d
SHA512 13c011702003cb3deb8a76b13c0c5c0cc2bbde21457d75c98e65159b592af245fa0da326867de7cab0d4d243b922e3012e9097ade4c4bab91dcb2e5a7616eed1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_UEV2_TMEDU.layout

MD5 6256bf4edea42d486607972b307e2ec4
SHA1 532d3888f33c8d73559f4be5a0106adecaa0a9de
SHA256 afd996e6b3b7f6ada5c2b0aea34000d35dde834d3181ac36658ab454beef36ee
SHA512 6c53b3a1fbd9735d09e65def901b4c8c2605f78cfcdeebebaebca7444e61b1c86dd9e19daf77fe8f6dead198918116a86b2ed0cb3fb21c12c3af7294ca25c6a2

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_jaguarOffline.layout

MD5 31a987753e0fc7fee80d6f36491be64c
SHA1 2d20153c1e7ca58f66b2a1cbea40ec6c98fcd369
SHA256 537cd8458992288074cf3ede1d221c165eedce2483437d9cd95d20cabc6352b0
SHA512 9787b07490d12ba6c704d5b6ef1e423e69ccab7a9ace61aaf754ee7f23ef24a8831cc3d8efe86106992a82ea7dd89fe21997a658f314dad51870e480d00864e4

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\ui_BusSim18EditorV2_Offline.layout

MD5 55c3accb3a7db015d7531d8a6e0272dd
SHA1 f0020fce10618550cbdf114cfccdb14a21d9c9be
SHA256 b5df0e1dc0853311724e5840848ece1e3997f3dd322dd3859dd5d28d93895741
SHA512 4a2769625c092eddae27002bfe0c043740e1a9fd19c7196b498f9c22babfd1fe56da709137d40f7d9f94bb9cf5c8975b48dffdaabc44a8f9dca5dd1d6beb7db1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\plus.png

MD5 2ea6b2059495a75d4c1033cf64275823
SHA1 2967a4e350eb0edc277f54ea4d78c4921812be7c
SHA256 e52151b5b9be45273147bf3a1d4655186a61fd7cbe007ef5cb7c66a1990371b1
SHA512 acc55ddd4a00f8a625dc925c83f49162bb79cf697b9cecd937bd694ee697561030938db4f153aff844c4fcd96cc9fc94095138ec984ee4faaaf65ca78ceafce1

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\localcache_icon_small.png

MD5 50a5b1dd49108ac7be1f1980ebc22bbe
SHA1 1ad8e149a4ce60f7b46a73194f031b58d8de54f9
SHA256 bb27052e122dac0c008cb81d6064f6a0edf8b1a53eb0e35027b76eb99b915d27
SHA512 5e425f007258b1fdda221090f3f9ea3c813d8ad8e9f66138504108d59508cc685848f59c48d50fe607c287bfdd625bf950c2ff5940367e154b79c0daea5a5e69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82771c39e900c894_0

MD5 f036fac218733b0650198343052dfb6f
SHA1 c2f77980d075f827659ac38ff2153855d239faa5
SHA256 b8f83769d25b03d8be00c6d6acb28cf372c38bff0544c0bb4eadc87c16853114
SHA512 c3c561ae8ea2b69d07efa7a2b198ea3816da3b175658d3dbb5a829aca03cc76e30d09ec66e566fca9689b288eeb57fa4f9a6a23a2e420523397ea3fc096cd250

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a489bf28fca4a5c3_0

MD5 75e7563ab52f7db60993d0a8835f5272
SHA1 59d3b7100aa27add8c70b1712dc4b4af893ef7a9
SHA256 4cbd9b742f29a0c346ab550c404a5db030c71739a5d03190b36bec9ccfad08cf
SHA512 b11d76a7e0304790db01f206b79d5b1b3c78dda973c8b64cb6e68ea90f74bc47680552d8c871c8b8b805f513592ac8930f1f7e2ff56a9bbc79b56eda859fbee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd0937dddccbde4a_0

MD5 d7d66d97018a8e52b448ac2cdc880799
SHA1 9df05b2b685179d45e17644d6e7843e8d883b827
SHA256 683cf73c0e0fb9cc1fdceb177aadb54464012ed5749c74b22ad0cc2f3170a315
SHA512 c94697ff65e02e56fdf427321af0f8885987c292dc5981fde070bc7a2d2eeab90ac6bfd1551c42f9e4198a3343c9181697bb3c4faa1df5acd2b8f7807c7b51bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a19bc65026d6fb81_0

MD5 2af764de6f93ed6b3d4f325e7f959a2b
SHA1 94a7bd9d2f88a900c886b1a1ffa905dd4d1c3e16
SHA256 ed54b18c8f706a92999e8cb85c398bba80f8d5516d7766bebdd0910895ee9bd7
SHA512 7a91966640ca2d598ef7f143a4c3083bd3f6ae3a3d70184645e567d27d44487c3cda1d31d013d3292813cbd4359584243a2b19b07bd283d9cf36058ff0265e13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a58b8c130a4c6be1_0

MD5 917d2c405b0cafcc5222aa2b93de401a
SHA1 b96c76643c0a5bd02e3c7307b457dd0c3ee9f0b8
SHA256 8eeb9fe36e03417da71843b9e7eba63a2e3191955db5e3166dbed34fd81d371e
SHA512 4496717b798ff94e2e6231b51987a1c714b7a996b56fd7a592c9fb60c20f50b89a6d1690656ca71b9b43a7fee6ec25af82832dfafc0231a41f6b0e84eb6ba142

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Extras\Redist\LauncherPrereqSetup_x64.exe

MD5 974a4cb5349383a8e0e9a6d6a9fac325
SHA1 988309b15a7ca90fccba9293ef7aaea7f21e98a4
SHA256 09e0d13d3438ab7556c5a3042f0b6a53ec5949ebdf160d8dbaeac307f7846237
SHA512 7f964d262831990c5c04629eb2a9aea1b76a8b7d5e937a5e7b66b16cba0a294c24013ab47a7b982f70b75ed6ab4ff3be7394c3e22788d1f5511e8192b505221f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f043fc37cce6f0ab_0

MD5 07e16c2e499b82ecb07e48b505c8d611
SHA1 9e1e05f1ca5bd7644532472d423c9ef6ce69a885
SHA256 eacb92e97b630e36ff68622e664a7d20c4683d840735eac8e6706550c82c49bc
SHA512 c652b1640abf407ab7859e2a764f078ee165bc0498dbebfa17c3361ce28c967b7a975280068a03425df074c7baa9633f15031c1fec19b31f241d230975fdfd95

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\SysFiles\0213_The_Last_of_Us.png

MD5 48ed4a0950f33171d3752cacb95f8866
SHA1 20c2a815a357175a12838515933433aed680f939
SHA256 5a9df55d5bb834320cbb8763c876f52df0f354879d11dd9b42b08c3636e19751
SHA512 02ab40901bc441a3bba91fb15e39dc4bb4ea3d5bed2533447f1b5a93532515e47ef240fc88279c42cc238d4f935cfade8c43310439d5968b928e6a9fdde936b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dc62e0a749595bdb_0

MD5 a0b6e732602c41dbf33aabaae4be0d5a
SHA1 dbddd6fb979ddfa2c0827f8bec2174d974d3d3d3
SHA256 2d4734b0464ef57a5ac8812028ca02345a657ead0f452fe76c5061c41c14b851
SHA512 ce820bffc09d033169a2fcb58e8890c8d55a1584146220f8211aadfbb57a26d84b3e1671ab271e487702d06df409e6062c99ec4716de927bb89c124b2b1bde0e

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\fonts\BrutalType-Regular\BrutalType-Regular.woff2

MD5 4555758a9a1a19e87a66eceaf00b1b23
SHA1 155617f24b6ae17ecbaab7e4093ebf3547680a5a
SHA256 a2497148f72e2839707d55316931a3c71b2b355d7bec48cf672c026f4903ddfc
SHA512 942871d8bda60182b516247d1c28e3d7a1faef6920ba6e11f0e0ede65a600c8aeab1b879e9d61b0dd3a7b363286e8a36338b83e9919de22bae5d386424d4bc7c

C:\Program Files (x86)\Epic Games\Launcher\Portal\SelfUpdateStaging\Install\Portal\Content\Web\fonts\BrutalType-Regular\BrutalType-Regular.woff

MD5 c36d188d8cef7e9bc736d4cdebac8d9b
SHA1 e83b7250a297cd301f8671163791c1f2c2d659a9
SHA256 871334c3dcfed859e737b80d12319505172331400ae6d6dd19407cb347feec2c
SHA512 33d3e3b80351ad4f293d7ac5cc0da3286746c879c1b29e0756bf13fd2f4cac235372cbdf5a40eda0fca51ab876a60599bfe71366e29d31333658cf7e0e2ba9ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c0c04ed33160f67_0

MD5 e758660f196023c77706e49a925379a8
SHA1 ed303647f2ee701c2115cf471a186e155e5e10ca
SHA256 21e552246e92eb566a09d8ff7dbbd489fc09441917562b397a7391a5b654bdf8
SHA512 a8761a9ae03df7482788387acb448f5689d4bc0e813486db848c862bfba945d69a02e888f145bb7d06fb362adf0b5b4621d780164c113565ada389d7657cf0b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a061db512ac38ed0_0

MD5 7d453fb439d45e27e92f7411b9610b32
SHA1 c018f5b19a0edda3b769f32892f83233201df346
SHA256 9ae488e50334a909026c6671bb280da442ef11a6bf2c01bcf4551cf71e2b3e1f
SHA512 5264fa1a96e83da31b4b0b7d82bc67032da33a9e54b9c8f72c3794c9da924ad79a839a01641c4c0e99a8d575e433bafd84299f7e4fe40f71a71614eb1ff01b20

C:\Users\Admin\AppData\Local\Temp\{43a03b9c-4770-409c-a999-587b60700b63}\.ba1\LogoSide.png

MD5 63c9775d703ec8bdc9703f80d52ffc24
SHA1 1a5f3fa1fc4ee2a7e08506f8178d769cdcd7ec62
SHA256 8f03c6e8ce5f4898cc230e04d485e0e0744eb7ee180a3d8bb154f2fc9c7a93e5
SHA512 b2d9d18a3d6a1df401ede41e35af7167c6f253f54c290d1db64db212b5a2e9a2534e86e031e1e5499b2ce11bb952afc6bcd8f85aca351d49867c77dd4edba458

C:\Users\Admin\AppData\Local\Temp\{43a03b9c-4770-409c-a999-587b60700b63}\.ba1\Banner.bmp

MD5 461fa4877514f318a0d5cbc602daf7df
SHA1 5d2ed3abc96bb1fb419828e3de3fc75a6292536a
SHA256 638d5bfc987b45d28a308e8a4d68bd7c0a82d21e615e534fbfaa3cd0ad53889e
SHA512 c4def63dfde38cb2e35d75c7e61428cb9df2429af799e3e0b29c7bc1d9c60e8e32f18cc0e7b55e177d95bdb333a7a0d1f4369b02f5c574b6688047e01e9f98e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41f4b28a9439aa99b0efbc2abb988d8a
SHA1 8f9d8ed53f43d1a7e402e70fafc2dafa371f514a
SHA256 aafb938ef1b0d11131c6498292de21bac35e964ce4683bc20d0827438901ef6d
SHA512 d939f562c035a04daf9586c81e5db7af26e1c5615624fcd3b110b98d1a97181a7cc9857af4181cbda5150835e00c0570e11cce75f463c307916717df681d9125

C:\Windows\Installer\e651209.msi

MD5 4d5c9a709f332236559d3bcb27bb81b1
SHA1 0131fbe2726674119340ec96bb72b41e30b4add6
SHA256 ec50384f5094fc632e78ad9bcf40c947cf33023ccb28bb36e44eaa7f04b4ecfd
SHA512 a5206ac469c92d95a64009986d3b6c7197f11b7904da3005a9ab9b9534ce4a91e332f34058bc2f3c31cdaa6ea9b58d22b9254fe8be2f819a22ddb7e8637a6e1a

memory/10092-25543-0x0000000004B30000-0x0000000004B60000-memory.dmp

memory/10092-25548-0x0000000004B70000-0x0000000004B78000-memory.dmp

C:\Windows\Installer\MSICDD2.tmp-\DXSETUP.exe

MD5 bf3f290275c21bdd3951955c9c3cf32c
SHA1 9fd00f3bb8a870112dae464f555fcd5e7f9200c0
SHA256 8f47d7121ef6532ad9ad9901e44e237f5c30448b752028c58a9d19521414e40d
SHA512 d2c354ee8b6977d01f23c6d2bb4977812bf653eae25e7a75a7d0a36b588c89fcdbdc2a8087c24d6ff687afebd086d4b7d0c92203ce39691b21dab71eafd1d249

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\apr2007_xinput_x64.inf

MD5 94563a3b9affb41d2bfd41a94b81e08d
SHA1 17cad981ef428e132aa1d571e0c77091e750e0dd
SHA256 0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8
SHA512 53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\FEB2010_X3DAudio_x64.inf

MD5 49460e9297b0faab5a5d73e7aa2caa67
SHA1 a7e211f3d4ae808f67a798924c4d3314183df873
SHA256 68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf
SHA512 92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_d3dx9_43_x86.inf

MD5 a11deb327119b65bacce49735edc4605
SHA1 0be2d7fa6254b138aa53d9146cda8fedbba93764
SHA256 6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b
SHA512 b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_d3dx9_43_x64.inf

MD5 ce097963fc345e9baa1c3b42f4bfa449
SHA1 e7624afc3a7718b02533b44edfe4f90d1afda62a
SHA256 272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f
SHA512 f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_d3dx10_43_x64.inf

MD5 13c1907a2cd55e31b7d8fb03f48027ec
SHA1 ca37872b9372543f1dbe09b8aa4e0e211a8e2303
SHA256 a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377
SHA512 545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_d3dx11_43_x64.inf

MD5 590fe1ea1837b4bfb80dc8cb09e7815f
SHA1 792b5b0521c34c6b723a379dd6b3acf82f8afb1f
SHA256 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b
SHA512 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_d3dcsx_43_x64.inf

MD5 e1f150f570b3fc5208f3020c815474c8
SHA1 7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c
SHA256 5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a
SHA512 a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_D3DCompiler_43_x64.inf

MD5 6494a3b568760c8248b42d2b6e4df657
SHA1 700f27ee4c74e9b9914f80b067079e09ec7c6a7f
SHA256 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216
SHA512 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_XAudio_x86.inf

MD5 31d8732ac2f0a5c053b279adc025619f
SHA1 c8d6d2e88b13581b6638002e6f7f0c3a165fff3c
SHA256 d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da
SHA512 abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\JUN2010_XAudio_x64.inf

MD5 dd987135dcbe7f21c973077787b1f4f8
SHA1 ed8c2426c46c4516e37b5f9aac30549916360f7e
SHA256 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8
SHA512 f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\xinput1_3_x86.inf

MD5 e16c94edc4b577b7abe7b06e31376884
SHA1 e86cf530fe00c0fa2a107684a198b37e97b9ce76
SHA256 ba212aa1514df6509474a46c7b2fa07c210d249b524bf7d47d058461009a75c1
SHA512 5405f6936e05e1260a3778d86d76145d2853a345afa156ba6e0a7cf4bc9267cd4cbb5cd32878adda3c6130721218fb899fc896bf823cd63c32c7086b18cfe9db

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\d3dx9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\d3dx10_43_x86.inf

MD5 24338a297e69e534524a71cd5ad543c3
SHA1 69870c91e59b0eacc4e88bd2d4f95e7561f630fe
SHA256 ed1429a15b15a28f2e6a92da669a205594d09625cbfcdbf0159516a813a6f5d4
SHA512 8bb4ae9c72909c6b8beb6ca675c007317903869ba56f549d9c2ff48a1fb50923b98b6f748e99bfd56b4b068e14c8773e9bf4dcdf5eb6ccb8b0edd6a0b16decc0

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\d3dx11_43_x86.inf

MD5 5f043e62b5cc2f3d578e8f58aaa09fba
SHA1 2e3f0422e88d6dbeaf8211d7dce7b38d3048c433
SHA256 025cfd736326445f5d98d8dfc8584189f8eebb2d5f3e3cd25a6f386bc2496958
SHA512 d1af12375e5169525464dd17dec6f6ec437b6a35db6c425d508fa694b506f302b8a72e3f2222467e2cd98346f017a83b5149b80fc8c06b06320ec9e265280680

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\infinst.exe

MD5 a7ba8b723b327985ded1152113970819
SHA1 50be557a29f3d2d7300b71ab0ed4831669edd848
SHA256 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff
SHA512 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\d3dcsx_43_x86.inf

MD5 ddbfc2923df1263bd87ac1bdba534d4a
SHA1 ff329698074965493128e627f770b9b3e444f813
SHA256 48ec353b9c9fbf9ec8692c5d6462c7e4fdb726e7a0b0abd734f33f9e5f0ace56
SHA512 f10220c3f33cf1da56c4ff580da322923b5cdac25bd1c8d0b4f8f0bf456397a4dd32a21e7b731306ed5e01a2b832acec7044d7337911e7f4649cdb6f6d37f603

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\D3DCompiler_43_x86.inf

MD5 90785e792edcfa7d43de9df2d1ac884d
SHA1 ea5d8bbbf131343dd0ddb2073dcbb7634e6bcecc
SHA256 8f68ccdd8ce1acfaa5c4afac6b2e96e23b7b532fbcbe9375709326083a134e85
SHA512 a2d15df6148b811ad5658d9692a737924a3ce3ae1007cd86b6ad994922d95d839258dd18d785425609970efa8a39ca79fa61512f7908891cf51cd0eeb6ad2b15

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

C:\Users\Admin\AppData\Local\Temp\DXD057.tmp\dxdllreg_x86.inf

MD5 8272579b6d88f2ee435aeea19ec7603d
SHA1 6d141721b4b3a50612b4068670d9d10c1a08b4ac
SHA256 54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40
SHA512 9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

C:\Windows\Installer\MSID8DF.tmp-\CustomAction.config

MD5 4933c1e1be5973187e991ea2ed9e6451
SHA1 b16b52ba34a835b5bb8665f502e7e37985b6776e
SHA256 dc44fb3a0ce9cb88926b2d91ec3cc5a5c5d694b02415c4b2459090f08f08ed58
SHA512 766ed216354a9d0f681607577e586e89dc82729ced58c328676771178ba547cd87878a1f5955cd46b197672753bc693d08246a7a11ceb8a7f255e1321403e805

C:\Windows\Installer\MSID8DF.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 67d94c27e58f90670d807a9b5c54a3c6
SHA1 84748405943ac408b70fe2ba3f5e945073d1c25f
SHA256 10ebe6a0312b109a25ec7ee49e67259c3a978954ef2c3f17d9a22bc5ced39037
SHA512 ffa43a10a24d637318d3d1c6ebb365d7d07f5f984314246a36526af6aa3a53343aa37651316b73df074bed4a38d1d9907059867f0607269bc6bc8228ff5652b2

C:\Windows\Installer\MSID8DF.tmp-\CustomActionManaged.dll

MD5 f87acc4dfc3feab027293cdc5fb331ec
SHA1 bb5299394e9dd386364dfc22875e4fc626d4ea39
SHA256 99b45bdb35aae9fbf847f580135c6a5b1939595ee6783597ed25387a1bd911e1
SHA512 85dc67f8ebbcfec9f6eae30eb3ec0ee5fd7657e40722182d489c60e5bada93af59ef4afdfcfc29bcdb1afb7138a88ef92911f7ef4e3adc1bc93b41eea6e4cbca

C:\Windows\Installer\MSID9F9.tmp

MD5 12502716985071cb3bdeeffb6e7cf851
SHA1 6806b6917cc8b1fc3ca1822104e5d8750fab196a
SHA256 86d2b04b4fa6e2f6757ea98f0c4564abd919a690d3bc4ae83822f31fad6994c2
SHA512 f4228b0f1e81ef23308eb0d32ff2ce98c6fa770386b17f89b9c69f819a97d50577eddf29e96c36e517e60bedaf55fbd300308936d4ced5a7b3c9bb45d4565cdb

C:\Config.Msi\e651208.rbs

MD5 b4a2ee71696387ed8a5bf273f53841cf
SHA1 844466332f6c6c846bd4e98a4bcc36b7830f5d91
SHA256 d14095930a30f0283c68e24f28463b87c9ae1f45ef2acc47f99dcb57bdc1db01
SHA512 233206d21d314fae5969bb45a222e7975455c98de626aa885f82666e2ea4981d4730a6fcdf43ac50f7c5d776b6a0d23667b9e6ea478f0e077bac8c762e6013f5

C:\Users\Admin\AppData\Local\EpicGamesLauncher\Saved\Config\Windows\Lightmass.ini

MD5 81051bcc2cf1bedf378224b0a93e2877
SHA1 ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA256 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA512 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39ee052dab24cc9c41ea613a208d35bc
SHA1 0a15ce3f15a9d8ba29fadef5894c860dc4656774
SHA256 442c27ef04604c5fb68adefa08f3a90830880105a3e414f362870c98e7335fcd
SHA512 9dea5524a33c9f02fd69a0867bc2559185bc155b661270af1537b39ba3bfd7d6f46b9e2e70e9c7eb20830c922c07b4a2a1037add19f6c747c9e24e0104755a30

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0102_Holiday_Sale_Last_Chance.png

MD5 34fdd18a4c336b10f3eac97b86fc903d
SHA1 3a8804295d3c8f990c8dbab0e650a8375e75dfcc
SHA256 1aa4f506e03287dd11a6feafec6f2e5439da789ea39447e86d22e86858fb860f
SHA512 c4a794b92cdcd35a6867c9c107a7b9057de400c0d918a01cf065f24afd6e142a54c33b8b39dca596bcd16c04b485a580489377b8782d0ef5babeef3869dca7ef

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0926_Assassin's_Creed.png

MD5 a9b684180c9e89c6c3b821d1ce3fef08
SHA1 7c24ddc4556d08c993079862ab2e826a51bed513
SHA256 f288907301d0e8c74f015bffc3c31c3137bb81da4f6d3ee0fc9e5b5d6636e8c5
SHA512 6f64b34b64393c438059d9490f1317f9468269959c5edd6de577fbf0b3ed5a5ff92a6915bd9dd7ce3fad258e3c74fd34a16047c2e62a1c914739de1d49ecd0fc

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1122_EGS_TST_Cyber_Week_Sale.png

MD5 f851bde560ce59dfaff903e3ae3d28c3
SHA1 680e018caa0fb30e2cc160bfd8a23c9183dd0880
SHA256 1dd6e854ee4e9dcb6a7888fe0f2dd1d84cd0a01308aedbe9602fbb1fa1074a56
SHA512 4384a893019e134c59e670313cd396c17351d214e8f70391daa8bfeb71fa85009fef86dbaff35127805c808570311af3ebb62f8870966425ebd8c4c10b76c14f

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\navers_icon.png

MD5 93d75a74ced71edb6aa431b8e58cc79f
SHA1 e3747e07b3662524e1c293052c3ddece335b7b6b
SHA256 190af957b191111439b9d3ce776ff0ac3df57e2a60aa8938225f6a6dacd15cbe
SHA512 4e7610611693eb400d4839b1e2a81c69cf97ad8258f63968f552b8a9b175d0c3f73d7ff28eff170eba53d143d2b4512c9eaf146dc18d46f1b3be01c3c95f3054

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Reddit_icon.png

MD5 d3f881d4423f9952623475eadcbc9054
SHA1 a7f5dc5f2dd837aff9892bf98c3573b7d1f7c4eb
SHA256 fedc3c6497edb58cad2089092da9eba5a31334786cd1ca0886b9064108480919
SHA512 ffc308699d8bf2762f0d66f62e9d6d8c4ee20c6bb63874fefdb52f264729a575a94a7eed5faf4c3fbb3902605bced5d054241f09d965c04fbe690d14073b8e99

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Instagram_icon.png

MD5 df7851c8868e92658f856b17cf04fffd
SHA1 88019e359d842ab404453f1b34d7b628f3ceac60
SHA256 41931cfd1edb2ba43a7ae4724fd3557bfb36fa58b3cf671ff4a72996892839d1
SHA512 776a332c151f0abbf128717855b6419f9f5a2d1bc6fde186271598bc4e2b94ddf0cb81c01fb6cb5d7a6f4a64f758f768062fd129637a2d34061a1223a76d8a56

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\twitter_icon.png

MD5 dccff78c024690a8904c6f0e54a4a41b
SHA1 01998e682f828c476642c9f62a2751c930c4cbf8
SHA256 cfb6ba34ca60cbd3d7f2473906b4d7f72e430492fb765920ee8ee0a6b2993140
SHA512 b5dda0e9bedcb258098dcab7b53c6189741a5b3c381c6a405778baa66510c455f10286fbc799e2c92d75a812263498a5196372063f47113a4f38746ee5d56fdb

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Twitch_icon.png

MD5 75c8d1db90ead8cddf60ee76a32d98ec
SHA1 94a458181a1deab1d75d59d091815d34f682cb4a
SHA256 9e55ed39e43845fd95bcc9d36b23ff8c9e0a2b800b92986d835749a426793b57
SHA512 25d8746b2e24e753eb767e1a07e564e9d0cfedc1f390c1a2907f66c41aa4a6da6aadc08e8b70946003f7e15166eefe03896932ef48f21b495ca67c861d4d04ca

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_UEV2.layout

MD5 455e0b33533e6592f2540250e44ba4db
SHA1 bf0a448ce701f292b7250346a7fe51a2c11379d1
SHA256 687cae84c3bd66f6036c10b0cd9cb91378421c81abdd6866f20047e0b32ace93
SHA512 84aaa341e60b7ec23e32dd27e484f34aa97bde266156ef7e5a9538dacad3ce89fe83480cba6f1c02ed4b96dff933e4f773594a3694ac44e7f0ec43eb79144cd3

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_UE_LibraryLoadError.layout

MD5 c59d02869f75d91ff3176ff8dd60c0bd
SHA1 bb4e4f63063e3d4adb570a360b9f8a450b921578
SHA256 7eba0587228f3673e695b3ee35f2299bdcd5108ca0a5e6cbfee19e2ce604ee18
SHA512 65f26d55a505dd7b51ed7f1ea8394d11b5da087cd53ca69cd2093f490924292754961308c23b79e7c49a07b8d443683a71c28f7f15c8a7414e64c2df12abe50d

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2023_2.layout

MD5 172fd9ba942c6ae33b4eb6d5b29306a6
SHA1 1cafdae58bb0a9f9f27cc278a3112a07a6ceb893
SHA256 a636d1ad21b20c6d7726c7ab688bbb508b79961845b9cab0d62e9b40118dc29b
SHA512 6d7db90c8ce2f818b338b3c35e78019a823f075d1fbe7d72c8d7aef102b43fb432682028112ee86d8c74245a926ba28dfa1badd9b350b2e48d1878e4e9191a50

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2023_1.layout

MD5 79ffeec75d0c83b074ff2d29ac4c04fe
SHA1 b027939f3a63ba005f9b6dbf147db4cdf593eb81
SHA256 e5f31b9ef9c93a8232de1273d1131e4c39639538d196b5e001a231d6ee2300a2
SHA512 e779245d244769e37dfe230eaaf0a21a9e1a4723840caf67caa88fa638411354f3808b41aff245057ae156a62609fe4422cead16ce879bed8a6d3dfd0749f5e8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2022_2.layout

MD5 cc873603069bada41cdcf8629d579815
SHA1 9a5a206056e7458af5c01302578ac0d533e38090
SHA256 04a85a8b65f0ce446f697095538be0fa5d5c1ba478bbd54c7dddd235290dcc52
SHA512 cf2c6bcb13d6a2b6502f8f5f263884085a5c21f405ada4912bd1e2e1018275eb8bf51146014c999d5533406d25be9b99a8f7bcfe2cca32d73d3d4f3cb1cd20d5

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2022_1.layout

MD5 88ff653add69503e5583b6da1ba5c340
SHA1 708832623a5bd0944cbc764ba19fe94332102857
SHA256 d9420f784673b1ccc52c7a3c9a19d841a67d1e2c6c9c53f8ccde702a7e638e4c
SHA512 c039ba6aedd847325cb131fa8e95329aa61baeef3c5b9426a440cfd56e2b7f53e082dd9321240d8ac2a10d3eda754665ff1438ba5f4cc141823dd8ea52d34d21

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_Twinmotion2020_1.layout

MD5 fc2e7e9ea5bda5d38fbd1bb2e1bbbef6
SHA1 eba1e0391bef1eae4cc117e8f0a17a671f16b92b
SHA256 12a20c135cbd929362ba340455e3a9f4eca2e4e4cb9248e4657642b70babad20
SHA512 d87b9b01705236e7c710208cdbc1b187d170d1e97948152bbbe0bffb4e2bc5045241b4693088380982eb123c94675ced8be6e767310bc047576696acf323c552

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnSmallEssentialsGrid.layout

MD5 4151c4badcd53283d38100514b7e15de
SHA1 683ee42e364efa4d56b4751031507af7bd201635
SHA256 29b0e8e0d9337a27bef559c3af38bc2ec4e2a8b330b341b628194846bbac6bb6
SHA512 88b3221c9eb5fb9e848a3f79f3c75533e1ec46e6ea6d7758c49823dcc0b873e9e2c4a9ae7d16d24a304a7dd9e1cce27f77b5b65eba256b04c1c443489308eefe

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnMediumEssentialsGrid.layout

MD5 3d5c62d14bd7531aaa50b85c249591de
SHA1 8bb76c262fd4fa05853a9bd8c3cfd4cd2f9dbe4b
SHA256 6d8fbbd01331691641ef2e7f8f78f919f81cd49f6d3cfb2d77de19a33c6f176d
SHA512 374ef41e0251d88c8ee11291459e79a8bc905e4d8460c8e35455d5bc5dab147c7ad740ded37d868ecd961d7a750752467a2544f65ce99f6f4be6d86910641f4b

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnFeaturedGrid.layout

MD5 f6f780d64f4c3937dac580e8d8e0a49d
SHA1 80b159961d3af4a2bd7c00ff0c9f1040ac8b6c2a
SHA256 65e987469fd869e7ebd1a46caa15c23403170d742d100e72944edf5ef0cc2a53
SHA512 1a30d4960824f50a77322800ead5903114dd05df032dc290b191e1ac75330be82935030fdf205703dadf06f995ccaddf955d59eebf83955f4fb89ade3f25e067

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LearnEssentialsGrid.layout

MD5 f316a7d4803c9917964b709b75e239d2
SHA1 b9feeb7e9268eadcec8e0a73f0f09e879119c6d3
SHA256 e08101088fa1f09197a186d15d98d3ac36ff6feb6bd7477fba170343bd3da167
SHA512 db54d5689c9455a43a86975c6b9b1ec91b3e67302932a9c3d0e4104e5ca92a0c9677feb75e0b63ec9d72bf9ecd0ac93bc15bbc7f4ce0728abae135245c0ab268

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\ui_LandingPageV5.layout

MD5 e7539893c932e34df6c52e49cdd8f21a
SHA1 09899cefcd62f4fa7c0e5dec506138e9c258c466
SHA256 42123c3c3842e7d72e7b1de36cc08e7740835beb96691dd9b76558112e6ad01a
SHA512 2ca2241df90998209c2be34908e42c5d74ef8baa946016ae4e437d66a7387ab0897b5c8d159a0730bf78ffaa4e333158ab46e80a0d64aa4016ac239a8e0ea078

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\facebook_icon.png

MD5 801e70f54247cb7cebc6447a56854eb4
SHA1 0f2c6cd60ae6823fb8f8cc8b19aa8f1bd2980e4b
SHA256 db219f96dedb99e7231a23909f6c5ffd1e628b12465632a8fe607779d709a381
SHA512 9dcf0f1ee13bf9635e4f2d5ff0322428573e5120359ea78c216578fc7692edf4cb2c7f9c6a6935ff8ba105c671719e2d307fb199062a400fe782a100db99d521

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\Approval.png

MD5 df5a9bfbc53618b781967b12c00704b6
SHA1 61d8b32b85ed263b3ad151129a0d897dbdc8d887
SHA256 133e98edd19936810a6d0b3d2a2f3eabf47c88b927248bad3bed4873904eea76
SHA512 0f7b48f043c88513d95293bc28b1e5321022cd63a52fe18970d7dc31043ac4147306594f4d3cc971847200952441876b49d72bb2aa43c07253f535e59a2bb17a

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\AlertMessagesV2.json

MD5 723bd9100d9f681c5bdd747145818751
SHA1 2182006ae0d8c7255a47588b8692d438e5acb060
SHA256 a29de93ef82a6a00541d20d5638d4c1c480b657dce8c9d77bf965f481a9222a7
SHA512 21217ea6e40cadf0ef188fd525897e0cc50732f7c30cbb93f10e7459805f26b8bfbdd48e27867500fa160f4af5713dd5a8b2cc8190fab7d491a21efe6c727f15

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1117_EGS_TST_Goat_Simulator.png

MD5 35fc3385fcd882bade6d2101c25bd96d
SHA1 4c5c7d5eb6d76d71d3ec080b831073997b387957
SHA256 6bded8ecd1ce4a80dbd5adf89e0a026fe0ca69bb246039d51c797cc9df0f97b9
SHA512 0724e13c51d1f0c472fb523e5d365823a9643acdc3de7977ff7a7ddb041d9574ae4997e0b67129b8f88d84e478f0941203cc637d6fe02ec6e79ecaa390b07ae8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1112_EGS_TST_Free_Game.png

MD5 9bac5cebf343bcc39a3b80dfc242b214
SHA1 ed3032acb1ee72a7c4bd57622186b003e13b9eac
SHA256 30cd7af7a57f5c996e09151acbf22c68fdb35b7220f32e531e431ac175985c40
SHA512 511f8f88679f0bd88a698473243638ebbd4555094e118d9475a3b0ffe37a791c291adc224c887f72371197d7b87173ef222a67bf4229941b624313d0436c129f

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\1103_EGS_TST_Free_Game.png

MD5 fba6ee8f1abc1291a9dbaef0de743409
SHA1 dbb4597d1ab36969ee85caaddb92ef1280ec123d
SHA256 9a21e654767f534fcab4679db2749289b8654d6b8eaace4f940016a74febb334
SHA512 be5ed7545fc3e299a06df62248754c8e9f15b8483b8732b4a3efabd4c646a734f5d7a709a163496ca4abec38c48084a3a62cbb5f9de31d7f5f1217f1fe39592b

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0629_Hogwarts_Legacy.png

MD5 bb23095a7e9570ebc890463c2e0e5d05
SHA1 413e48896640a7cce4b869d31ddf592dcc7d69a7
SHA256 1e90ded54ef3592fb4b651271375154b99ee3562fdf71b41d87d704aa0e60f82
SHA512 d22725ccab3d6fd6a54e63d527443d74d7e0b0d1662a5301e808955c28a02b2560670016b13c9beaa3e89d13639aa81fa5853f4b9d785cb920ef97839054b13c

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0317_Crime_Boss_Rockay_City.png

MD5 66d2c270b53776acb49aab081e692a81
SHA1 ab09b13dab75894f5e52c0b96a65d4db448df688
SHA256 b190cd7033cf62ffbdd422aacc50a0d7cc12ff8b0b09f6e44df0faa4072a24b8
SHA512 a897dec337cab8b763ec8b1bfd8a276e6471f401c01653f0352e535fdbb242509cb4ca3156b88748c5601a1fcbd10dc7a733323524a221ac4a1a26a4848da586

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0220_The_Settlers.png

MD5 8fec250881e6d7180759f80cee76e97a
SHA1 6019474b423313e8a1224b97b325992f5ab71170
SHA256 775acbba9f08f3118f75fd43ef37cc62590503363e31605a012377eb9c55b883
SHA512 e83fc2cd5afa1d568829eef9c8b03f340953dac2174b53f003b891cc22876d90baadf8147486b53045130a222d9a64329b36465615b827f6db744df39422385b

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0203_Deliver_Us_Mars.png

MD5 86fabbcc9d59607804cf0005383adf11
SHA1 fa6b9980fe70df0f48575e494d95ac4ba04fdf36
SHA256 c552b14a554c4c33890f97ef69b2ef68be5f251d5d28eb301ec12910e224c6db
SHA512 eb076c4482b80a7686531fcb2943431b86a64c613e5aef7b3541aa39727bcd6eae6b57f3b076bfdd3e3d1684cf3f0d4e6ad08823c28f622c908f8e95f7dd82d8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\0123_Shoulders_of_Giants.png

MD5 a281a124bd04a7789f5e3bf924e1ea05
SHA1 37b105ab6f49fbb2a6ea3f41d8fbc8e3bc5c2d43
SHA256 a76445901e4eccca3e7b63e5df54e6011d83a2403b73800f9a864adfeab619c9
SHA512 71ba939e318610b10433438763cafbcd9a775d01595766dbf6966a3e0bbcf8ee43f5efff13fb387d8fa706cbf2947ee3e38f919f8ccfd6a2052c8d74cb9e64fa

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\YouTube_icon.png

MD5 bdab83f1e851b83285eebff218c70205
SHA1 96337a82387252854aab22744519b16769b95b7d
SHA256 38e1ed3cc93eeda7ce0bd69c333f8519388ee643de63cc96b1e701010004fb41
SHA512 d419272c030a95f10987533de368ae17956f4a8e2d795e862ac9e321bc1b9489f428fa2cf7e1f971ef4d0151904d34236a5c24459923c44c5d8d0f1c71f8501a

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\youku_icon.png

MD5 7a3ec71244910fe36a32b01a5335efcf
SHA1 a7ef5f03590d42ebc6e5adb40b29b2c50dc31ed1
SHA256 64f8f6f8124f4950a0c13766f67673e8f3ea4832ff875bd36dd8cf80d8054bd0
SHA512 76d066ca878dc02baa99b6ae1e350bd048532320402aced3cf3dd509a22a387f42858ce0cd86e16f409481dce667c4afbb20d5342dae30f13866de34e42781b8

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\weibo_icon.png

MD5 6567d7bb741ce2cdef0ae9cb5ed56382
SHA1 7b70710c610f89afa4b427bb6d1eb7a69cc5100b
SHA256 5479c052c84d98b150199b9a3db31af93b26ab97c65de1f94cb765eb33c86fce
SHA512 6015250d56bf3b21578b421fe2d744e37643891aa3324789cf242526dcd73393b50e014d709f5235cd29414e88db3148ee10b98841f557b22cf91776a2296d5a

C:\ProgramData\Epic\EpicGamesLauncher\Data\EMS\EpicGamesLauncher\NamedLinksV2.json

MD5 fd50d20e169e1e353a1ed654480e6fbc
SHA1 45b9e541552efc84e6478073b9e713294dc4deb2
SHA256 9feaac0b95e21360665f9258373cba069abddcda3c435db7ec3a69abbc0a8989
SHA512 4220221af00f8d3c5a6c38846bbb9e0ec5736c8931c7572db2aa86ff419766a5e91f36628851e03db24f8fd55c2d141a150ee1ec75218ed2bc7f4ddd22d74256

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee8e8d9e77b52dfe97c5f166ecfe6abf
SHA1 4f6f6023af5c0bd516db5419a6d24201e809e63a
SHA256 dacb172357ddac9ac5b0a087cbffa0b84f5a9f63a32a6a8f89b6a8a096314116
SHA512 335f59e7772cf551de7356017dc066553f3f967f613dcfc6fce49b3d3a8ef90f0333ea181b4daebc357d0e6138bb0647819eba8b68eebf5433efb24691a28126

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3bd9e23369f7566ebecd97387705bcc8
SHA1 25d9c2934236feb4124d6314e474b9ec51af7d7a
SHA256 df720ad66f66a1f84c2c624f4134751fc33657ca60d1f28c4b8d32e8650f2721
SHA512 1d91467fbe8a23b2a81053933c044cc8e946463861c352bef03d61379ae1750f50f9b705909f92ca71df22170c27f24b29e1f351e8fdba026802c74fd566812e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 96186e3d74d6e491d95f1abdee2bd16f
SHA1 c53a53d89c84d8cc8e45da228cecdf1c588bbc9d
SHA256 179db5e4ddaa514f2bb49cc971a8fc10e7857753b3086b2eb60f911d5945ec69
SHA512 2d7ccd317c18e3d7f942ff1d5fcd715255c1396f96252862149e0208397bdbf1dfc8d8d4d467da925665e7554c133e5a985eecf94c9e56112f8414bcf325594e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgyglpox.default-release\activity-stream.discovery_stream.json

MD5 2050d8c2f8b7c886a91dfc1955ebfc96
SHA1 eb7740587e92031ab485d34d5d9380b6463e707e
SHA256 d63bb7517d7dfac364aca07ec2894e9914e72004bce9c59a7c65f6f2e5a3da15
SHA512 82a03344e89eb5cad46f123c7d63b8657061192924c39b7811c3beced13785442ed06c2c3a0453b1a5fcd608ab783ddc138a159c32610a2133615f9dd7b5496f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.tmp

MD5 78ab738ff191c8216f5e47ab29df3522
SHA1 5b11a49c02a800344ada585d81ff1695b978f941
SHA256 d9170d94fb9b9a554a104dc93fbb3b819eec617814be49a14d5731a5895b4ed0
SHA512 eeda9578abd0ce3b2e321f2504964bfa723cb16a2dd993a0cd3b97f40d4c13773c8131c1a3f813dafab438c12cf599cfbe08e7894f07c50d383d1b240f088ca8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.tmp

MD5 087df8113db371b1881afe8df75052c2
SHA1 ecba0b64af09ecce38d71fdf549cfee8c6391c42
SHA256 b68161109fd1e45d4df2b076f3861038e93b23ce93bd4fda3358fb14f058ccb6
SHA512 506f1f8c7832692858a726f1c95d713422acc30d434367be5fd2a2839c27bfc168c3d5851d4d89a060ea6006166e9acec1b82b360481fb0310275ff56d8eb58b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\pending_pings\5570eff2-d2c5-494f-bb29-4ace4e343bf1

MD5 b04dbf07ebc00fbea8ed6b3686d690ac
SHA1 ac233c0bffbc7ddb44b98d58b3f6d1e91a5bccd8
SHA256 e539895ba28e19ffe6816af4ff7651bab34d7a5a920c6365165ae6edb3f73b93
SHA512 0f8719300951e0cbfa6025fdf9d63ed766c2e2908092e486dc0a51deec0571656c9bd54eb7a8f32768f517b77cadafbff02299e18ee67de837504884aea0ac19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\pending_pings\ba0a6c54-123c-4f32-8598-2f47ea650e90

MD5 c3cfbfa99a307c8200fc349d2f643d00
SHA1 205dc055b949304aa8ab205c4b325292856270d0
SHA256 5ab7028986ce2e8599437ccdbee6017ee2492e68f5771fadac45d91eb37ba2ce
SHA512 db7a51ca03ec2befe8eeec5ba4f6e8cec89de54382014f5b703be88f0126c505fa0a46259dddc039dd27f26f9f45054ef83661e260688efb7cfe575d2c27d8ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.tmp

MD5 223e598da300baee5954bbc93936ddec
SHA1 c207a3c2578492a38243283904831ae37c5347a6
SHA256 d60152111bb82e89e30a0e2fc44d3367321b119780159757b7d36054932b374a
SHA512 0909dbf4f7cf0817dc51b6408eb5bf4643e390e1d4002f468abc4f3a5fc4a4ced05470d8de1249e040f77783788b4de40a23c63ff5f8189b614032c4ddb142f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7114d50b1fbbfa5b2a68031bc2787765
SHA1 5f948e64702266966ab12b9edef69a9b5c571ee7
SHA256 9ae12917dc5df7b54117f1ee0a4d486c324f7b60e4c7caab41dddf488385470b
SHA512 a985f398be97c13d335e9464d6e3a587db1661059790e9275e2a685d9ca7bf186773cc340f06da3107b6fd9d72ef2a9f23aba5d5344da7a676da9cb47953ef36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\prefs-1.js

MD5 91d99c10ecd2de5d877d8f846c9d471e
SHA1 c749e5998b2f2e4c67f69f3974848daed6ce2b0c
SHA256 ffe87eaf300b7268d8eef385877f67cb2d8e74cf3d1ddd444260316e71b03de6
SHA512 1423929eceed718046e9d7532d7adcee700b16feead064d66abff91f1e42ded9fd262b999e9b047ddc380f79cc75fdc0efcfa263208cf28bb79f6b67cc3c046d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgyglpox.default-release\startupCache\webext.sc.lz4

MD5 13f49d75f64ad7818c5c7593102cab41
SHA1 e9cbb02feae62ab8a4677905eecbb496384fe366
SHA256 9b0f2b6850859e6eda8d4b298a4a1a8e4a784a72a6b1d98e55cdefe0ae5cd5bd
SHA512 7da108d33acd863f2a60f0c24b2758ddc1bcea4a0598b8eb50a0e514a3e549baa61408f54e0131659c56f1ff1709195bdc1e402c331a2ebce5899d93e19b494b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c6c8647cbf09c4e617ce744f680583c
SHA1 acbba723f054acc656b0d8ddd1018cec0834f1a0
SHA256 3a709966a5c252dd1c46add48444f1fe05a45fd796d9c78b72ff8e023d427c02
SHA512 c53f8cf177f67f59254fda1e00641affbcae32d6c70d9785b30815997b65e21ddf1d86a76fe0eb0c58a0bc9b9e2d560f00478def98b0303c5108937d2a658550

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 795bb83323556d74a95d9913a89aae25
SHA1 0396897592e7224db25ab2cc23fd212552af8f5d
SHA256 5ee03b6ee95c83e4982ff1e730e00b543d481a48c0e34fe8e70a138e780a23e2
SHA512 272f32faedb81dee09eedcbff0b30eed85f6e424d1ad5f31a2a9e53ceea2b952f3bda789f4316216ad2429e39c79220b7a341aa07a83b98f18dd5b987c9e5380

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.tmp

MD5 ee40bbb29fe11f574ec078076013c393
SHA1 e0eb2a3764285f1356888849923b2ca127727844
SHA256 7ae42c03e330f1f78f38eee94411078c798478c16d5428f07f7f2e6563ce0c6e
SHA512 4113054635e565def5ebabde4ced4760581d17a44e1a27a0aff00d6bbd4d8a7628eac59484fc3c0a58701b64a5776a9160e05cf8824c7a18e67d932f52057a16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\prefs-1.js

MD5 cad67e5e722c7ccd4da80dd8493259cd
SHA1 e8281e18a83c630aa071b0c8c692f46799dfb2ad
SHA256 bd671a526d40baf81de12709013dbffa81cfbce84fba9034ce40dfbfae26a864
SHA512 28e18c746e4c974a47c7b5688cb436a2d7eb85773c81bb77402e99e618fcf42d5eca8149de173fa95ffb35b92fbae5023194a83b3efef9922c4e81bace819af0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\AlternateServices.bin

MD5 bc80f9c7a1c5b16fca01b57b9727aa18
SHA1 e27e2fb7df1d64ab336e5c29e3faf14b99d82d55
SHA256 f774cc1260605a19946cdccab07086704c34b06a15060a25f37e470ea1e99d4f
SHA512 09cee9cc5495f09d287a36319e6539db1860f791bddbdada55ff94fcbf3c66dad24d86d78108195111e2708a57bb26bc3149a3777bed467d49a6c81530496144

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 150ef14937e9151eeb39223c680b38f0
SHA1 0f08164fea816f86f9c2f53720633e7a592e404c
SHA256 d7f876cfe466862cefb4c55dbd725a62fa0d45cf1436f3a1b1b810204cc7d153
SHA512 72c69f25f261bd0b7e71cdad6b0519f6c10ee01a46773b4c9d11ea26424e23febbab61978d7d9d23c9888159550c98863330b60c7ad9da7fd6742ffd9a6fec97

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 c1f382fc69df634dfd8b7580fc45e59a
SHA1 f9c7e3e8574fb0389947152b77fb0175475601ab
SHA256 c6342a471dc9c39a9571dfb6880b9727947dd270c09f22b88bc979adc96f78e5
SHA512 e46e0d546f3e0ef5d608a261c069d436c42d4454582d8e009f0b75fbea12ff190102dfc2b7c8af172898227f408966c4b1832943b0ac39e4b88913d0ae0fc6d7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 93fa843567928d346c4900a25f9a8001
SHA1 2b46af3aedce9ff0784d08909f9db95023960f32
SHA256 e907736171665243aa938c975d1ffaa4a2f381f1a0beef449e4a71d20735732d
SHA512 5202d95abe9e8747b6bb3fac0d0ea7a59759b83959694dfec59c10dac554b42858e6c11443e4b98e88699a9b3c2025d783d2ecc95088b27010d630bf01bf4443

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 62f6efb0119dbda1f5028cf60b2fd29d
SHA1 aaeb41f9721fcbc77d42c2d976c9487e1304373c
SHA256 32f75af2ee918785aa323c11577029497d3815a09e9b8759142c3c39ea5c5d71
SHA512 00ad9034b50c355dc6c766e4cd2d32c86c8984c089498463d6a8192ccbd8d3427b108866639ac6a6022a00b028776f4a5bf46aff18dd2c591b3486513a47c86d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7fcc8a29e00b258dd5cab860a82658a4
SHA1 bd98c07fec6b29ab47c2bf030a361dd8ef3ea4bb
SHA256 e8c61f11e3dfab78ca450d6f8bbbac91233649b3a61f72d12da7b9298cbb53dc
SHA512 8a5621fa434054ecf16842594aa4823015d50112f86d9a0dd0cd5e90c7bb017ec0ed939ada0674d31e262ed414d613fd6119f7f6fc7219c557545ff35a4f96f9

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133591297392275398.txt

MD5 32364afab01145cd237ddd5e1b9090cc
SHA1 9e4fec6cf2dbff125e2a838adca7690f5f0c8e5b
SHA256 73730f83bf4fee2b7f87740adae58d2a72e33acc9774cf9ca504b05330fc05db
SHA512 74c292f909f91402a72e392444a1614b49854391ab31df177ffa49631c621076d549cff847f34e5060a2ecd080d51453c9cdcb4a7f08d192b8138e2f6977b775

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 4566d1d70073cd75fe35acb78ff9d082
SHA1 f602ecc057a3c19aa07671b34b4fdd662aa033cc
SHA256 fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0
SHA512 b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat

MD5 647ed2b4b8046f5b3cf67b3ad8180088
SHA1 8c3a98366bc6eee3c047f6bc74e998326da7c2fc
SHA256 b059bf5b5b83363f577b216648cbef3a021ff8f3a3867c260481fde4710de912
SHA512 3d5a2b346d2065a7da9b63575e15cf1f4bbd8ffadc843e3db1e7cef64b6a84246e3753232c0a9dfbc04355794b3df1f2be3989ca03397757cee08cc84a369511

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 ddb6949a86974769cff2bcd7d893fba7
SHA1 fc45f0f42216792a9176bb7476b47559dabb039b
SHA256 3fe6fa1ecbd9d3a3eb924cb753562460481932afff672ba96a6d38886d28261c
SHA512 051d70fd73cfe4562359e2809c70c50c9ebcddfab5703b37768881adf2ae8931d6f7d8904adae8181f7883c0f23d61bf6ea5bbb4e3ad4fbae26f494f64feaeae

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml

MD5 70b5473b312fd9668a64a5c6884f8b49
SHA1 f853e17c23ff03ac98e08b215fbd7f038548c3bc
SHA256 666459ed16a451d55482fac8108ee0e2dd81029ae4fd4d3d399d23c237aaff02
SHA512 493d126a1f5cb8e2c83c8afb99f2d8c5f4dfc91b4c03fa6b27d627aa25a1afd3574273e7ec146854d3b718ef67eb2a8cea658d7ed354270e3487c59b7a44726a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1a6e41e95a5b26456ec7a9bee91615a
SHA1 a5f84d9940a02952344d06d1af7ea5624b9a85e1
SHA256 62c964257e53276164c3fdad1f5df1ffa896e8961f0c8ad5e9184c77b0276ff2
SHA512 e25d858e2a84b9fd6b5564cb08dfe1a6fd88b26d432e64d22929fad1d7d8f7cbc57f1825001a42f04a141f131dcccc5c4caa68fa5ea254c024cc7c06b4787ecf

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\ZHF61J1F\transN0TJHYVX.gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fa2c09b632647575588d5a27ee65d26
SHA1 3195bc785dff3f89669cfeb7518cc181d7726bdc
SHA256 ca3b64d0217ee04adbb7ae90fe05cd6c7231f67e956ede73efb0a2afe437a45d
SHA512 303d3d6b27e7321f0d8ab5c53b2408861bf15ff3719fa8d193fc4594d16f7e7ada0263dd95d3397eba2887d670f0977cd3957c94a23ed2a75899b7fe28f86756

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 32e17b26d5bea70577a5360205139cb2
SHA1 ef32d57450652febc56008887785f15a9ce46887
SHA256 e7f5cf85132b5c4c98e977c97c346df79d4b6923f051dd05091d986bf91f67d1
SHA512 fe62c1e46ed8b239cc30d94b00923f10c261e6aef4e9e48f80de0f26d1047ee8056558e8d2126e357e150a38e070e5f0afb2eadc0062ce1ab2924cf7e37025ab

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 6df90efc7f6b7d05a4ede1fe957d9d64
SHA1 414bf6ea87878f7b00db10317a112f77214bef23
SHA256 096b3369c41503cd7490aeb5db6e78edea6af4f25a0ad88d864dee36e6b3951e
SHA512 1e961558648534dabe3dccb8162265808eb3bc1f265ba3b872fa8c6a4545056b1ca737471fed2877744b067501c72debe56e61ccac033fa6b31fa97fccb3f24b

C:\Users\Admin\AppData\Local\Temp\TCDC064.tmp\iso690.xsl

MD5 ff0e07eff1333cdf9fc2523d323dd654
SHA1 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA256 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512 b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0cbbfe3051ae6657ff6a837188bb00d
SHA1 adc8b1f5da48bc236ba3498c914ca99811937645
SHA256 e6e952912ba5603ff40e5b4d1b2a7c03c97e4712e2ab3370aebbf842200c82ed
SHA512 704810a98f385cc13594d9d48530d72a5c97c51568c1a28159e4854bb8d803193b5780cafd73e7d0af45b82b7edbb082c593316bb0ff7d210c9c1a2d193b56a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a770d76f6865acdd0d3466ed1be02dd5
SHA1 c4b98bbc0095471a541649d7bc7e8dc36e912524
SHA256 5f9541f3ab91621decab042b3f9126f3660a22e2506e1a9657166ae33353b5cf
SHA512 8382262eaf2af943f8f7b4b85bff73ed92270893c1327801464c78195e0f1f3cfe528515fe02037b4359feca9848511057e0bfb152dc8d57e85cd5e9bef8d1b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b4e2ebe23714031cfc584615f159c44
SHA1 311abd4c083606e0734a556eda4e78cd975d7ee4
SHA256 ab8ec8c8b5f8cd1e5c00cbc789d4ef4e3fdc9cdf8498a5a204d0cc75ca1d2743
SHA512 75a1b066c7e6ea9b8f8e3ea7ed26e1c61a6e82c5f0a092f619c851a72f8dc9481c0ba38b741fd295b536c2a2d025dee8b9fd2205893fad277478508d1c411453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c93f38eb12aba96dc184ab7821d0ed4d
SHA1 1c4ff0cabc9acd9d6983155acf26947da741b609
SHA256 bd9eeb11ca96ac052779b65c743af8cc3cdf29cf80de1cf9407227fb3026a1ae
SHA512 4f538204193dcf79fbb049015e50795307e1c229eef33d05385681bbe45c9699ecfde45522025a734984dd3e1cbac9ab96a8737329da718dd1685c75eba7655d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000129

MD5 af7ae505a9eed503f8b8e6982036873e
SHA1 d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
SHA256 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
SHA512 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ba4714b76721bf5f84a9858f2e887636
SHA1 47a8ea59739a7376aff7344aec6c9d23c44a7b0b
SHA256 faa9647168b34fda18b81766af2cd34a116fd114de8b088b9461b8e564981efc
SHA512 1396d0c427c5a8be3b5f5ac1281a84fcf3d67f02df692e74edce08174655446f39292f5d7584afc7552e4bcdd1207c6bb816e294bd98a5d24c19a57c5cb80ddd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4180829f8fc36140638fac3a75827e81
SHA1 dbeceb68aab4183bc5e8371cc8723225bc43c1b5
SHA256 ddb55ec9cee810c456de5ccd9833ca677f06658249f1b50727c1f01e99cf605c
SHA512 dc4c3ae9ffcd33d3904ed9c4ebad6bf876a5f0cffc1230ad35150db2d615e826df319fe5883da19e899f6866ce1b4ccff0568a2f29a88a4ddf05ec091be94c00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d7006c4f50afded82adb99d67038b7d
SHA1 c94766f393aacce7c5f2556b1b70667faddc98c4
SHA256 71789e6672c304be17f21fdb1a9cd07b267b633e4ba3961d90a9b602879f2a30
SHA512 98c5609bfaa76c957d1a7ed38e47b32675cd5a445280cdfb4191afe34ff16ad7d749736f894e9eaa1aba88715b61da9c33d77bd11ecc40c068709949b453beb0

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 2d014421f3f968d801d21b750aabcf4a
SHA1 a03cb25b0b59e56dc3bb2dbc28c86062fc22bbf3
SHA256 2058b50afcfdc30a8bdf83ba81719668c672aa7ee5ea6587b43bc453cb2f554b
SHA512 e7bfb479452cdbe3501c391b658ae3a904e2eff4bc289076739334dd84c1eeb721962758c2f48fea8783566d197f7f8d4083efd83f8a6203450dab0750ec3cbb

C:\Users\Admin\AppData\Local\Temp\{A5461B45-6422-4C06-83C0-58F653AAAE85}

MD5 f4e6c807a60d9dde2d855348d9981f26
SHA1 1c11aed899b7687b0a2ad744659b9ec4eb84cdcf
SHA256 c521c54c42a8ff92f7ff64283605f3e3d866d58316092277b937b16bf722075f
SHA512 75cb1be4ba392460768728008990c15009dda2e5a71b1b7d3cdab8d48ec8516847701e9716adb4cf3d0b550c48cae677c17b022973b232e7461b26ee93eaa3ad

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 292389c38849398b31030eea4dd6a9e0
SHA1 fe1a6037d2f74f19913e290c335a5077b7c5fccb
SHA256 aa8e907ded6614c5a023a3e0fdc56dfde8d261d5835e91ec1570a4902e2bc2fd
SHA512 8979eb0082ee6ce2a4745c07dc1a736f2545720a32920bc24371ade6403845d449e6549efb44f36951d00e333bff853cc1389533b7ad37f25e74943d14abb9b3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 a7fdd0be916af089754eb33bdf474d56
SHA1 096201980aa6710698b388c4b8d01040801b42e1
SHA256 4b8ad30f2afb5b1c026db7d48b3af2986d1f2a96af71de82422e098b76589995
SHA512 dcb3b05e7c3fec56f919d9111b45666ba6eeb38d913ac711656051f28fe343d4db4f0388e421cb034e73b51b11ef22f8cdedff4bf1fda1b3fa0d5c7fd4014e7d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat

MD5 e243705ddf4f10ee257db9276f28aa4a
SHA1 7aa28f0ea65804181d985cef3892a0ef8269311f
SHA256 4fe74e5c665c9fd8a3a7e05a6108d9767265d43dd55eb43ba489ec33dc3dc88d
SHA512 5e927a9b201b5b04890bbf6c1434c330cb5f9e6c925a5fa7bd1690a12d147ea4d7e44aecdafa99c8c410a0954d84742bb28aa5be9264f2c0d0ba1e6a281cb8fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fd

MD5 f782de7f00a1e90076b6b77a05fa908a
SHA1 4ed15dad2baa61e9627bf2179aa7b9188ce7d4e1
SHA256 d0b96d69ee7f70f041f493592de3805bfb338e50babdee522fcf145cb98fc968
SHA512 78ec6f253e876d8f0812a9570f6079903d63dd000458f4f517ec44c8dd7468e51703ea17ecce2658d9ea1fdb5246c8db5887a16be80115bbf71fe53f439d8766

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 311b4c266f74f48828e43900e01df6af
SHA1 473f6730dc51368a935d1b6342fbab3a0d1f0b45
SHA256 f6849c2503650e64275462a0f6cebe6e2ad16eefbad8a04a259ec130d6f7c49f
SHA512 73e52a903ef3b5a70e91a38a9ff238d1a5e237e74c71608b426d4c667c52d9278847ee775e5c5bee48fc8022a49c4177eb9022e40e63a4810512da0716a3d2c6

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 24f8dbb27993fd46387e04a5197b8792
SHA1 37c4a539f8358a28ea562788cffec955e9cf470f
SHA256 309b3197ad6bd6ef9e7a6ce4871959557e15570cbb329719713e36e0617fc200
SHA512 72d66e526b7c65d7a08e7d85edad679655f301f4bbee16820a6a850c6c441f323a5fa8f58f844f1d104f31f8edbd372f403f563ef9a1cebf9c634757e4e2b21c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a2f217b3-d875-4144-8487-9514830269e7.tmp

MD5 4a65743012260678ea86aabfa1f7c3f8
SHA1 e809921151da347f09172c402f6f45970e2bc769
SHA256 010b606385549d3c1c5646ac0b6bb1ec597b2a246a2b1bcd67ac3896c8ec836f
SHA512 bdf73f24b7c251aa82aec6006e0928ccc1ef3f227da03c77508cfb14f0f9d15ee350faf1f1d152e1195e1925ae4dcb15351e04bb8cdb587e9c87fabd58ab7a19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fbc6ad6fc1a1931b0899d3675ed2ff66
SHA1 ddf2bb40711317654e40d4fb25db988eb9ba45c5
SHA256 4c73f042f7c4efc848a8e8a24e555b8df4e578dbdb09c2e04c50657161557a8d
SHA512 95c9afc181867fbbbdeb3a73dc232b65d22535be13feb7084d60fadbcdb511908c5793c70a72b78da4ebfb4035ef5faca8aa421c745fd63ba1cb68e960fe78de

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 17f9997ebb3d20f9c2ea642dbd5ff52a
SHA1 232a18dd705a43bc103a9b6928e8ab8cf46ba4da
SHA256 081b4134099a1c9f90274886e1ce9f8ba2493f5171eb58024a5019eb2c174f45
SHA512 dfe15f5a1dd0a64f10b4a430c0145357383d801b81d943f62030d6c43070a3df4cba74b8558e86f2b90495692b6cf467daeecf231039c6380d6d64d57be26edd

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 2d14a308ba4966a51c603809f2f5a3e4
SHA1 38bf5221df30e66ee80e0be95bc5c12da9755c66
SHA256 8507077ceb990bb20c048c5eeaff3cbcb5933128750d620d49a3d0f5f8e962bf
SHA512 21ee9eb04084ffbdcb8c6fc80d1b618668f30d3b81361fcabd591140c6e2aae59626832af158ccc57a0be9af13312c4413f100b81ccac19b7b79707e6edb0927

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 425a65a40d9fe0822546239b3c816d45
SHA1 ea566ed20c4ed7bf3fced524cf892b2f77a749d7
SHA256 011631f9cbaa368d5af385dbbe6e2faeb2b4618f977d0380fe090fffdea8beb4
SHA512 0d29b33a8640ccf7304a831e8d7c2f941e95d9f93c33bdee76742509cddc8d7dc7da7f3ecac5e0cdcca2ae48807af6a3b6ebcbee0b3241bb900cfbe6c111398d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5fad2433d6284ff6656d984b4b376ef0
SHA1 80ccc6ca6c2fa5b8c2c263e8f380a5009816a7e7
SHA256 7438f52c1c91fc252e5f422e203d8759472e94c3eaca50db3ca9ca350df693ac
SHA512 b3d13981b22b51214a190bbc896149cacdd260407f9ffcd1cc438b40c8edb30d98f13b79ba53edb8a553af2d9c3a1bbfb4bdfd31a605dc3691282167b0948490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab0ca0236664d8bd6e6886ad80ccb0da
SHA1 614ed4b24663d1b1c4806e53b0cf57fb95480560
SHA256 905a73ce2731a21d134f6be222887a073c65702a5c7680fab19581a34919ed11
SHA512 5ac27020699709e2d4f1d74086207bdffe00eec2b0f2d7201161ec8da952db6e9b45489e504285ba6920909b197a496cb33204149acc210f70453bdfab29b98d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6c42a1e9b0dac6d7bba3cfaed53eb30
SHA1 c01785dc3a2e4faa14cd8e546db60187bf3d6909
SHA256 e9c7c1b877233c6d4dec00a32d3dc102025576c4f1def8f5cf5e80106c1885ae
SHA512 1ff4ee9543b32b3e13055cb0f317c3d305415377f39c6b8814515b19d5dcb5393e5e8ce34f285b7ce21dffa0e5abc6d0da42a02b1020963b4212e13284ef856a

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 adeea2cee4469dce227fd537be34d4d5
SHA1 452aabb222be6486e92a3facfd52248cc32d23a3
SHA256 b931e8fe64bcd51ec15f560cef3d6796b8dc4fcf4ea85d024bc12fd73a696b65
SHA512 d05d58dc2638e1aee49a4e96f4004a98b512cf261bc7752e0e9cdacac5a99247d55f662d864f79f5c5c2251428a50505f3ee855955dffe9c810c75017b28cb46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1567a9cadc119d4683faf6eb608a5c5
SHA1 8bf43de08b8ab3dda5047c0bd518c10f618757e7
SHA256 3bda517bba61a25231a6ab487688e33337885918f6169bd86f00fadd335d52f4
SHA512 169737da4f79571e6a0f45b36854a118d39a52d1d1a97ac720dea83a2a3737582e7350fe38896c8229b32e3513a1298327115dedbf83ed313a5d8492813801a4

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 e798dc62ab8124abc511ad4485acff5d
SHA1 8921df261644d91182868111f4454eba8711dfd8
SHA256 0a6e9b1a13a0d3f62afc874373e8b5c44d2d0d8cc09823f89cafe8e7aa7d34a8
SHA512 3287aed0cd91c68c0c9508947d0c279a7aab607047e53489ac03ad2ce2898df393b8ac7a76eb928f742723838956d0a7693a7e52fae16bb34e66351ade0890b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a1f7f8414fc5b5d20766380ecf5c5c18
SHA1 2f416ccd30e76db92477a8a4af747e41ea003b85
SHA256 aa93e0ee77a389ab0b9136580ba1a0819724124eb537edad2611862eccabd046
SHA512 92f8906544aeedbaec42d086479731629e82832940beb0ee9758fcbdff97131091e8e107b24e758a1daa864e6c1bd04761c5c6bd80dd9f919adac589c07a2b3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f4aeda8a4a670493fa1127c1beef09a
SHA1 a0dbf76c7c2a436e1883d286ba5b39865b8e3f44
SHA256 13fc3a55cdb9e38ed6ccb03d9fa6e9cc08e91821b45abbe4b08aa0e66254e1c5
SHA512 c330d42d3e96665f1f583caed5fdbcbabab697dbec2fee079a17fa6fa77fa3e36236da69427563a8528bc6620b5fe0b6227d224e7e0cbb007857f81d5d7c67be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 072da122cbb64ce5fbace800fc4d2032
SHA1 545bd07fac248dd2a92cd1ef3b90c872956f0943
SHA256 c57ccb93873a0c83678189786836272045dc7fadc91fe45161633879b106a8a5
SHA512 2f1269276a6a661612000f8c4e974a8bb4647905b9af75a4d551d3866752d40b9b220133d14a268edcc24647117f87428889485c84c6832d05aaf943af0a2f2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60de3b2ff3e9cd1e87c84fe09fec88b5
SHA1 de5a7d72a4a08f1460ed2dfcc40f2e1c41164457
SHA256 99d9eaf964f5bbc6cfdbf8d87c1f592738562d92d4a9b274fb92daffeba49ac2
SHA512 85d345a16552c158198cabdfb07d13ada23d070e689ee3c0d31917385bc31ee5a3abaf827f7259bd7ad88fee91e7458424880eeca8b56f6f4fb0fff21edc2afc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2287303e2b737fb1f7e2b70a5549aed1
SHA1 7fcb7dcf93f11fb252ef4f9b376c99a57cad84d3
SHA256 4efcb4248a5bc1fb93a5a0b623432938c7abe798ae6a731a67da2f17c3c576fa
SHA512 60f68a3bf62d8bd5272c3bf86a133c1cec6422da2e8757483707ec86ba8eeffd21d25ed05d17b9554e33e4baca30182bb55dcc47f4da8fc90829b51468f53c57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f34e210e756c29a05b88020c92e8cd3
SHA1 95a2b6f271b925f811154207c96e8b3e2f052e0f
SHA256 14d7d5a6e9d2d6e1b511f6b25eec6229a8d6d126a7ae8b0fff2da45106adce8f
SHA512 35457d2121d4483020feca94ac7a8d9e9380abae7de81cd06c905e9338e06905be4faa1eefb48a7837fd3261dec2deb93656f90f7d7a84779a87dfe818611c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 988b65e99e4c3593eb3e7704fa88dbf1
SHA1 cc7f801588b29035059a82a0762680d120129c7e
SHA256 111c62465b2835b8033be399bb407c5d3777b98a8f53b2e4461068f10786c7ba
SHA512 6db6638c93b0ad44d9650cd1d565f37ebe036c600af9e4c7b2d5b3838199807525ef8ee4d91c0cda54c9d46c9a04af4d39b40032e97e7e855bbdeec71b50b23d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 db893db290b83f1ea3103d782eab1d0a
SHA1 7cd324af99395d19058b9dad3ca1353d21d7ca36
SHA256 28e1c63c7ffd3f6adfefd8b1fbac3480f06f65a359a318a203fb2ebe6bfb1a5a
SHA512 1eadac51cbf832a67f410cc974d6fab86ac01072b6b90d05273e2dfeed8891480e6e694fc42847c7dc2ee112ef597335baddfbbf8db6077559ddba4ee90349ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58324f2e062e9a77cea6d53a68bda621
SHA1 06ac0701bfcff803c51bf3a9ffc8c51013cc95e0
SHA256 e7747b987dbd4f92bae4cc687f9212a569ae5ae43f69cb56087d399e607af2cd
SHA512 07285131d2961329d3b027b7f0c9642cbc34eafecdd9f779cdee2e77bb8b383c48cd0aaab2b32ce16c3873ec7de7fe21fc523556717aad59a1a6be961f216638

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 00a455d9d155394bfb4b52258c97c5e5
SHA1 2761d0c955353e1982a588a3df78f2744cfaa9df
SHA256 45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA512 9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 e6eca326de89d1e51b3848e9f2febca0
SHA1 ed8de2a5882130f76e1bf541e6bb60615bdfddc9
SHA256 a0f3409689bbf3305e23063233c504b8e45ca4d7e8183d38d87900bc505b3173
SHA512 43e0d56ea2d465863449a16009152f043850078cf125192cf9d2fb560c9cd5715da111134056f3a68281ab5946ae80709116559b508f258a49f1e47e9212194c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5602f895dc5ddc7b6d90252a2ae83fa2
SHA1 00c7dd3efb4b837f91bd79bad2df6057bbd03992
SHA256 074801e75bdbf8feef7ac49af6f82e35344fa5cbf5bfd753817c3ddca58f3419
SHA512 dc0fc3cd14e83f406ca6d5c064a18ab76354715c9461805559f6fa34268f7ace77f8e41f49e71ecfc1e857ceb7c1fa3e8868243738799136a7c000e351745f09

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 369132e0fb946bd689212c3cca693fc7
SHA1 c69e846b347f9b267af4a5bc10d0d1cef9def28b
SHA256 25322467d8228ef2a9f026a283296fa22c9c2be3eb0630f98df2b90bb941d363
SHA512 30ca9c8b65c3045a3c768cffbc63aca94df8155ef1eb0e87eed596544861f23c892236d23021ac16ba6f74822c704afdf609c2636dd983f0923ee768c46c013c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 3dd4d8ea163f63be76be903e4edce563
SHA1 83d84eca0135d2e3536dabed65632c008bacc673
SHA256 a2eb3775e6535d29777b66a3348b3efbd7e73f4d6a02a286f53d37acc0bd485e
SHA512 6e09cdb6ae40c9d6082b30f22e5bd3980b3474405189194bc0798488a58cfa6d849024c83b8250f39a03ef7633c50a70044eefaf9c5aa423af71e3cf128ede6b

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2QQPYVJ2\update100[1].xml

MD5 53244e542ddf6d280a2b03e28f0646b7
SHA1 d9925f810a95880c92974549deead18d56f19c37
SHA256 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA512 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 fb4aa59c92c9b3263eb07e07b91568b5
SHA1 6071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256 e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA512 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

C:\Users\Admin\AppData\Local\Temp\tmp63E9.tmp

MD5 5b16ef80abd2b4ace517c4e98f4ff551
SHA1 438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256 bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA512 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d224b0c8123350a454fa98503498a251
SHA1 402b93296293ca120cdc708d2863a525e479acbb
SHA256 b1f58117e8785dc78d51d9597d2094d5dfb027b033cd6cac5dea7bd3913df98b
SHA512 6ecd511c2d1d1f3c3099d509dcaf607e19d16858671f89340dbbc84d086d070b0dcc923fd874d19d2758a3307f09f6b746f0bf2405ed3f90c485622b8d818652

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

MD5 c2938eb5ff932c2540a1514cc82c197c
SHA1 2d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA256 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA512 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

MD5 9cdabfbf75fd35e615c9f85fedafce8a
SHA1 57b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

MD5 57bd9bd545af2b0f2ce14a33ca57ece9
SHA1 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256 a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512 d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 5bb5d45f0fd0a8010b7be26fb786fa79
SHA1 f1386bf881016625cfeeed2bd5f27768a8472a79
SHA256 ab9ff678a073101afd28d868e7bdfab87bf8a204ce8aca25a662c65975f23636
SHA512 abda075627f0f0359e66fa6553ef80dd69e2bf5a7583da9aab418ad5daa9c265e220454051d6e2af94176d0942e30a47d3a6e424682c2bb1b91ec8af498c7532

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

MD5 72d8b5424575ec430814804428fab878
SHA1 35fc9b23ae4a7f95e7d7cc9721b60a1057081abc
SHA256 3fcef7bdb1b3e9113eb230aad2225f943fbb4ab875d849da5e810d47c78c9572
SHA512 53610d3d3bda0e2233ff5213c57f5d230c4c3b6a6108d071ef5f8c5fa6d55ffd126cda1097b3a4fa0c69d6ca345b65ed23939ac4d7c79e148d2d3e4cfeda32b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0eed8a6e0a033914b9821a8564e7d55b
SHA1 f0f6da58c9aba1b7e846d2a16ab67dc04490c389
SHA256 553c908902c23f087a011188bf52fd1e56ffcf23e6dbbf50b83fa7a03535f264
SHA512 2ac1a35eb67764ab0f6ba6b175fc3460ea0c70717825eb12d21a1e2c69a633a609e649cb8441ca77420ff39780a401529f25b5ba8c8adda577d4238ad22bb293

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35f308e46d3c204f7945396817211362
SHA1 14a684e06dc4f2058301428fa5444e8c368af31e
SHA256 c2d4b1d0d25b393ab897ee3ea621a20b8c95de99eefed8c5f03bc256bc83f52f
SHA512 71d19090618c0cf3e17607bab9ddcab4bb317aa6757981fe4c91fb9ebf573bf309e2aaa3ca1e272d9b583fb2d79eecc04be1dd404bc4f99f30c92c92777d9ce4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a6b2c87380e788c491a3b9c93def002
SHA1 46a530eb8b286dc66361695c48ff7875f553d046
SHA256 a6e3437f0323a743ab0f554ed3056daa7e4d975eadd3622844a5065c15457d05
SHA512 c9a5ead07fb24cf29ad0d773ac7e11a389e27c849d32aef560201ce9ef0cdded9caabcffb2cb72ffc77331b0c8d598a2ea1836c7350327c20592125e236608f5

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 ff060e5abe92040fca96a7d2189171d6
SHA1 609beda29cacd640ad51daecb5e78f153f5a89a0
SHA256 2ff8c8333251344ac48952101fa12a3d7b2b273784593466effb2c06c8c57229
SHA512 157d534f0fd41fc293ce2a97c9ecdbb2f84be258e1345f3ef6b9b59f22df9296e036234da4d92ba8abdc8e1fd5446276196e74904ef668d4a70c21c5017a3325

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56b181fa5ea097d39889536eceb5638d
SHA1 1bdf16ddaa4db4e214e576db0222d355a60fb404
SHA256 23f90ad02517451fd0a982778f6675c8c6f10479c5d9ddbbaadd2f126d5dc2e0
SHA512 285ba65e7d5ad082b85e493f9e2917bf95ebec694b4a60f35dd26566da050c59c5083d3f6c250ccaa16c489a2218a837c3c03770b058bb11bcd8606f0ac86ad8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0af60da0617b681d5787cbe95929e70b
SHA1 6a0307da8be8913504b1f1017b836163d648f7ef
SHA256 e8f22d817cb197cc7553a3cb2831cb2fde281f0e12af435d759a33159c79c205
SHA512 66d22ca82194f96cba372b4b45c51c441489d607c6d7b65ea0fae634db03bc4853fbd26ec909cdea21f393229a46d9f1748ab4a2d92a214f7c2b84e61833a40f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 87e37ed975a7f619ad238ae58998bb24
SHA1 dbd5802d6565c20a9f0cba66da1ae901ddcc52c5
SHA256 5470294283fb50b106e2028cbc752b53f8171b5a91da763fea5adc63ecfd209f
SHA512 549a05a64c5bbc03241b28c4550d0cde91da247f0631328cc28ec1f3bfec377979f5079827f7274ce0f5416a73c49d54b350a689c9cc22cbff77d735fa1045f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1885e22c112f20ea3f22b77e31d5acd5
SHA1 bbbb51dcb47fcb04651314b3083ee3766ecbcecf
SHA256 6b94d6ab9fb0fe626aaf68f715cfb650a57e2361e35c5a6c8048d6a19423d437
SHA512 d7952a33f725a50400beb2fb67f1043512775ca1d4dd63265acee40f42e08a8edaff612c7b3789fa5aeaa4ff2105f423035b1a4f953ec9f7fe709cb5bc77962e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 399ede3039661ec18a8907448d1bf90e
SHA1 8db4acf5866101dd8a639d5af6b1fdbddfe0bc7d
SHA256 6dc4d8df9bdde7197bdf2e4256e33a89d746b56fa86df86e9459ab621232440e
SHA512 7b3c0f43295094a80fe3ab5a8e091f1bf2932d9c41193a551db8e11077b396328cedf1874cc278477b43bd601f69dfad573d9899fb71258223973d4ecdeb8535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2a90e9e87ae82038a025c12c0bcd1fd
SHA1 ea283b81748d3bf02431ed1ad43f84220c83251c
SHA256 9bd65a3e3390a4e7a552b0fcf5515a7b8512a6fc3c7b290198b9902aad62c053
SHA512 913cc64c5d7da4f4cf485c5c1997d467d06634dee8e944ed1c5cf8a2787e7700c62a414c2cb7238aab26835e275c868fb12040f1242435a57613a1b59d793a37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 72a57c1ba369af6e7bc2de5c84edd10f
SHA1 6f974c0cfb3f8ef8e244fb5e31b4c433a6cdc97c
SHA256 6372dc363ba8cdc1f924197643e71d20f507cbbe80f00072f24d0b93388ef294
SHA512 8bbcd98a0a6880f5a37335ef0c95cb3078d38f12041f8e2c8b84443ab9343c52ade8bcbd4db961c8b7f3a57ace06d04748f2a0bd8f3b93bd92f84a46573b00d9

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 edabf5f73a767a86287f29b5b8b64c63
SHA1 d44b522c46f53272dfebf1ccea12415f3186f5ec
SHA256 b01c5b992482fc69bfa295cd7d4317fbe7afe69f493896c780d9876dc359b250
SHA512 46df9900d2ea050c113036627d103a3c27e8b4e7ce2eb0a27ca328dc4cf570a27ed6758230550a565aef2afc8d39c2820e62de9e84a19972c0579145e23a1939

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 c169bab27121f5509523cb129e12bee5
SHA1 e7fb5a7b3a11ff052e9a46a4706162c59d8462a7
SHA256 4263db9e28e98bb14099545d0c19d1bfad207a0433409e6da815d14ffe7a47e6
SHA512 a340000cdabe3db477b965a02952f313ce400f3d826218cb56ed4fd2442950b18dffddab35fe04a46672db23f038e53fdc7b01198270b973747a5cd1e74f3a34

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 add56ec49f8f478e84a934606effef1c
SHA1 1262ae87ef755e40752740df90d21352d5fc81ec
SHA256 22e509cf2b7202fc6b04c3d9a1b137477f11471d58a48c1f9514f89450217327
SHA512 c095f193d221696f3b087c3f224a559ad0efe4852a5392c8a3ab03f80183beec2a8327892aa481c85f1bf8165b76a029555f250e0dd5f396c823feacff4c06f1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HVLTWXS85T67S0CILS40.temp

MD5 4fcb2a3ee025e4a10d21e1b154873fe2
SHA1 57658e2fa594b7d0b99d02e041d0f3418e58856b
SHA256 90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228
SHA512 4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eff5e6b09ea3ecdc80559ed288166fd0
SHA1 c5d31e6612aea1f57060c101fac1e87a8f35b9d6
SHA256 6512e7a815bcafec043d22fba722487796815d5ab19ada3368dde4abd5a12176
SHA512 ccf884345f205a5010a7a364693f735dd27205988f0633e97460ff60d2437aeee8cb8441a788183630fadfd35cc2ebf047998746bd6c27b35b6f3cc50da5aef0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 f1411b9d954fd08455a9479229262f8f
SHA1 15095f05018a2c4fe6b3295e51f8dd4d09eb0f72
SHA256 6ba44e00de20b967f531882295ad0cb0ec0b9d1c65ad1e5da8ed3916635c18c3
SHA512 b36945958b170031d0a61372652e81a30e6fd51d1aaa114c48ead3bb2e18bb2cb43e17087f501e9bf085ff421d4c5fa847cd6db29b5ac4a7a7a4f634caad96ee

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 35375f95b1430c8b11ebeb931fba0dda
SHA1 5122d139ac357db969c191b941bd479ceb9dc59f
SHA256 fd5691afe44306226fa973037fe144c3214867067cf88cb2285394888d959d5b
SHA512 b9043a4d4470ac90f83244a81fad5de8944b83ba1e8ab6bbc7d29fb216c2ded74bf1c7b1ca8c84535b989075660e83f676e273a1b524f9e5dd8e04fee412cc6b

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 57e8c1c8b193f1bc6b9312eead30b083
SHA1 49db3d809918f331eaa0d922375b2b2981c4e1eb
SHA256 d90f718b686d7f77a3b21f5dcac438827e8b800381b285873e7ce73f36885d3b
SHA512 f4cdd9fea3113a89e209b9dd70c196212d783e8106ec6a14bc684d05152b8ed2e0a2d1f6e7d33b06692540eed8e87ad9365e47bd1c4ad3e0ca9744bbe0e5f4a5

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P8384BRI\www.bing[1].xml

MD5 803b046689ff195a02b57c839f88f8ab
SHA1 799e9a4ccc67ef50c37522ec206ca2f05f653f47
SHA256 bff64c905938b20daedf2ee43cbf06ce45d674d0b4a8c97f7b5f2caa0b15dc4e
SHA512 bbec390d6f0d485197d45b533823b966fa03fab74b86261978706cfeb1c953c507c1a6b4d03e68af1af3175c3dd6b1597dd2a1866fb4bb548860a2ce739b9c88

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 272e341f8c47f0dea0f6e78e526227b3
SHA1 7fea55626165b121a9763fe2961eccca9788995b
SHA256 3d5e1747bfc22dda8138a434750b0a4a184d9b31b30a90e7b9ba04ca3f1999e6
SHA512 2abd3bbd7c5866e4e638658efa09c88f98c95424db00abc9ac895bdbc9aa77436269deaf2801bb5dc64cff7e428b8b3eef168d2cdefb17936cc4e3040a2144b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\datareporting\glean\db\data.safe.bin

MD5 d41cc8d5a24cfdd07b8bd38960c48797
SHA1 15a8bb2b10ccebf2f0e888984a75a906d99b2637
SHA256 457e26e2bca12784b482c7ed6d73e81051cc7a7168cf669e125660a75734efa0
SHA512 0d774a6cef76a96a37ebb24b8db067bf18c073b213661ada782d394645047da9744684919dc841a2fd6dc88db7081315b59a6e0e4b5823d2e1c69368c6d0e399

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\sessionCheckpoints.json.tmp

MD5 648ea624280e409ac3a7f120b5e9000e
SHA1 168bd9dd85eb0603e0db6bef23a0df64f916bf83
SHA256 ea208bf36fe4e150165db9ff5972004c6f468114058d6dbe5d0350f85e8fc08a
SHA512 49520e85cd86cdb0b9fcefecaabc99ba3915ed5ce0b622ffe752de94df6d1fbf3f2fbae13ee18397b32477aadfb23280e42be6f92ec1c74feb4f246c60eb7e32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgyglpox.default-release\prefs-1.js

MD5 5d6bf447d97c5df23a887616c8285155
SHA1 0d20f9cf92c96e83a19823ab2f7726bb2bc256bd
SHA256 cb9b6eeccd9e23a5ddb92a3d2766b68cd2062a35095e89575a12f9ffefa10f6d
SHA512 627467dc72f6e876b1b7447ba62e073e343cb48c9ba71e47fb9f4264e1bcfad797af041ff00df8e341ae7aaf51b27c8350c3051c9362cb30c56ec2260f1b7852