Malware Analysis Report

2025-01-18 22:28

Sample ID 240502-ytmxgseg6y
Target 0494f7bc-7b06-4e95-8253-9a6c0c25bddd.wav
SHA256 1d76fc1f8dcb481740573ea4d8117704ae4d80aa87924ac8eeeb637d34f33e1e
Tags
adware discovery evasion persistence stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1d76fc1f8dcb481740573ea4d8117704ae4d80aa87924ac8eeeb637d34f33e1e

Threat Level: Likely malicious

The file 0494f7bc-7b06-4e95-8253-9a6c0c25bddd.wav was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan

Downloads MZ/PE file

Modifies Installed Components in the registry

Sets file execution options in registry

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Registers COM server for autorun

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Drops file in System32 directory

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System policy modification

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-02 20:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 20:04

Reported

2024-05-02 20:50

Platform

win10v2004-20240419-fr

Max time kernel

2699s

Max time network

2651s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\0494f7bc-7b06-4e95-8253-9a6c0c25bddd.wav"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\MicrosoftEdge_X64_124.0.2478.80.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F98FFA19-9861-4980-BC65-7D7CF83F2B73}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E8F944FD-0875-4291-963F-6BBDDDB813E7}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=F7E53A9E4CD54761BE5855B4B3948ECB" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E8F944FD-0875-4291-963F-6BBDDDB813E7}\BGAUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\PlatformContent\pc\textures\concrete\normaldetail.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\MenuBar\dropdown-arrow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\category\ic-top [email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AvatarCompatibilityPreviewer\img_triangle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioSharedUI\pending.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\btn_newBlue.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\InGameMenu\TouchControls\controls_phone_portrait.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\ScrollBarMiddle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialManager\chevrons-left.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\PlatformContent\pc\textures\grass\diffuse.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_cy.dll C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Locales\mk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\TerrainTools\EdgesSquare17x1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\MicDark\Connecting.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\mip_core.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialGenerator\Materials\Slate.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_ml.dll C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\common\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\Misc\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChatV2\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_ms.dll C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperFramework\UIOff_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialGenerator\Materials\DiamondPlate.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialGenerator\Materials\Grass.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AvatarCompatibilityPreviewer\check_body.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\ExternalSite\roblox.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Menu\hoverPopupLeft.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\PlatformContent\pc\textures\cobblestone\normal.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\identity_proxy\stable.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\webview2_integration.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperFramework\Votes\rating_up_green.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Radial\Leave.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\Gamepad\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\VisualElements\SmallLogo.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\PerformanceStats\TargetFiller.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\9SliceEditor\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\LegacyRbxGui\IronSide.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\dpadLeft.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\concrt140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar mask-90x90.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_fi.dll C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591539141978974" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationDescription = "Browse the web" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WScript.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 764 wrote to memory of 4424 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 764 wrote to memory of 4424 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 764 wrote to memory of 4424 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 764 wrote to memory of 3676 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 764 wrote to memory of 3676 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 764 wrote to memory of 3676 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3676 wrote to memory of 3352 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 3676 wrote to memory of 3352 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 2256 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 3096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2256 wrote to memory of 2000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\0494f7bc-7b06-4e95-8253-9a6c0c25bddd.wav"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\0494f7bc-7b06-4e95-8253-9a6c0c25bddd.wav"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0x48,0x104,0x7fffc24ccc40,0x7fffc24ccc4c,0x7fffc24ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2056 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2036,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4540 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3488,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4976,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4664,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5036,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5236,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5272,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5804,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5468,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5972 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5632,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5732 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnblockMount.vbe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjA5QzcyNUEtRUFEQy00QjBFLTlCOTUtOEZGNEM0QzJGNTQzfSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNkRCMDY1Ni1FRDNGLTREMjMtOUU0RC1FQjIwNTgwNzFCMTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyNDg0Mzg0MzUiIGluc3RhbGxfdGltZV9tcz0iNTUzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B09C725A-EADC-4B0E-9B95-8FF4C4C2F543}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjA5QzcyNUEtRUFEQy00QjBFLTlCOTUtOEZGNEM0QzJGNTQzfSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMkJEMEI5My1GQ0M0LTQ2NDUtOUIzNy0wQzlCQ0VDQ0UzNjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyNTI3ODg0ODQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5656,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5336,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5984,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3448,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4960 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2fc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5484,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6168,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6304,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6288,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\MicrosoftEdge_X64_124.0.2478.80.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\MicrosoftEdge_X64_124.0.2478.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\MicrosoftEdge_X64_124.0.2478.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BDA3184D-4A82-4577-A245-61F2B642EAA6}\EDGEMITMP_64839.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6613788c0,0x7ff6613788cc,0x7ff6613788d8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1096,i,4635499083751600626,15619506922674917111,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3308 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjA5QzcyNUEtRUFEQy00QjBFLTlCOTUtOEZGNEM0QzJGNTQzfSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCQUJBQjQ1QS0xRkFDLTQ1MEItQUIwNy04NUQxMDkwQUQyQTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC44MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI1OTA5ODU4NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyNTkxNjg1NTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTMxNTc4OTk5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80NDRhZjMwZS1mMmU3LTQwYmQtYjQ1Yi01OGQ1OWQwMDA0NDk_UDE9MTcxNTI4NTE3MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1leXd3dURJejNHQlBNc0ozalgyJTJieHhzbFpKdTRMQ1ZBUzJ5JTJiTk9rM1dYc0FPRlBFc2NxVVZLTzNqJTJiVSUyYjBQUXdpUFIwQnJRc2h0eTVObWd5N1pISkVBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNzk2NDcyIiB0b3RhbD0iMTcyNzk2NDcyIiBkb3dubG9hZF90aW1lX21zPSIyMDY3OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1MzE2NjkwMzUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTQ1OTU5MDgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTgxMTcxOTk0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjc0IiBkb3dubG9hZF90aW1lX21zPSIyNzI0MCIgZG93bmxvYWRlZD0iMTcyNzk2NDcyIiB0b3RhbD0iMTcyNzk2NDcyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzUxOCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F98FFA19-9861-4980-BC65-7D7CF83F2B73}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F98FFA19-9861-4980-BC65-7D7CF83F2B73}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{F1928DFD-C695-41C1-98B2-A8194466DD48}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjE5MjhERkQtQzY5NS00MUMxLTk4QjItQTgxOTQ0NjZERDQ4fSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGODc4MTRBNi1EMUIyLTQyMDQtOUNGMS0yNTQyQUM2RTRCNzV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MjY1MjYwMjU2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyNjU0MTYyOTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg4MDY5Nzg4MDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxNTI4NTQ3NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TZ3Fjc3FyV1JxUmR2bU5vcnRjT1JLVHB3ajF1QSUyYmxBcGZHdWdUSDg3aW4zcDVYajExQ0x6UXUlMmZLZmtOWnFCWCUyZiUyZjklMmJ6OExWd0phT0RuMjdQakEyWmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4ODA2OTc4ODAzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxNTI4NTQ3NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TZ3Fjc3FyV1JxUmR2bU5vcnRjT1JLVHB3ajF1QSUyYmxBcGZHdWdUSDg3aW4zcDVYajExQ0x6UXUlMmZLZmtOWnFCWCUyZiUyZjklMmJ6OExWd0phT0RuMjdQakEyWmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iNDk4NDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODgwNjk3ODgwMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4ODEyMTM1NTIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMTMiIHJkPSI2MzE4IiBwaW5nX2ZyZXNobmVzcz0ie0JEOTk5NkM5LUYwNzYtNDUxMi1BQTM0LUZBOUFCQjAzQzIwRn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc5OTAyODgzNzg5MjMwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjEzIiBhZD0iLTEiIHJkPSI2MzE4IiBwaW5nX2ZyZXNobmVzcz0iezA1QzJCQzdCLUI5MUYtNEU0Qy04MzgyLTJFNTkwQjIxMjMzQ30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC44MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzI4Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NDY1MDFGODMtRjdBOS00RDBCLUFEMEUtQ0IyNDAyNTBBNzE3fSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUC4AA.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{F1928DFD-C695-41C1-98B2-A8194466DD48}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjE5MjhERkQtQzY5NS00MUMxLTk4QjItQTgxOTQ0NjZERDQ4fSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MTJEOEY4REEtQkZBNi00NDZFLThEMUItNTI5MEFCMjVGOTkwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0NjgwMzcxIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4ODIxNTA5OTg4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTBDMDREMTUtOUM0NS00MkJELUE3OUItOURBRDgzNTY3OEQ0fSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OTZFMDU4QkQtRjFDQS00ODg5LUJDNUEtNTc5QkQ5NUY2MUQ2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTA2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzEzNTExMTc4IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTgwMDg4NTQwODkwMjY4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDA2OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4MTYwOTk3OTciLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E8F944FD-0875-4291-963F-6BBDDDB813E7}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E8F944FD-0875-4291-963F-6BBDDDB813E7}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTBDMDREMTUtOUM0NS00MkJELUE3OUItOURBRDgzNTY3OEQ0fSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyMDUyRUJCQi0yRUE5LTQwNUUtOTY0Ri03M0JGNzFFQzBFQUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTgyNzY2MjUxMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExODI3ODE4NjYwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjEyMTkzNTM3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUyODU4MzAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TzFOamxvcHBNbG5GZjEwT0JtdGIlMmZNa25jaWVQbm1mMjVuY1JUY3BqNUxxSHFGTmpleGllQk9zZ3NDdUxpTlNDMUlaZGtjelNwMm4lMmJobmhzQ2Z3R1BRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzIxMjE5MzUzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUyODU4MzAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TzFOamxvcHBNbG5GZjEwT0JtdGIlMmZNa25jaWVQbm1mMjVuY1JUY3BqNUxxSHFGTmpleGllQk9zZ3NDdUxpTlNDMUlaZGtjelNwMm4lMmJobmhzQ2Z3R1BRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iMTM0MDMxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyMTIzNDk2OTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzIxODI4NzkzNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjE5ODQ5NzYwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjU2IiBkb3dubG9hZF90aW1lX21zPSIxMzg0MjIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE1NiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff60cef88c0,0x7ff60cef88cc,0x7ff60cef88d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B467CFD2-17BF-43F3-9326-1B0754EBC5CB}\EDGEMITMP_864D8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff60cef88c0,0x7ff60cef88cc,0x7ff60cef88d8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff67b1e88c0,0x7ff67b1e88cc,0x7ff67b1e88d8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUI3M0VFQkUtNzUwOS00MTBGLUE3RTEtODk2RkUxRkM1QzM3fSIgdXNlcmlkPSJ7ODc3REMzQzktMjk2RS00NkFGLUFGM0EtNjgzN0EwODgwRTU1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5QUM2NzdCQy0wNjVFLTQ0MkYtOEQ4Ny1CREI4NjZBMTkzNzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC4zNyI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMzMSIgcGluZ19mcmVzaG5lc3M9InsyQzM4QTcyNC03NUJGLTQ5NjctODE2RC1BNzhDOTQ3NDBDRDN9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc5OTAyODgzNzg5MjMwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQyMDMxODYzNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQyMDQ3NDkwNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NDk2OTM0NzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMzFiZDVkNy05YzY1LTQ3NmEtOTA3NS1lMjQ5NGY4ZGE5ZTQ_UDE9MTcxNTI4NTk4OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TdFQyeFBKWWclMmJ0UE1aT1J3dkE3cGR6ZEhsWWdEZzRLc1JqMVd4aCUyZms2aDFuZVNyUFdFQzJTc3VFVEl4JTJiVjc5eThWTmJLU1lwSkdZZFI0TjVBdldmUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjQ5NjkzNDcwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMzFiZDVkNy05YzY1LTQ3NmEtOTA3NS1lMjQ5NGY4ZGE5ZTQ_UDE9MTcxNTI4NTk4OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TdFQyeFBKWWclMmJ0UE1aT1J3dkE3cGR6ZEhsWWdEZzRLc1JqMVd4aCUyZms2aDFuZVNyUFdFQzJTc3VFVEl4JTJiVjc5eThWTmJLU1lwSkdZZFI0TjVBdldmUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgZG93bmxvYWRfdGltZV9tcz0iMjEyMDMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NDk4NDk3NjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NjI2NjI0NzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDg5NTM3MTg3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjI1IiBkb3dubG9hZF90aW1lX21zPSIyMjg5MCIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MjY4OCIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzMzEiIHBpbmdfZnJlc2huZXNzPSJ7RUZGMTkwNzYtOTRBMi00QkRCLUJCQzAtRTRGRDhEODE5NjdFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjgwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMjgiIGNvaG9ydD0icnJmQDAuNjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzMzEiIHBpbmdfZnJlc2huZXNzPSJ7OTFDRTQ4MTgtNjUyRS00MTIzLUE2NDctNTU5MTFGN0ZGREVFfSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c

Network

Country Destination Domain Proto
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.106:443 www.bing.com tcp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 chrome.google.com udp
GB 172.217.16.238:443 chrome.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
GB 128.116.119.4:443 www.roblox.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 13.224.81.95:443 css.rbxcdn.com tcp
GB 13.224.81.95:443 css.rbxcdn.com tcp
GB 13.224.81.95:443 css.rbxcdn.com tcp
GB 13.224.81.95:443 css.rbxcdn.com tcp
GB 13.224.81.95:443 css.rbxcdn.com tcp
GB 13.224.81.95:443 css.rbxcdn.com tcp
US 205.234.175.102:443 static.rbxcdn.com tcp
GB 13.224.81.80:443 js.rbxcdn.com tcp
GB 13.224.81.80:443 js.rbxcdn.com tcp
GB 13.224.81.80:443 js.rbxcdn.com tcp
GB 13.224.81.80:443 js.rbxcdn.com tcp
GB 13.224.81.80:443 js.rbxcdn.com tcp
GB 13.224.81.80:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 128.116.32.4:443 roblox.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 95.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 80.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 4.32.116.128.in-addr.arpa udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 2.18.190.83:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
GB 13.224.81.95:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 128.116.119.4:443 locale.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 83.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 57.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
GB 128.116.119.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 www.roblox.xn--comdoznloqd-qna udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.roblox.xn--comdoznloqd-qna udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 219.131.50.23.in-addr.arpa udp
US 128.116.32.4:443 roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 18.172.89.122:443 setup.rbxcdn.com tcp
GB 18.172.89.122:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 122.89.172.18.in-addr.arpa udp
N/A 127.0.0.1:59271 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:59275 tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:59278 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
PL 23.211.40.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 233.40.211.23.in-addr.arpa udp
N/A 127.0.0.1:59282 tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 15.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
DE 23.50.131.205:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 205.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
IT 142.251.143.99:443 id.google.com tcp
IT 142.251.143.99:443 id.google.com tcp
US 8.8.8.8:53 anydesk.com udp
GB 13.224.81.86:443 anydesk.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 ad-wa.anydesk.com udp
GB 216.58.201.99:443 www.recaptcha.net tcp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
US 8.8.8.8:53 99.143.251.142.in-addr.arpa udp
US 8.8.8.8:53 86.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.224.235.167.in-addr.arpa udp
GB 216.58.201.99:443 www.recaptcha.net tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 tracking.g2crowd.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 104.18.43.31:443 tracking.g2crowd.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 104.18.43.31:443 tracking.g2crowd.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
GB 216.58.201.99:443 www.recaptcha.net tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.dwin1.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 scripts.iconnode.com udp
US 8.8.8.8:53 serve.albacross.com udp
GB 3.162.20.36:443 scripts.iconnode.com tcp
GB 18.172.89.127:443 www.dwin1.com tcp
GB 216.58.201.99:443 www.recaptcha.net udp
GB 18.172.89.111:443 serve.albacross.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 104.16.137.209:443 js.hs-scripts.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
GB 216.58.201.99:443 www.recaptcha.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.anydesk.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 36.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.137.16.104.in-addr.arpa udp
US 8.8.8.8:53 127.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 111.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 download.anydesk.com udp
GB 157.240.221.35:443 www.facebook.com tcp
DE 188.40.104.135:443 download.anydesk.com tcp
DE 188.40.104.135:443 download.anydesk.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 12375076.fls.doubleclick.net udp
GB 13.224.81.86:443 www.anydesk.com tcp
US 8.8.8.8:53 lantern.roeyecdn.com udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 135.104.40.188.in-addr.arpa udp
GB 142.250.179.230:443 12375076.fls.doubleclick.net tcp
GB 142.250.179.230:443 12375076.fls.doubleclick.net tcp
GB 18.172.89.110:443 lantern.roeyecdn.com tcp
US 172.64.153.27:443 js.hs-banner.com tcp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.usemessages.com udp
US 172.64.153.27:443 js.hs-banner.com tcp
US 104.16.79.142:443 js.usemessages.com tcp
US 104.16.160.168:443 js.hs-analytics.net tcp
US 8.8.8.8:53 api.hubspot.com udp
US 8.8.8.8:53 snap.licdn.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 96.17.178.206:443 snap.licdn.com tcp
US 104.16.117.116:443 api.hubspot.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 track.hubspot.com udp
US 104.16.118.116:443 track.hubspot.com tcp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 110.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 142.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 168.160.16.104.in-addr.arpa udp
US 8.8.8.8:53 116.117.16.104.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.179.230:443 12375076.fls.doubleclick.net udp
US 8.8.8.8:53 app.hubspot.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 104.16.118.116:443 app.hubspot.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 8.8.8.8:53 116.118.16.104.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 91.174.17.104.in-addr.arpa udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 new-collect.albacross.com udp
IE 34.247.200.134:443 new-collect.albacross.com tcp
US 8.8.8.8:53 134.200.247.34.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 7940397.fs1.hubspotusercontent-na1.net udp
US 8.8.8.8:53 metrics-fe-na1.hubspot.com udp
US 172.64.146.132:443 7940397.fs1.hubspotusercontent-na1.net tcp
US 8.8.8.8:53 132.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 135.47.7.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
DE 2.19.126.137:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 137.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 62.242.123.52.in-addr.arpa udp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 167.89.28.184.in-addr.arpa udp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
DE 23.38.98.104:443 res.cdn.office.net tcp
DE 23.38.98.104:443 res.cdn.office.net tcp
DE 23.38.98.104:443 res.cdn.office.net tcp
DE 23.38.98.104:443 res.cdn.office.net tcp
DE 23.38.98.104:443 res.cdn.office.net tcp
DE 23.38.98.104:443 res.cdn.office.net tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.98.38.23.in-addr.arpa udp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 20.162.145.158:443 nav.smartscreen.microsoft.com tcp
GB 20.162.145.158:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 smartscreen.microsoft.com udp
GB 20.162.145.158:443 smartscreen.microsoft.com tcp
GB 20.162.145.158:443 smartscreen.microsoft.com tcp
GB 20.162.145.158:443 smartscreen.microsoft.com tcp
GB 20.162.145.158:443 smartscreen.microsoft.com tcp
GB 20.162.145.158:443 smartscreen.microsoft.com tcp
GB 20.162.145.158:443 smartscreen.microsoft.com tcp
US 8.8.8.8:53 158.145.162.20.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.168.117.174:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 3cd3889a2163ff2a708603373c6ac161
SHA1 7f267873024ac7162fc5f269f64b63a06fd2a388
SHA256 56b437baf202bb5f5c2ec8d21be43467250e112eae48a5241fc1c12682dfa822
SHA512 7aa0b33ed3b06840ff2814eceab38c75928046db423dd54e217638bec011bbfa6a2e20c8d07d846d93b8996885df8f2c49de717e52d072d3108ba64e1721bb1b

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 8db76ed05534a09b4f8a6b35cd515885
SHA1 d8c8a0723f791a97999eeb24ffdeeee6acd8ed05
SHA256 6cdb12324b179434d19072d80a43bc627c7d3abb83b65cf27e1982deb4147285
SHA512 f9b240a5db546ed0f6e608961973661ac8a2f64518d03e5556bb8cd4c8a6bfc2d8d6726192b018dbaba593969ced8862058cd31fcda603441b162609beb5f9db

\??\pipe\crashpad_2256_ZBAUPPGLLAJOKAKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 a4aa7c1ccbeae25d72481828265ce0be
SHA1 88f8843f7d9bc77dfc4cc0965139b91600bdf993
SHA256 7a53229607f65587feed0933901834524e9f32b263bb902c84f83c2ad4672cb2
SHA512 29c95f2b5fdca656a0bbe0dff81ff1aacb706d4751265c822f3a3eb41ff18718c1eea10217977da01b0b327efd1a36bea02f8ead3d53696abfebddd0c0fefc15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a5c4bdec80d8062bf14851af1c16ce7a
SHA1 a11f3803c6a883cafd77969aefb7dedb66036571
SHA256 9d7cf586bd2849d011e1325c9187c4d9b74cb466eff022f4a3cb2341c49632ee
SHA512 80710e316a6eacd418905780db7b1dc342b136c3e445fc92121f651d82e4bbb924c80c115c883308952cdb0be3b72dd461ccc913cf4b5bcac91e7c8ed791be02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b43afa48c18753c2ea3634019a06f195
SHA1 e074bd1afdf21c038db325697582d24c0f6cbcc2
SHA256 5eb378c247a6fe14984a61ad9d689cb2f3b75650041dadcd525d5bc8ed841041
SHA512 b14d71344b45607ff14914df45b8015f01c684042042bcdf363299dfb80afc9afd681ebe404735d98f176e84cb142b07ed218e4983a32282e32943b9026acd1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bff46a7b4751e87dbebdbd5aecabe509
SHA1 9465497e318621ae4efbab63ca753a1eee964245
SHA256 4967d1a3469ba26b0290106c6a28ec0756f13d4d8d571a920ff9697b74fc9dea
SHA512 f84f0673c3add3e6c1d7e3e675fb27570d39a1d5e0ea7acb8999cd0c9df84c209e1c2657534b823d7a8f8e8b5b4be4313403bf6c35f8dd175636b716ee9a6500

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bf318b72c829b3190a480436abdf44ec
SHA1 113ff28d1a678bcd8a6ce1d075f33bb2d4ef24cf
SHA256 7e8ea7e90c21899eca954d385d49c1e8bb0357e145cc63eef5d5a5d8d28492e3
SHA512 c7c698fbe3cccf697f576ed8d3d4387d7d75f7de52ef69e8d06acd39e8455e19f25fa3d2d2b4679c369d6e0ff80ef37b2bd2bc01bf59c57022081d60741b8751

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a95eb2b4ca5b68e85c282927b63c5aca
SHA1 2bbc2edc544ca0457dec53fea857442949e53e74
SHA256 2db4d7e72bba4aafc4d93db19358fa2f79ddb75d922b1ccf5a954157897cd6fb
SHA512 6cb535d21cb2ec5b32c78200d68b626e7a590a9d2f67f14116cf6e1c491e06e53b139959647486cbf20d20e0997ed62a9c4d0d53c463a3c40372c44322258808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 37715528f16bf20c288b612b171d04b0
SHA1 0615fda15c426477c203ab6ab32c8cbcdc67dc71
SHA256 4e3eb12cab533d3368158457a56473db360c56a9fc55330d8b859fd52cecfbb7
SHA512 b8656b94abdd176cf1af0093c02a036a44b7ca029f28dcbb2ee627ae11c6c768477ccd05e0b50af8743fa2a6a0bfc92f57d616b0a2ab9ee912b0ae66afde5956

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a81f74f2250d22eb33f6810ec5efc1ad
SHA1 265929bd9407aed3fbe511d6c6b097e4c419ceb0
SHA256 95ee3c976add4780f6beb6bc729458d6a3b9343067657aaf145a92c9231d4cad
SHA512 f53f75b0f68031b29b1206f2035b91d9cc3ccac513c924eed8927f49805e90a2713dd83c8326af7fe542f27195cde669eec77c1cc01f344ba74ed801bc156a35

C:\Users\Admin\Downloads\Unconfirmed 470206.crdownload

MD5 a2f58a117c60b1622eede88d2163ef19
SHA1 91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631
SHA256 e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04
SHA512 19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f60d8c87b806bb58ad782e7eed25512
SHA1 be4c8e4110b37be555ff85decbc4a96286665070
SHA256 5bf5f291b2f281b6dba38fc8ada4e794a90f8e883da6decf7180f10c3c589dbd
SHA512 db0fdc929a71633d0dfa63ae3461ddc1f2ca9df1a232c830c392569270019feb8face913603a6e790b84d8fc5360e3bc794e57c9f70e5d277cbf2210fe20d29e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 771419ed26cb160e278aa4e833b46f26
SHA1 29013a131520148a4fd1e5c4fbba00e81ed8d686
SHA256 f6403afda6acc65b8c4da2355d9eda03d8c95b0ef1002ad8724e5ddfd7141cd3
SHA512 4594ea93b68f4e68031e7395b41adefe942c717283b6d5d5b7ff083e3988dfe2f3d647ac108149e0802722cc14c3249a563ea08b462cdd68c3ab45182ceb0533

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 e284a7bdf53b953d5514c6abe985ed60
SHA1 91655419b0e29b53bebbd102127056f396af6bb0
SHA256 de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e
SHA512 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec54e26d5775cb92a3d535b68c08c750
SHA1 2c17b788e1f6ae16f13604f26ff1c58edff335e5
SHA256 4465669629b79676b8240637a8fe4baefc0b1af6458d264c4148cae70444fc08
SHA512 02986f398e8c7b7ec99660ce675adb00c8f4b5b65ba42753e84c49a7b55e412ae53727b84cda0be8d910e7079c3f11e1570460d47ec6a7c27966a3744a182fa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 4284e262c874eaa71226f38693f546b2
SHA1 343108e51f23009e1f36b2334593e4af19261470
SHA256 a8c2aec8ef20e8d5c55fa569dbe5ba11c839e2871f0f4a4adabc2be21c7d3af0
SHA512 1a37fa34c93750ba6ca8150ba7f212f486c7c1073d414dcec078a0a945923a3c70d55ee159a1db24e402f39ef9c9f628b59879625292ea8439d3649acf05a170

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43f9124dfb443e377c9e94ba9f3916de
SHA1 cf5585c8c94c3ca40a44c97cf489eb6f998d3e94
SHA256 e2b18610d9a34451a1c3a5b3a9cfb7017ddeae2e8536d1d0d041c29753a328c9
SHA512 44ab7f22c3525a50f9f760fb8725a7dde3755c9f3843796b1dd89686621a72e5972fd430585bc0d3f8cedc55c5b5cb6a29e097ef9f29a6c870aaf5934f9e70ef

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\523f61d67bf4c528e001c52e84c35ef0

MD5 523f61d67bf4c528e001c52e84c35ef0
SHA1 f26774809dc1ea0bc7376606964ebcc06bfdc398
SHA256 834bd41f708d1393a528da769b015538b45b279b4af4969e1df54c0c426add3a
SHA512 d99d834d3632804160428367360f8a4c0ab6e1c9146ab12b07d6f44c30def1482809d5cac41ae84a64e5d8b99a4fcf2090c74e39b2692094168737501301b15f

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_gl.dll

MD5 84a1cea9a31be831155aa1e12518e446
SHA1 670f4edd4dc8df97af8925f56241375757afb3da
SHA256 e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57
SHA512 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_gu.dll

MD5 f9646357cf6ce93d7ba9cfb3fa362928
SHA1 a072cc350ea8ea6d8a01af335691057132b04025
SHA256 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150
SHA512 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

C:\Program Files (x86)\Microsoft\Temp\EU4EF6.tmp\msedgeupdateres_hi.dll

MD5 34cbaeb5ec7984362a3dabe5c14a08ec
SHA1 d88ec7ac1997b7355e81226444ec4740b69670d7
SHA256 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9
SHA512 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 16959d4a59a06f8c2d56ecee81b33d67
SHA1 be051052570751e44f86949b422dd25a1619e446
SHA256 076262dceee44bcecc42d5b970eec686469ade97925c227431cc0eafd8c5d3df
SHA512 d1afb49bc9004b2d2d29c0849737593e12c74e0797cbd8a09ed11875ad93915024e1a8758bc1c4cb31b0ec87f783cb79fc770491d21bdb88a0c82d0c632a397f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 17b8a1160b3b93e823890831a920a111
SHA1 349760a75e6af831ad7bbdb41d2a0f1545b14976
SHA256 192beeacf2ea2e09632f3fc464c2b8a7123c385d3e3387f5ce7aa4b01d2d3ca9
SHA512 05ef5caf2b906c8b863513f008ac4490f18bec99c2832e8867693e628dfb5943cd1b158849a6bbb022c437059a6ca8c99d3df2201279a5c5fc4420388139a6f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78a15c864568911e57a82b1d4a4188f6
SHA1 45f105ca1a6eaaff21e4a1d2e5f86bb06909b294
SHA256 8a2e2fce36f46e3e781dbd68dc3ba8407fb023e6ed7b69bde28545e414ab8874
SHA512 ed0c49984dfbe3e46bb04fa2c667cd8ab7c3ab93162a535c7b0fa19112893afd283336effea1f56141d475d898d7a381c80ce8571ba7db6b2b068822bbd6f4b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fa5303e393d2a51a81f16790bd0d1f8b
SHA1 6730b1617c1afd9722f6a7df885f6d24e53fc727
SHA256 42e971a8c26684e6c658308ef23105d31bb482b041f466233b6d456e5f4340d7
SHA512 6ac6bd98510ab89c500d7738cef6ba84e453ae201bcab2db4af060da7da7e2f1a370ac3f4b9059ef7c5fb0d2e41f0fb2f630067629113c6fb19808c3d26851e7

memory/5960-914-0x0000000000A50000-0x0000000000A85000-memory.dmp

memory/5960-915-0x0000000073610000-0x0000000073820000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9705efc42686cb43ada0291d38d51e4
SHA1 5ab14ae02364f3b44cfdbfa36c9ca78e947b25a5
SHA256 18ab898aeb596d92ad581bd8f1770501927ac7ca9b6964b3407a76cfb23d03a7
SHA512 394d7c31533d8822447e76f21858d426f044225a343eca2eb03f948ea7e584e17101c169833ae6a4d4a10bb621588d7c209817528264615ee6d166f21bb4c56b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

MD5 9fcc3ec317c2d89b4e804e767ba665e9
SHA1 90ff2c8351b4b1d419e3e73ca9dae8dbab6ba438
SHA256 be1533fef5bd0b050c87d60b788997b2c398f61108fcd1298780efa65a9a0bcd
SHA512 6abb1a473274eede0998364c2967851aabb085569e42c9329a5771f0d17074ff67ace384d368e03d5880fd8a5b54053c9c5923416336429c99efd73c8a8da671

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ded052408cd9b08328e6e2195ed4981
SHA1 c49a211b523332a09fb64be2a2df1d3f34dde568
SHA256 035eabf526fbdb706f9a43853e66232bf158845772175f5e57ee183cfda0ee56
SHA512 b17fdf7bfaf75d160954c20e8ee84f98fd1eed76995528bb4173f382219f6fe3615bf2369b219f12d8c70cda1443c3dfb98aab621b2860115ff99e8e8d100af3

C:\Users\Admin\Downloads\Unconfirmed 207815.crdownload

MD5 aee6801792d67607f228be8cec8291f9
SHA1 bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 87157346c8e75c20776c97dc41870da9
SHA1 9fcb7172d61d4a3192093e526215d22be537e5d9
SHA256 6e271e50ee6db0f576dbe2de4fa8dc8741b166702ba7242baf12085a8e7427c1
SHA512 988e48952428455a2aa939ec5116346998327f8d1074617807eaf0c5a65a52c2e1c10509a4bf265f1c6e69e9270ff10d7b8c5dc9d51143a3f5987ae4e239cb14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cf6995ad66558e6e35f3e1b0d345206
SHA1 ca63218ef64b39133f4e9fe59b13e7673e28219d
SHA256 bbf6165f2017aba40234187ef4168bd3c2e5933f0919c7049f3a0587569c6f6f
SHA512 ed4e5a3fd09593ba82872300d48d8756fb83087c81f1b43d948812bc21c21a325c415dc3f0c0f63813141940400b16080371905882cfc3850b25bcc50711ec92

memory/5960-1263-0x0000000073610000-0x0000000073820000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Installer\setup.exe

MD5 1cd79627301bfdeb1d3fba51cad868a6
SHA1 2b71bae909047dd0374425e9df941ef93fb696dc
SHA256 74ab283991de81543bff5786ad8bebd41c243bc00beda305da00c55a60ac2093
SHA512 839860435573bddfcbb950e2986333dd43ab5df5b2a0032fb18cd25c736e94d998b5ea1fc1e1b0c1d02a28b9615653becc4b535434bfd8a7a02f5995acf1808f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

MD5 207999cad006a33f98724230330d2160
SHA1 0ea7ce8af25cc961e85cbb49f04cbc976789a5ff
SHA256 a029a436f05aa867587ddac3bae40101e00cf6561f36fc8c1c630735802f57d0
SHA512 cf405630fb1e36190a9fdcbcf60c3fb961ffb126cf77140863ebef248f229f2c62c9f8f2c35c047b872e983068b6f44c1201075ac1ce6326053fd58ed31be58c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe58f49c.TMP

MD5 59c21347eb1e3ffbb168714027fdaa49
SHA1 bf5c9ef71d6df22a4cb5b4bb5d416d87fcaa7105
SHA256 638fc87ae9eccafc8ca9d8d68fce155ae5663dcb8fe7ed2b69f3c9e9f8896dfd
SHA512 03a6d0234f05ac1e98bab69587617b8f2e52c69bcfc74f15b52002a5e3c2065a0ece2b4aa3062b8878e3af792f596a0e6fadeca8e36255041e37c2f37a1351a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7bc12f0c5c28fbbe3078b0d62039e6cf
SHA1 ddf3555dc4c99376db596c6b2f07bb6992765e58
SHA256 b5702b0f08dc84492fe19d2174ebf7d9bf9c9028ff48f4843cd4294439b6afc3
SHA512 4d238d34fd8349348ab4fa2ff214c0cd46568ec9650660056fc7478b7bcf3d2f8a949a7d9af619ca5f476c25a51951a6878ea421151f1ed94222ea0216563072

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30345d465674858f853597d999b5870a
SHA1 1c9079387587d37fbbde8b0bac277b888adeedf2
SHA256 f60f03fde1fb2a1b06297eec5d29e9a4b702c50cebd443f410b80be95285098f
SHA512 84d4cf3dbbffccd6afd2ed073abebcc564c31debd43e6c139afcd2b019d1f704ef6e8a8450fa300c1b65812e748119a481a25437cb7e56f29fff704825376cc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 206a41d84c48d82848ffb242e64e9866
SHA1 b2c808f828370592ca9a698dc76e499490ef92df
SHA256 1e021e8986fad5072e3b589f8098c2fac459af6c964c67d91a9a678605b8d8c7
SHA512 aff1bb50aab21371b00bc8df246a395703683424feaac093db62e3307ff131a4f8dfd57e1a434f636976aae9aa494d6de8a367002fdff769ca47e32449084da0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5430c06ae706fbeb45c9c7670e514ded
SHA1 dc1461eb3750e3bbcb855485729b40a993733243
SHA256 6394f6a367f3ca8b7cb624b3601a85126bbea748582ad015967af473f6172e30
SHA512 38aee905b52c518ef6e6df38f521b46383c9088d40266ce58a42344bc12b63b94730366495928bffb5c380272567461f7764e233655113284546b558bdbab39e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 772b9d65648f008e3c23230d182859e1
SHA1 5451895c3d7b7d4e2ffac5c73f58e6714235bc3e
SHA256 329b2e7fa38645ce5f3070c78b0f418a6ef47fb9f3edadbb038085a2c407e0da
SHA512 ad834dfdd0765673280d0614a2646d493826d82b01e1219fca5e864e7e4fc9493f175d1e33f4b88b9ce8ba09d9208944d955613a44e602b234fc355c58a02758

memory/5960-1362-0x0000000000A50000-0x0000000000A85000-memory.dmp

memory/5968-1367-0x00007FFFE0190000-0x00007FFFE01A0000-memory.dmp

memory/5968-1371-0x00007FFFE02F0000-0x00007FFFE0320000-memory.dmp

memory/5968-1376-0x00007FFFE0380000-0x00007FFFE0385000-memory.dmp

memory/5968-1375-0x00007FFFE02F0000-0x00007FFFE0320000-memory.dmp

memory/5968-1374-0x00007FFFE02F0000-0x00007FFFE0320000-memory.dmp

memory/5968-1373-0x00007FFFE02F0000-0x00007FFFE0320000-memory.dmp

memory/5968-1372-0x00007FFFE02F0000-0x00007FFFE0320000-memory.dmp

memory/5968-1370-0x00007FFFE02A0000-0x00007FFFE02B0000-memory.dmp

memory/5968-1369-0x00007FFFE02A0000-0x00007FFFE02B0000-memory.dmp

memory/5968-1368-0x00007FFFE0190000-0x00007FFFE01A0000-memory.dmp

memory/5968-1380-0x00007FFFDE310000-0x00007FFFDE320000-memory.dmp

memory/5968-1385-0x00007FFFDE330000-0x00007FFFDE340000-memory.dmp

memory/5968-1384-0x00007FFFDE330000-0x00007FFFDE340000-memory.dmp

memory/5968-1383-0x00007FFFDE330000-0x00007FFFDE340000-memory.dmp

memory/5968-1382-0x00007FFFDE330000-0x00007FFFDE340000-memory.dmp

memory/5968-1381-0x00007FFFDE330000-0x00007FFFDE340000-memory.dmp

memory/5968-1378-0x00007FFFDE280000-0x00007FFFDE290000-memory.dmp

memory/5968-1377-0x00007FFFDE280000-0x00007FFFDE290000-memory.dmp

memory/5968-1379-0x00007FFFDE310000-0x00007FFFDE320000-memory.dmp

memory/5968-1393-0x00007FFFDE050000-0x00007FFFDE080000-memory.dmp

memory/5968-1394-0x00007FFFDE050000-0x00007FFFDE080000-memory.dmp

memory/5968-1392-0x00007FFFDE050000-0x00007FFFDE080000-memory.dmp

memory/5968-1391-0x00007FFFDE050000-0x00007FFFDE080000-memory.dmp

memory/5968-1387-0x00007FFFDDDD0000-0x00007FFFDDDE0000-memory.dmp

memory/5968-1386-0x00007FFFDDDD0000-0x00007FFFDDDE0000-memory.dmp

memory/5968-1390-0x00007FFFDE050000-0x00007FFFDE080000-memory.dmp

memory/5968-1389-0x00007FFFDDEE0000-0x00007FFFDDEF0000-memory.dmp

memory/5968-1388-0x00007FFFDDEE0000-0x00007FFFDDEF0000-memory.dmp

memory/5968-1395-0x00007FFFDFEB0000-0x00007FFFDFEC0000-memory.dmp

memory/5968-1401-0x00007FFFDFF60000-0x00007FFFDFF6E000-memory.dmp

memory/5968-1400-0x00007FFFDFF60000-0x00007FFFDFF6E000-memory.dmp

memory/5968-1399-0x00007FFFDFF60000-0x00007FFFDFF6E000-memory.dmp

memory/5968-1398-0x00007FFFDFF60000-0x00007FFFDFF6E000-memory.dmp

memory/5968-1397-0x00007FFFDFF60000-0x00007FFFDFF6E000-memory.dmp

memory/5968-1396-0x00007FFFDFEB0000-0x00007FFFDFEC0000-memory.dmp

memory/5968-1402-0x00007FFFDFF70000-0x00007FFFDFF80000-memory.dmp

memory/5968-1408-0x00007FFFDFF90000-0x00007FFFDFF9B000-memory.dmp

memory/5968-1407-0x00007FFFDFF90000-0x00007FFFDFF9B000-memory.dmp

memory/5968-1406-0x00007FFFDFF90000-0x00007FFFDFF9B000-memory.dmp

memory/5968-1405-0x00007FFFDFF90000-0x00007FFFDFF9B000-memory.dmp

memory/5968-1404-0x00007FFFDFF90000-0x00007FFFDFF9B000-memory.dmp

memory/5968-1403-0x00007FFFDFF70000-0x00007FFFDFF80000-memory.dmp

memory/5968-1409-0x00007FFFDDB70000-0x00007FFFDDB80000-memory.dmp

memory/5968-1413-0x00007FFFDDCA0000-0x00007FFFDDCC6000-memory.dmp

memory/5968-1415-0x00007FFFDDCA0000-0x00007FFFDDCC6000-memory.dmp

memory/5968-1414-0x00007FFFDDCA0000-0x00007FFFDDCC6000-memory.dmp

memory/5968-1412-0x00007FFFDDC70000-0x00007FFFDDC80000-memory.dmp

memory/5968-1411-0x00007FFFDDC70000-0x00007FFFDDC80000-memory.dmp

memory/5968-1410-0x00007FFFDDB70000-0x00007FFFDDB80000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c541818a8deeddf27944c4b77716653c
SHA1 00e044fddd9dd7df537c362324916bb4f152e7de
SHA256 cfc06ac5398314fb62fa9d4c8d1ccda862cce3e837c13aafe0b586750c56891b
SHA512 186c18f0fc294167d3dcdc5b0894ecebebe4de1ac803cb7d27cc00315ea3f1ea190c239eebcd3cf8ca72f50ca41d657cacfd8bb654bd9f534ac6bbf0f70d4999

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 718b7b2b5d3e0f722b568133fd2ce6e1
SHA1 5ecba72d849bcabd29e277365422316b92e50145
SHA256 e4fc27f04f09170eef3d0598c1e6dee04f3ff793e44887a26bd32c97b11cb6b9
SHA512 ee0a00b69f9ad98efedee8b6af0384bb48b31c234d4608bb5c5264a1d4ba73efb2367879ab76882951bc2a491c2e1ab85b25ccfc4f624176098380046aac0f97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cffce5131502d0150baa402198be420
SHA1 3b8aaa30188dbcd6b0d0ff521bfdacd8c4dc2627
SHA256 b72082dc83d7c0f9fe0f70c0197a86b519dc77d03eedde7ff78421d1e4696d13
SHA512 59bf98da6a997c1f321b505321ea254c646914bda481fbfe8c1838361417fdbed3500b6fde58f8f737ef1a2380c0ec609e552358a0060a60cdcf656dbc130fad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d468ea6202427d4872e715651bd51b4
SHA1 fac6352cf3eebb4e0e73ec2413ac030b9c41500b
SHA256 6e7e3238235ab4e827c9c15bc301626c013c5e26450fb84bb5f662b6fbd56981
SHA512 cb2626381549b7785004f9dc847deef1c6bac8ca5d2ec345974bc9d166fb59eb51ba0ad2c46631221519943d78a636520c3d0226397c3b5ec50f9a08c2fc181e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66090cf59815f1f9d44761e3eb2d000d
SHA1 63c22c6a7be8ac6a210cdf9fdbfb50ed90de54f4
SHA256 4a04ee8627980503b0f756ca9dcbcbbf8f006cce3037b45c5d254f6772f4e2eb
SHA512 03a8a6ff7a7c611b4fbab33009465eade2fce5ecd639919733200ad728c3b0708e99906ae22108c0314bce5345340eb14f101426cd94e822a54319892c7ab4d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32abf269a6ce0b237ded3db56a896693
SHA1 0515590c226dbde135432f2f831431fc8ad25420
SHA256 7b7f2317809bd8b2fa82129825ec11d81a39e4806b96ac4e5ca77e2efe0a311f
SHA512 06a4920d126fa1878a3c17ce6647726396c9a9e844db12828ff7dd4c46429d866cd94a85c2a8f3943eb2df5344dad90db9e29402973f816d7591b0e43bf42fd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2765526fb03cfd9443a050057cf1f5cd
SHA1 3f68cc3cddd297bae044afce15eec9f07a6d6740
SHA256 d5100bcfc7d7aef0e0858f905d742094d4a9611b146ed4835ada7577288ae838
SHA512 bac0f03694f9bb3bc207c1a53c8b1dc1858f11455ad8bd72360565e7377d66b977c4529bf4ca192c7b1c60f8bc0ade4910cd7bdb8e4da9199900091cce1db179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12bae5418c1c4ec5c53f77f58a62d08e
SHA1 03206e8fc063c629159c77b860b4ace10c273f1a
SHA256 a9e7569a8fe90efac9bc16ddfec768a0b913f91b9e0fdc534e603cddd359c3e2
SHA512 8a3ac7a19741d4199caec0dfc3f5014c1068caa374b8ec02e1edbe9e034a07fd7ddd37420b6e31db672cab0dfa975b71f82f7d814bc4d916ba904dcfd2210e35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 585d0bcc23a2c4ed336d0e715b121942
SHA1 c0564c234a0518107fe5a34e4ca972975ac7f01f
SHA256 39030c9164bb4dda55348143cdadc15e3739a813745e280ea3cd78b0dfe8412d
SHA512 103561f6c9e0e789ba64eeb3343a84fa7567294cc36d00ee37cd1283068ad928c17b677a3849e91e1a02f182e22033cfdcdb30d5fd6d16cac07ec47641b500c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e048dd109cdb0cb6df0bd8245d898f95
SHA1 4717847a797bb7fbbc26b3682eb11d37d027c037
SHA256 768cb770a1894627f35a2871e5ab49e32ff301ad34a11966dec4dbbc9bfe6281
SHA512 bf9f78e884607761c9842d3b045194f04855805248a2c3317e81dbc7d4c543a71603a89e48170150a3079ed5f8b2cfcc71e568844c2ee0d9e296e862ede13951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 faec790752d43ffbc966125efbb5db2e
SHA1 afc58d88d3856c7574d31241ccc750dc1c0692c8
SHA256 34bb80f759194be6302714587f331d4b9a335ca1b0f4e74275dd154b47ad92a6
SHA512 3c70cda2ade9a67c16f37f9963631221d2c2c2760f53fd495724a7ab26902490c170c38145099538fe42945909d8d803c9360adf580df49a0a21d406944fc8cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2fa3858237d9d46f5e33a1e9f483fce
SHA1 090a296bba8df2c3bcb88e40bcdf8fd4c6f6bcb5
SHA256 dfe81079dac10c0a20a44c7b370ac5f76cfef5d13154285cddf54060d13e64fb
SHA512 b0b7f47a7cbb8b9a00cf37d5a1b1a3a2cec20412025a1751c7dfe686660cf747cd445a2a38f32da06ef6b29e29216dfb865f9411d97f42980c2492d588cb7def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed4a04c3501123d4bdaa56adbeffffa2
SHA1 2e6bda48e0fb93badf739e6af4bcff8b8a2b2661
SHA256 c61b4460b88c28d119690e56b0d617c61754e344e7237d857e890438e3ed8590
SHA512 7116fb357c94e70f59efd3edadede9f7f183fefce36a7cdefbddd280c38b47c20c1b06ed1b3db7153555bfc5572882b99311b20050cfc053d0eef16ea35cbc3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4426a10019650e7df35f9515c06d343
SHA1 258644e77f11a4a588d4bd37b4d1994d1312da77
SHA256 a8c1f767e5fa71f013f8717fddbebb430d17a93ea92259ae5436a6a8ccf8fb18
SHA512 cbcd815039c417661f55f49cac438d0dd6d459820443e90e714869c11fb8af92efcc98177e1f91d13a79299213ce8c132102693d39b3eb7e53080958f8497faa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 529e517a3a8f48f712ac4dd1ec04623d
SHA1 7b1f516d7babe67c346cc29864005580be836494
SHA256 99ce8269ec3c63eda312bdc1f53a719658e5c847413c47075b36a058ee2a8269
SHA512 a57b8f2875942b857b346287f4df8d9306e55bd5ea17e4520766f510f3aaeb5c88efd527df4292e967aa6169e71263a7eaeaae58051074402ce11e8dd2653a1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 963900bb238239ff7668d926df6beb09
SHA1 81017b5a31dddbafc2ad1550966798e188d70ba8
SHA256 de86f02f6d5c8a46a92ef01e8f28229ae1e71376b03bc611c55bbd3000649929
SHA512 f30e7c04ff1100f0e6bd27c747926ddd4ebdd6b28f3df8b0fbb5f26fa368d64c282a3e1223ec55f69624caa7e6108e335cabb4fa8205d6311c8c79683de64594

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1a4ec454-cdfb-428b-9e2f-feb4a79f9a05.tmp

MD5 2c1631851fc2e64da35f5912ae0a5983
SHA1 4120e00dd8a37fcdfcbdf5f6da260a1273e13ed9
SHA256 2471d0d31f2c96f496455941bd82573ed6c8c2455d1e0165970e468852b7abe1
SHA512 a09068c717258b3c9f7813b6bc77c42a393e447939750f40a993e96002cf0a16225a77bd1297d73a3cb2c09f3ea4ae3ee085ac9215accf9186136acffca8f493

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4cc6917511b4d2182af8a8779dc9b3a
SHA1 a6ac13b8a75f03e5cd7f5d972b7bf9898d65d230
SHA256 5f94856bd82d4ce907700ce82a941325be353f528a7164d567c1e6335896342b
SHA512 562691bfbddcdd6ac9664e2a52c098dc0286ea6c4b41c5e4d056de59e5a5d4003357fb0cc8f34a5f391952de648e93b69321e181db7628aee7ae850e9f150ab9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 657e06f51462fa4dcbad927f5f204cac
SHA1 be437f35f70ebf1eb7dc88b0e51ed119a7256795
SHA256 fc7b69bf542959982117e934873257b24d357edf425a484af2ccabb85249a4c3
SHA512 77dccecc8cacc104ea5b82b84b1b667da0794b2947aa3ffc99d4cbb162dd2fb57c5a4075324f51130d1f1ddac74b375cdb161aaf77081db2d1014e6678558900

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28ffc99592571c7e149611ea14fbbd6c
SHA1 f98e7c06910438e186ada920ab068d77f3dbcfa3
SHA256 4bab318c3d9b9863b186ce833e80bcec59cc318e8faf270daf8e2343af8c101d
SHA512 e265914943678f0e78e81feb8f8ee41f9f49dc6f0e178edc976d82aca3c2817f93c9bec44224ac1941ac461eca0088edd75b74e6bce5520890bccfc027d55a25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6544808eb5a1a97efdee54396e19a31
SHA1 e88d13739916f730ee8738fd29385344f0a1970f
SHA256 7622e76b4067a6f651bad1e52f27d41a919856fcfa72193d393fa94cabf4c848
SHA512 9203ad1c571a3bc2e68574904ae59100417f140820105bf1986a79d86b8f445757f19226bac05c13781c720e7cc263edc4a32a2c395d44534e1f6828c3982bc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a14f94d4866773deae64fd16c497a48
SHA1 d4215f2c46c06b2b84476ad39dd8255be74f4a65
SHA256 9ba16abcd34e1e88375892b54c9f11552de0b534bef48c1b374fe594764169be
SHA512 835d844f549bb90cc0e209a385eb713d6946c84e262826520a075f69d3187e8f9e570f64f817b457dfc63ec39dc18f3f9739dde4d71ac4b4828a10d781f09f83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05fe5a68e37710c710a6ef8c4653c4fb
SHA1 57ffbeb49396852c6b35c67c8ecd0d1241e17659
SHA256 32f01d311303bb3801437459eddfa7e75f86039ac831c045107d1e9eaca222c1
SHA512 a836a4171f115f21b0b916e03cf97e6eda3ae5a6516a2059fd4436635f5324c10a9bd2bed1f70fab7f77c496db4453dfd226a6ae06ddb03d5ba725a935c7cb45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80a70a4131b229f176262f98942604fe
SHA1 411f75e17656e6e2b93ac24a780b0a256124b0c9
SHA256 cdcc22fa0f5bf88af86b957391c300c75ac4528f6d594cfd16220a476ef2a838
SHA512 23b5be00cd35e5fc27043f4064ce56ec5f228553eadca04f8aa7ebf36548cd6959a3177b50f965b81bbbe25a3cd6acc416bc6d50c25ef7779907f31745ca6c74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3c22d5ca4bea58a110efb842abd1d16
SHA1 0895b624aad1c42da53ad620e5bdd7ba9d296e71
SHA256 2dab6081ad1839d672d197c526b00578ab257876d8ded0c2128182a41a915868
SHA512 bcbc0296a96dafac357c6c6745acdab095589b4fd08b70f57ab5c99395b1deaa1356c6819aa8edefe57f2f46032e09274334d9ff0508da0c5b81c1d0b96af848

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97ac79d571578a010dc73aae8b185d60
SHA1 4a8e31a96ab67591eee70a979e20ca849bb66ed3
SHA256 0e1f294ea9f45af7f1087308a0dbcca47edf28e9acb859426076513faa654f4e
SHA512 65372d318d09d9ac2eaeca62d9570fe75ea0be1fdc284667abd93d4bc8d6ca00c0e925e593023f8776d44bc4201858c39cc21710149f1d1620f497eaacad24f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f94f3e1d50584358ad6624ce5fdd598
SHA1 da7b0b2041a9b7dcd524d7cbb8d87923d0adefbf
SHA256 38472094a5f35d0235a58d6fb12b61de60968ccc58a881448778753e223bfcd9
SHA512 8ba597b2f58c96e133278e137666bfa7e5a760c8c36d3abd62f527a7d189eef582486be0faf2082b889b3abda1e29052e9a0bb220518f409b260b6ca149325ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48be85e2f34bb9aeb57b8a27a38a6a77
SHA1 d7ca4710a67a4b11804e2ab2aea3457e43233f63
SHA256 79553ed99a599004fbf771167a5bb2b27b71c5ae51aa2038303092aca834cf8d
SHA512 7778289b1be23060015bf7f0f40528aad7299c2605e7821abbf361c8b46edea21a42f6924087ff2d340c10b6b69965e9f36f290d969f803748c58ea451acceba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27fd590b515b98f4e157d1248e7b361d
SHA1 54bb6e0864c1ff9e07a11fe1a3965a99b8e2f775
SHA256 324a15929f59bf60b3a20ea6bbf5bca3b16f7e19034fbd3e9093fdede1527bf1
SHA512 46003493c6e207eb994401590ca10a38d4f3e02810fc115063e6c9b3b6628f9c42bc7836300a251e3938f94a905045b5a0116b533fbdbfe2d774de9d1af4c6fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 182cc03ade7653f6d737573876b1994c
SHA1 45a217be63b670c4ca714d86b87e927830f0a7b1
SHA256 ee11fd7b5d06cbfa76492913b132dbc04a8da994792a7aa8fb784b0e2048981b
SHA512 ce144bd49cae7b6eb84fba247313c644c15b9f5636b48cea784c0786468f41a8bf2da4963d52a2748e54dbc1a8a9d0b9c00d1f496d950ea8ee871027d7c907fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e60abf201221e2bc27f6429c0a132915
SHA1 d7467b2d63bbdbaa6fa6fced26287605c2593945
SHA256 96da030ac2d063bab435d7c0ba901990f640d8b8709591fdefec633e2bb634f1
SHA512 87aa4ceea5267376cbc14108a872287c3f203489b0648125547225652dda5e3de463e8f2ea23d294b43961ce849cbacaf08fc4ce857f8bc04fd1d015e8f52844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a2f5b519b088c04ef3045867d6220fb
SHA1 6cd7d1323c9cd2292638c643eaea5908cc2fa18c
SHA256 83324e92867148092ac9e54578a8cdff474006e6fd7dd8796a5bf7c4cbac9a9e
SHA512 e938373337ce12865cbed9ffdb6ba315e615a3cb8be8896029214816809a98eaf71be04effdac1b1948403b25602c3b141738a15326a082309260eaa4fb2b3a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93e6064e4ea320cf9812319cc3b12e27
SHA1 2267d5970c1c71e8ec5239d1cd05955ea0a097ce
SHA256 fcbb937c3eb04520dad9a55491486ca30cd3742ee466f30ab4cb03fd22f61e40
SHA512 dc840249209128275ebf8b8de2813308a69db75659870fc65b0db10510181d0cdef0b88ea619c500a00b7cb7facd8dba26732aa012d5ec8fecd7d35bbb806711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9590deee31778232ccaf7cfe8b3e06a0
SHA1 4437a081fc40e2c91cd6132a64319940dc5830ac
SHA256 7724c11f1382ad5ae7cf10a41342c2cec4b6183a7827a6089dc108f56112eee2
SHA512 9caa419eeba14ee67406b4d2c0a2a742293d17c48a99efb9ac86ff36673ecbedd19f75b48fe296ff5f23984c84b23a577fe6396e0cb5c87bb2b99351edc37107

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc0956ecc715fcbe619829c612c1b8b4
SHA1 ad3b276648331705114dc046926c1b61ce6a2112
SHA256 950c64bd92fe4c036d4a13ec009a68e3697c4efbb42e9efdea37a251d3b818d3
SHA512 b763fd61230668f45d765db1db36cce0df235c26bf5b17ed12115e4ee9b56187d66adaeb39261adc799ee4604c0b6ca6672bd8b6151aa53d60c6e2cf4b25ed40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac21c0a1b088f6cb9f1f005762e72af6
SHA1 8d22ae835b8adefd7137c2fca18de3b6c0dfd764
SHA256 5107eade27addc4b87589e7e1af031cc428362f58bb6afc825100205d917f4dc
SHA512 4de40fe4f166a1814c2d8d0106376ad4db59c2c203703b071c7a23e78a11b0d6edb31be58488a1654231e2d61d5b912edf799426f76f4ef19d480e9ac146e02a

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 913d1d7acaebf879452b799e8dc6d1ea
SHA1 7fb5d2843de76a42d3534d3b63e1bf5f2ec9d867
SHA256 ccf13dc4c9e75e732df915f491b603354f5bbf89ff5a86aa6f36d0fca5456ba5
SHA512 82217dbbf156d2658ce71daab14283b1b45e40080c1af9f8b7edd9091374f8c9a505a0157f08ab2ea929df91d2adec965317c61db7f341c9713d375cf31bfb6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 805781668dbd9d2590dbc7310cb75c21
SHA1 8c585e6d09730d567156ce5c07c5f791e9633631
SHA256 8fa222cedad1dffcd21e2f9262b40ce5a2f3dfca69826a469ab906b200b35289
SHA512 aa02567e0f60a9a41e5845717a09d66e80302911727312819da79aa76852d31251cfec46b4b19ff5492b572830959d20da0ae5a8c6122badbeb74b2f0d74c799

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

memory/5064-2036-0x0000020A09A60000-0x0000020A09A6E000-memory.dmp

memory/5064-2037-0x0000020A23F80000-0x0000020A23F8A000-memory.dmp

memory/5064-2038-0x0000020A23FB0000-0x0000020A23FB8000-memory.dmp

memory/5064-2039-0x0000020A25230000-0x0000020A25479000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html

MD5 effecce1b6868c8bd7950ef7b772038b
SHA1 695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0
SHA256 003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046
SHA512 2f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1583795126bb7c877a986d6164b258c9
SHA1 57571314cf53a2d10053c18dcb4e093b363737b8
SHA256 163eb13c1d06db43187b7bcf449e96c818cc34f5a8f40580cac396694f577981
SHA512 94c8a4f259121bcf95733a4ed559b5aa23e694784262a762382b65e481aabd4554d3461ada15a88cb21636ac87c1794bcb438504b33980caef9c239ab7c31074

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7466035b3edc64031e313d2fe09e48b
SHA1 c58d7e1b08dabf15e4eaa3b5a0715ce222783eaa
SHA256 4f46f86163742a569d1d7716ef1cfea31cfa58c773b6ed1a6da28a8966829558
SHA512 c02e2454d75b99d02196e4ace1b77702679bfbf996db743e920799f3e2ead55ba3ffdf66d594042a72258fd8b1ccd0cf770ffbc0ca3a68cd7cee32c9830076ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc06d9d0b6d645a34371ea7069c3ce8e
SHA1 25ef4c4b15d1707d016eeff00ee08cfd5add616c
SHA256 43690fb4867c19667935446b0278af7197b53feb34ebe4e5ed5b07872bea5969
SHA512 68aaad7a7e226757e433787f31b02f93c7fa4e302e751eb1e75b726c773b22b888649a0bfde310897a65ea06aca425b7b49361c753ec4f6d06cab6eeffc461b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08fbbc6fca4181dae938938a152cd922
SHA1 75abf72a747526f812673671cb43556a58585e7f
SHA256 1ba5b9e7cf8ec8122ecd7e9b1b30c818ab52a45f53a56e4d87e16a47e7d04fc9
SHA512 86faf7e5ebe6c4b1d77af235b62f3fc112417a7e417765a6107c3eb9f9b99ca27cae3462a92de51c4976a70887179d21b5274d168e0d6c3a89bb8e202d492a54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22607618f0328b28590cf03aeac716dc
SHA1 d6de711733748c873c66a2e3fb302d5caba91dae
SHA256 279341aff8de2815f924abf3b69773b82aa3f8221646b5e51369bb94066b5ad6
SHA512 0199021b344c4b35017ec9bcd31553670c44cb6864ace791f5f1cfd5cb9e77026aff07612bb13bbd42783ff216b5e00537dbb0dd5f2bb23ada3f6be810754ade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 974b2640712ac0f8732586a473df6a90
SHA1 9b8cfd74fd506877b21567fed27885349e7b6e58
SHA256 6769d2706d866c41040d02ac1e7e40f559149e7d2ce31810bb94889d34f9fbb3
SHA512 3059edc3907eb9c5a30e7dc8be9815e5c5ab074e7cf9312eaa3dfa52c991b9cef32b4fe1c825e54e0aa9e0187a4e63264beaf8aa4a136817cb6d59a1a04378fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7eb4d3d09473930dcb957227daeee40
SHA1 c397eaae741580f4f0afa1d559a4588cb57b84fd
SHA256 ccc769c920d2cd2dea62e4c4204cafd1f2142708f0996b9ed46003bad8172f49
SHA512 41c955dda4e72628f9d294b59d9a22bf8822991fa57f9d4e2b0c48afa80647d926916af0eced9cfea95e77018ec4aa54b893546cebf0165faa062ca92bf70bbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37ca2f1ceb6629ddf2110c4b346158b1
SHA1 40f29bf78b555eb18597296cbe1bd3f7281b9316
SHA256 7e0b1050f63fa2f379e0468f7a325302437bd002a81cf64ae45f834314a7618b
SHA512 c52bb7e37da45a97c92ae676448ff65e0bce4b38c69531594de082f2a28404121ad594539df4b7052f4897e821bfa79992394bf2649815522708dbd0eacb0693

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7468921784597a09e0855ed8ba7f32d
SHA1 a88d8fe30681e8de5c239c7d42d5da203c684e0f
SHA256 8ac8e6ff933b5f01fc4a757d9bdcf1f9aa2c181eab115321a897500596ffa543
SHA512 59ffe96ce22c27dc2ccf8815c6f9372dd1bdf041f4f7c40242f2b3ed813dc8c908151bc73cebda3e8884bdfecda2c1a47341c9150f96784db2139921498c7373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15d55fe58a0d8b54da96498e80d004ea
SHA1 2559820adb8d23f60f97f1722dbea0dc8d5f553c
SHA256 ec8d7e8d320bb06cf95ab6e3cf76a4b4999b7b9011099ca0cd477c5f8b84c132
SHA512 02ad46af9085648ecde859cb66fd65bb80ed9d41a2c72ce6e033c6a3c6c7693cdbff78dbd044a00998a0343d496354f796d9102f3512bce207d1eef19aa07e81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3fa6e76216f18abbf8cd0358759e61a5
SHA1 82a6cec4729d56033137c81f2ef0f887386abeda
SHA256 5f886e6b7cb9936d03980be5fd3407127cc3012ab59375dead6d609118aaf66e
SHA512 40b4c306a1a11ca9ad11c040c0b416722e90b3f09933b0199c6e3e053af95ddbc751547d0e2c9efd1054c026da7ab02c40e387b996d7d5c0ae9a23d1ac44c693

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf7946b162b68650b3a03fbf5b3fc437
SHA1 3ed786a99cd41d0deab27e2873b316a1282cc07c
SHA256 469436dd846bbfb44e10a03353779ac9b01de8e365de5489a3698e49c5f8216e
SHA512 29dfa1ae32cd1475f716cc2ee160d61b71f76c1238158e7540c93ef6d5efcea8b66d3866541770e6da1b4ee3877c5e9941a7773bf1aedab6bfeb52c60fe69f79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 288292703420a29c077bf31e2e602b62
SHA1 7fa2a5744acabff77812f0771f4c7fa3bad9b8db
SHA256 2926ca4c9877690ef540eb92168a8c3c56aee503553aae76f3b456e09cfbf08a
SHA512 de4f9556eddd3dd9ad68fa914a3bd8a0cafab7e8b7c184c31eaf029f75479cbed7a130ca469596f12dbaf3a7688caff261c14c911a32e299430d4bfb827e7f9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa7a92337b9aca87d35d5ef281bc35a6
SHA1 a461ca57140857569de4e0da85502d7be1610a8d
SHA256 4f2aa4f8803cb3f85c757dbb7c5145c47ebc7c33121146cebeb6e350ecc90464
SHA512 6be9fe0780d8dd892936b1ce7c92e09faa16587ea2e2d95becc236693574cc76ac40fdd92f0288ef4301650f4ce565ec097f0c4da5d0c7eff72717188b1e7110

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a4dfa2187c90bdd256806ef87f5cabe
SHA1 183816978e99e21276a79b0aa48a233f6126cbc1
SHA256 c79306d9eb54881cf2282e4cbc09c84415ed427a9e0e408263b6f1c38cc4a507
SHA512 d06979f99c2c431aee32a961046142fa50115473b123c1e288652382a6754481ee295c94bb817973487e28dc9663becf707f5fada205f4c8bb449cce02996b7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c29f0433460c2c6b48d23181c5d729d
SHA1 798302e93b62e408c7b4a052d0ded786f902689c
SHA256 aa0522ebc50e4d2b66d7b63d2b1d71303cb42bc93490f251f3223183354d4e51
SHA512 f61c8bd9df14e63c88abc8ae63e354468b049b2dd3c3e01e4ab41b9cd4b8ef9a9b679401bf534565e0267f962f2e1ed3672b424c028491499f0d9ef535752291

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db49065d9681c467b665a0a7e3279b63
SHA1 84c739b8c07ca6a007179f4d738d7947685b0d09
SHA256 cc3525f4bb66259918f8c3bc08b4c7c7ee7d34843c8be08dc01f3b947146aab0
SHA512 4faea5080aa10887323fb623f5041463717e900b8b58d9d4be1c61a4d4e1661b8e9f06ef1ead456e64c89a1d2a32ccef9b63b8729ceddc7b5bddaf3a827f8dcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 547c46ef6d22c680c692a2f0f43c6dcd
SHA1 a0b2151f340e4b89f0fe2bd02fe7b0e9ab848a23
SHA256 1d935d6fcb79eabbc4524dfade425a3b21662c6d1c550a1f7a57fe258e143e38
SHA512 88581ff172e09fbeb71e6a26e6788710079213e1c381fab294301f4b2bd5f7f88d442c492dee1f2f0ce77406f89dba90cd4ebd3c302543ab04f69361ca7f85fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d35175bdf6bf314a9c264378e592e8c
SHA1 d8c551a41629589df1eb414dc258d0002383f5ac
SHA256 23a37a27461b543c41460148a911814e9b872584eab0148ebe28d694dcfb3e6b
SHA512 6afd7104468e8d4b24e7189cc89e8a6655662acea9fd72ece870bdef8f331c4de0bb235f60347caca9d319866d2a1511277e4fc7f324c3c32f744f7c431967c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abf2bd69a5e0264328270d80acb5ca99
SHA1 de391bd2e82cd5c3f7d65baea1eb8c3258387765
SHA256 931b54ffaee5183316779e6582dcca4017f8ca45e33dfff595c5a56305a507be
SHA512 e5f1f115c1c76cd635b08355579c62d497f95347127c6318cf73fa8a490c7403cc922ad9ef24a59bfaae7e4e12465fb6de444e15cf9559ae2aef9a63eac86666

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f669be5d99088d9c0829dabd8f7fa0d
SHA1 b5f1edc6cf1ddec79efcc6800b47f5fe6d644f9c
SHA256 f169b137525d5c2e712c4669694487fac30911b07cecdf16f3b4e4cf11b17286
SHA512 c76ca4c8296c4cc59193b2c64abd469cb0210074044b657eba17c2555e6b90c1939c5d52d11567570218d952f4301ab9a215649a4c6955407caa9799a4aa15bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3836156c68d698b9c4bac9a92e0ddcfe
SHA1 144f12f548b79b22d55728848a9946f84e9f7688
SHA256 d9598f9b8b284a9c3f9623110fa91992ac3d97c0a3adb18e1207b4a9b98febd6
SHA512 aa24fb090666335bc2cefa06fbab6371ad84713dde26fddb2a59c4981f8eab92fdb0f5ec80b964fba08667d789698d9b212541991a97536755c88085b7c46804

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5e9e20ad35df70a4ca65c173c7d5bae
SHA1 fda54075043a2e06e4d4e341406dfcec21e67b8e
SHA256 66085eda3554360778851b1f5dd9424f6096134ecc57ea1550abfe3b4523ca21
SHA512 844fe7d0e3ae40be42fd7c316e8bd1af501b0ff6e93e8df8ffbd910fee03ed1321ce2288d6dd647ad1d44d8a884d749a7d5c214a63d9977bdd452dd7b3e6ac35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cbb78fdd7eacc77ff36896927faf4e6b
SHA1 e6d7d5aacb38aad1739793cad695036d0efbd33b
SHA256 530ea0c16c9f4ae7d020e26f54c1b7aa754f954282e2b5bf246cafdf0dc9506b
SHA512 3a91b28542226683cd6117a62d2638b965f6d773a3e9a4dc3e1045e9c388608768ddc4e2c87a65987c196e32211272202e6f7a6293a758d5e7c9fc9d0b0c0131

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 340acc77a40d0ef06d2aa8d63f189048
SHA1 a3dbdbbf9d03a1ef189729cc4035909579d2e2f4
SHA256 de5106e03a978c92dc1a95d58efc1ace3595b15c5ab4cc3546fc24097b84ab8f
SHA512 cda4b4b2b4079737de14b9e27213a41267b50d8d6bad90c1ba850bd80b546f8ac6b67eb26d601d05a4e8b5c487d054f6a72331f754280ccbec0fcff99a839d2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdd5a6361f9f18b4fa5c1b1680dd6b4c
SHA1 70dc03ffd4069feaf03a41d2fd409d8db3537dd8
SHA256 f76bf097fcb7067ffc30a20e93c1d44426f562c2b2692228ce635af0eebe54be
SHA512 4d2e67c9f7e2d9dacd7296f9f3905bb0fe6ce42004c8f8dbd708f09dc9c9002c728e7c276267bc8c11250b1f1be7589725fecbd4d3e01dcb4c54461d9e211c97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c69ef44b417dfb6465ad4bbbaa795b2
SHA1 20cedb00552ad0eaba6850477ddb9993d620f9f3
SHA256 8672895bf820f11013595f40a838feed72736b408d2c41d95f426443a5f0edf5
SHA512 7ff3136708d0f7b472ed10d7fb5b8a148945f24842e3b03afa12801a0531cb4717fe9d9a16e707920860fc56295598afa2b60d0cad62e4288f3545a1fc9b94bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbe571b57b84f36766091a90b198da84
SHA1 192827d3965fd94482079fe116d2758d10eb58b2
SHA256 22902e98d9479f40464acf62191b7aef0c4a819618d5ef609900f1ccb62ef940
SHA512 cdaf626f74cd64eccdd0b7a772032c4e2ad82de4c29ef050e57e604aed9896bde327737cb1d70af2b1244e00639b13f8b33b4adf6c0d11116614f8225fe440b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8005093e1ee4a0946f505e9dc1792386
SHA1 6f53e66039b9c1bc63d754ec653ab7f3a7d1c92b
SHA256 a4f16c29767427e8bd41d08a2ee293c20550bd4cac44562da136eda0bf22cdb1
SHA512 5a52508f69c9ba7db8e3a1279290174dd6a60c0b431a4eb1ec7df3422a3bafb342b0c97bd381589d4532be2bed4dda16ad2eaf03702807e57d7a2af7666b05e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d75905578a290305c64a4d944f7a2d92
SHA1 1311f375e48a97f6416d84bacd595b05b6958e4b
SHA256 06988530372e027d27444adbfd1b61e6b3b67675d94b212e05439cb5dee6e1dd
SHA512 31931e132d4461c6a552d75582ccb2422639146e196755005a8bb012fd7bf85bd43ce7839adc2918c9e499560951a02faaf302b3d8de7b3aeec9bc982c731a21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5bc8be987d994c1e4f8f9fb71f7ce5c3
SHA1 6273e861d377bff79fbb5e53e588c136abc205da
SHA256 77c640edd835cfaf82099b1c242e5b04d7700074e63ceb8249b57ebe87c1d4f4
SHA512 f668cd2323a94e5e272a87c1f2bbb465daefa10d4ff704de71d70323681dab339d6a44c0c4cf8464760c2d7072ff1c0afdd142243ed376ed738ab56b02231a9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc53be2e2c7bc21f12f473d60646f533
SHA1 d7f5e933bda76fb3ac76469053d27c4c11daef9e
SHA256 6e9887b19271371c88f2e4b6a40cad3f47ec664f31ff483e5583aec4a55fcd7a
SHA512 7b0754a8e038fd1037d365b6f655a1c3aff1aa29252f8119032a3ebfaaafa70bda10e6fe71834f81bed03c41c80ab4b76ff4368821938f96c6c608277b9ebaef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d31297b634b1b29d83e95a02c87f1e09
SHA1 0ce5e2652212f807830719ca4b946f4141a5adc5
SHA256 ad610292251d6cbda2370aa8878997da8e1e0d9162164b70b8d9dc24d669dd0c
SHA512 cd08a91cf1a13d00d49f097faf68dd91268ad56fbad1356a3b33ed51cb3ed016a2ad43294f02dc6cf8987f48354d687a34a7663d5d6ee14024f403f9a492718f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6cbd64157942776613cdb6a4dc61819
SHA1 e83957bb1bb6b8a0c05d170831a9173ae3232c81
SHA256 dfea2c8aa6f9b6673802b7c6ed712dfcc270e23c8fb449369bb7d3ca0a5f995c
SHA512 07b851cd88675450ad51226fd243749f9346302b1bd59e3ff65a210db3f2bb8150e52e1b5fdafec20e8c2ba4613c2fe5002a106fcf7416412c7f98af7122e774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f1ce2587767ae2e1abc00e9fa535941
SHA1 73d113945e74f641239f9f5debde1db7f3c29cd3
SHA256 47c7c0e2a923a2c7a829ba277462597f334c0060f6570147e1ff890e5ebd9c32
SHA512 e2e36db3bf2e700c6431b1acdba58de23c7cc680b9751795de34d90d75c1c77a26c698bbae479e4b0995749d1a0253b90492e34026b4e76c841c408216534a85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd04bb907387f2cd44dfb4c3ece15cf2
SHA1 58b7792932f1afa5ebfc0f5bc397192bf6dd9984
SHA256 ca6ba6dd5dc72b414b27936821c757fe09bd15704e64cb64987f2bd788cfca00
SHA512 7730ee91cf164e335af9723e78228f2a9f5664db6fe8e445596378f4077a8ee255b9d7463485debe8199147cd908227d0a446fe2e10dd566b161ee4319cb17a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a58ab2f1755a0a2f4ae430eb3210a2c
SHA1 367b288e5010a9bd7a0c70a59f7a3897d55088ea
SHA256 1010a01973b463f1103d2e0aee79a9b5a6fa4477986bcfcc15f3bfcd13119461
SHA512 11e37b22dc98f26eec906fde37bba582ba99b335a55ea979c4d00989d1736b896b2d5fa21250244669b9a29d28d5472fb41fdb4ec4f4022dde7b6d058237b9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd4cf7654915b383904e1f200467ad5a
SHA1 181955820b563c0578bd311ba155739cf6d5ceb5
SHA256 bb7c3ae7a32385771b5e27b9ff879eb7810e7282a2047e02be0fcf54aaf3f12c
SHA512 b4a2f9875420c51cfc50083078cf13ab4dd344e2b1f7445fc8e11f71f2eae8c66003b3658a1d03019469ea7ad3c76fca0ef74cde93c0453971bc862f7674012a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc356828c2276a82f1f30a698459bdb8
SHA1 5cfe5ae6f6b4e85798a5a0e207c289c1fae2852c
SHA256 107fde06ab4ecbae08647ea3cc7647b73481c5291f71a8457671b13eb0e8ac4c
SHA512 8623e887789d2f86ebe7918883eb9b5e81fa07c0fba066df582af9c1789575c75ced174cbfff8a5577bc9c6314841c268ed1658ef70fc666f1b48c9ef883f08b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8186569161c44eb376ade4cbf3d1694
SHA1 90ffa472e88d86e1ccd5fa42c2e492ad170179c1
SHA256 ee1d9fb275640a00b2143cabe36fe92c31947dea72a9615010b7f550e4a956e8
SHA512 7513837228a987ae461c84d7538015e8c6306eae2cdde04423748c12196c614621fd8f236e8f88ac3ed14a87cef64572dd69a00f70a221155b5a3733a087876d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af90d639579fe5b6723266b40df17477
SHA1 b54694bd81131567430c848dff252476a054ce69
SHA256 a3e492e376f8c84eaa9dd285715469760aab845b213aea82002733ab6fbecb28
SHA512 7a484bd7096eef73ae8eef4dfb283d2c8d6d36664216b07e2369971ad97e46d59ecae2b4d6036fd247edcd97d6c8e45dd924c38149fcbf2321932fbc8ba8947e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65f8d465fce7114927b8625ec04ba49a
SHA1 c80db7ab057b99eccb5b879a1b31208bd4201597
SHA256 80f5a815a8bb7790186b82ddcfc09cfa26293f3689d604794db70695bfaf8001
SHA512 eb5de3754d50a7cca7f5434002f3d20c1c713ebf7a07400a7732db1d4aa376cc0959f8e585ff63de8af9eac3758be02822bfb135540d5000017dcac7cdc2a587

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3900f5f7c49bbf0b7773c45ff5aad37
SHA1 794a099c7b9df7a9fac19e04a9476cfb31d33d1f
SHA256 d20960bf7d093aa7dadc4de7e7de0b9cba24d178c40eff398204654bd91a1b70
SHA512 e13bc4ae8244eda5fee2a615c1d601575423f7a0d3d9c10e59d7a195315b15f1f83aa0c902fda194afcf6d69e20b190abb5990e4a018d9ee291b4a85d34dbb67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee85ae26-758d-46be-bf7a-cf9038440310.tmp

MD5 0207619c1be2dbb1dce0f753ad74617b
SHA1 8b29f8f0fff7566a08af44b628275ed282359268
SHA256 b7b72916c18d1b0631dda324d43e3fcf9f0881727411196ba268026ba38a78f2
SHA512 00c4095d89fc7a1d935cd8d18168b88db85e8fdd099cc6d61fd8d59dd9c1fd9299f4fc68d74cac92d9f4fca5475986c9c23b596bd219b1d541864192f2387670

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b6538355cfdf8923e50cf86b164ad3d
SHA1 1214634e1f28aa153e6a18e824e3719395df44fe
SHA256 71b5d1e45186b1efc72e32295d2b52e462cdb632fe535433c397aafffdf22351
SHA512 66a5144a8fc8e3de30436fe0cd76fb28c71452b022972fdf0ca95cefeb5afbea91444220d2306bd439dda3aa82805b10af6644276569237ed72eb59c4c44200a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 793388770d59531d4a9575106dd021bf
SHA1 9dd07e6d5d7bdd76b65659ef8b8c627323325a0d
SHA256 2fd8db4b1c3af5135650f88e9d83eb66a7df1fea8b61efbd7e8764f63756a9c9
SHA512 0c60bf40b01829d56111c0171306e02bb6160a8bb6011bf1bf7c8a2a1674721986837098dd2e4366f04b8ee510a07569b65e1f1c2d36ee6f433bf6a96b1d4abb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 706c757892c90f212c0fd767e9511802
SHA1 15fe216ec819c8b152cf420b32b0ae3a6a9cb9a8
SHA256 e2dd51466a92bc10c51df4f1311b5fdfe19ae3eaf61d427b223656971caf25a0
SHA512 0cb4c8c33779a8d7545b6ffcf6406922a68de147cd34f4b3d19dda4514af35f7aa1c39acc82e3779f14a206066ae366f884d1528c989dfaaa80f645bee6a0e92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4e5e3107-e956-4eed-83a3-3662a1f2968b.tmp

MD5 0eaf49577e500e4e88cd1529066d4d93
SHA1 0ea564c4d394bf4b73fea2d9c67e9d06b3cb05d4
SHA256 9d8b8a31ce25e2eb7f4312c2ca129a136eb79f36a948d74a284c86817df89b62
SHA512 e7c4d635b03c4932b16f724de1576baa38377c757aa8c1236dc386e7cf408db1d8b8ed281eb03e561bd9f6ec54659de3ef7aa30bd7faff733ec310cd3b66d54a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9709688c9186abaa74b3b9c3e42ed2d1
SHA1 1484349ac9a511709e0df87c14f7f29eb3eeaf43
SHA256 2908257923eaf1766f2c59d84a12187ae119d451af900469c4fb6fda403cd1b5
SHA512 bf4146e811028e7043db93f9355fe0418ab4debdc2813ea27743bfeefe6b2f8bbe94afe5b15a3fc9fdc972742cc5383ae7912fad947ffc68ed40e224a8d48eae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10d1cb5c2308a017501626a83fec31b9
SHA1 58806e145967d0beec4bc30da16b9ad92390bd25
SHA256 26f9f2ba1484db6c9c270b840b29eaac2e78c366080ca4fac0bd8b6fae835630
SHA512 9a8efcfffed8e2d3ef53b80309be48f432f51705910d82645de6b1e61855e9256a6e937b15672d1cf80e557f17f06527170bda93f2f4eef6e6011d84de1f3601

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50eb7faeaae6a1cc452762f001dc8325
SHA1 09d4480c5039eeaff5ab720842f71e23ce321a24
SHA256 30e2272a6faadd1787f2d5e965379c748cc4e7aa03ec27d954fbca80a36f6aa9
SHA512 4d50a8e6fe99450c80e54c1b02f91502b81fd18c08f4018a6bd4ef3f868f9a89f72850c329b958d6103670718d03a16a2f47108d292c8aef8659afbd76755365

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31c89d8d6bf70031f80e239b44c47b29
SHA1 d8110528bf66757351fd26423e9969f3a2a0a200
SHA256 bc9eb3b5641f742d16fadbcc87f12c4b2cc0816581afadcda5560605ceeb6760
SHA512 9f54ad91ae6aba724c0a40a8e964405b5b81652b0fc9ba80e43c8886db05e07e6f0e66b730223d5fba57f94160298a43ff8dce626ca2525ce69e5e2b415d5aa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cdacd7063abd05952b0205f03135abf
SHA1 b0ae638d2273dc0e8a896e85f9f29da60076d634
SHA256 1668fded1e068e340f9aab8e380b8cb28d98f30a8c1bd27f659fe2b9b40923b3
SHA512 f7d771705cf0613f03099ac8b4966fc6711935d1ad50591e08e49e5d60eeddf6602bbc17ec65443ed40e533194a0e91f7ef8b0fe90434a81b03366f7bb4a14e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d57a09c2631b87e2178882ae5968fa9
SHA1 34159b4ae0af56faea2333a8fe7f6f04804e61f1
SHA256 07ce1719fad3ac2f2a6b066042acfe2e77f6f13238cfa66b4eb3e2beb80dc9da
SHA512 17cf86195b234cd1e0b78dec31ed01ee5e5786644c023ffcf70c17fc6d8688befcb5983e4a97b61ab6b012d34205f61fa2b07bcaf20197e6820451309774539b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17d952d2e067e43c0c1046ea8041ee55
SHA1 49d0a82ca1b1f2ac6fdfb5ed9f21437718c2c2ce
SHA256 f4d7cadeefea01ef4131955e2987a62585bf950524c6233686fbc1f6c2412639
SHA512 892086c76ef5c619c6cd7c06656bf0dc5003b77022a8ceb9fd8e38720803dd00be395f7d068c74a68c6263e922c6a39bd8e0c74818e424132dbe8100f21ffd21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42d27b9d0b09dc3f0bfeddbd09bcd724
SHA1 0196dc87fa222c229e3dd89ac0ad2b3854c9932e
SHA256 cab148b2f997077d66633d645ad1ac5d3176d01a15c5581311b74e7071caa7f6
SHA512 81c71312ce12ca0f3977cde0210150c1d1aba2ddc6923686d75429c41f7eec111a25ebca9aa5619c5b090abea7338903c0388c16c62fa5185d29756b060358a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bce1ec7c1f01bbfd5fd9923e303b535
SHA1 b3f47231ea233dbb5bbd8827af5dcd344d524075
SHA256 3db7be37821526a1f48684d1e6ff64d0c272d9c95cb08a05a6b841b9c6b9f49e
SHA512 8461b03f76df046d3998d2105e354a4039856bd430ff5ced51191a28598bac592e34ac00d8ca1b86deaaba0e3547d53a678cc5ce577ad7a566b1079be23e097b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb2a4c44ed9aebe4a5609181ea89cb2a
SHA1 36fe3291f04bfcff88c412d413857563a422250f
SHA256 0b74b37dadb49c73db99097188da6d8e527733d1a1188126c23f2e04d456a4ff
SHA512 494703b83324bdc9872f739445f9ea10b0467c9649b16629896017c84e59f7e5e27cfcf3a0e5c4bbac7dc52fca698b600c9997ae7aa17e508b697da29947fcd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d05704c057af8565349a16968ae76aa2
SHA1 e8cb3b6db4714e2b0ec26dddff19688ae9212d50
SHA256 ae7d73e90b219765e01cb3d5226ef7ed44c6c15df92f19dd1971a37bd2ae3c93
SHA512 d9e0401116962ef82fcf670142e2abe47dccf46fdf5ab333739ed004cea744d297f93fa4447cb8ddec618a4c9562cc7c27a7f717d928567dce87811c0ce1460d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fcfbbce4982408a3c9588c671dded02
SHA1 2c17522b81ae18baa059867046fe80d43caa9285
SHA256 3d5bd48596132ca4ac37aa75715f56468c4785f9f34ba0e485522836ca34f39a
SHA512 a963e7c58988b99197b2c951458eb6480690d19447a3001dce8cdce6340b9b3194f0bf2c6c7a29e6df25783e6065bfc999e70ed6ba4bbbf22de99a5eacc1dc0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7035aecbceb7c3a512ad435976052e5
SHA1 dd9430a81e351dbbdd4256fa50086d3b92ae3d40
SHA256 d24780e922c1f17ec9c6f13d928d102670838c7b917f79a35037544bd81e2db0
SHA512 d4fd0d9788319407ee8466b9a51584ccc2b5dc577c1106a50ec1d6918004371fe2b4753eca3eeec083ecdfd39299584ed183b9f2f1cb3bd93bb4cb5b9c139eb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33c0b418c399cda2b24bd5941b1a90e6
SHA1 f260b759f222876295d8133dd1a277e4016c03ac
SHA256 93d7e407d3a39b4351b5eaa819a48adc886f4e45a7d2be7a801a0377e602c1e6
SHA512 5df28c0fab7befd31197eeaad9feec24ba79e5aa9aa3e96f7820f549334f5287c4b825de8206c688423a4a35d26aeb2eaaeeaa79f87614bb4414b76f9039f313

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 830a3e7bb198508b3698dfcb0fdcabf0
SHA1 8cdf55e3745b1a39e932d8c38df015d377566116
SHA256 d6161cb1f918bf276976a6043c2d7efea3f3919f6b3a75503f57a082ff65badb
SHA512 fb16ab814a6c210a4157bf97b62a4c54669dae16791aaa1c7b67f8d98ec8ab0e8335cb772856045a8b3d1b415e6860e7cfcf4e887c66580a498b1dd46865050f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f114524e1a5d79b042605859ec13c48
SHA1 64a3c3a5c54012045d2dbc9921f47ecb4ff068c5
SHA256 078280bc5c4fe589bea8c46142106e025538cf6d07881af241b753537d12594b
SHA512 e4ac7ced66883dfb904edf1b1c060c32e2e943730f4f44e19073c5b3ce3dd519b5b83ee1e58f51e6ea7ba0e3faf59c0609072dea68339efc8c72307212c83457

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70e1afd47fa9977ed2d40074a9aee7c0
SHA1 da1b6b6444a6977942290d31cdc4fe6375267aa8
SHA256 0cfecc8d97cdc8a1aa26235f9e4095777bdfe775e60b4e6d4410ccb3f3aacac1
SHA512 6073ba024ba87ebdb3fa9be505298abc243c38ab896b0105f77c63264e294070400cc274b0d8af2dce07d9e077d6a69496cd7849e893bbb5de800f988ceead1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3702251a0c54da1cb1b31f136f7024a6
SHA1 e4d14566addbc604563a6cc15cb1d6efa398adbe
SHA256 2760b90e02e4209c7fbe58af817854dabaf86dcc8b4d057c01fa84e09c3c68b8
SHA512 cf80c4adbc4eae7e164c8fb5218a1ea63933407e2a2a1d64d652c5a16c7d0d441db3fdcd8b0384bdcf674376197b723df2ef72415ca0298d7bbe87edffd86108

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8467047941d23c7e042ae9cd6d10a83
SHA1 8832555930e2a698af62206e912d347a481e9feb
SHA256 9464d02d583e56620810804a530e37bb2c783d05141eb8acdbc0f87b6be5d786
SHA512 783c7afc9b1842cb6e2bd7c16b5cd9048a1cd3b82849bc51b14c5d8fd0b523f46f2a2a1d025a17d1702aa462f6cbc316c2f9b531e4bd6a0d6b323816b4b829c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\886f08ff-b36c-49b6-9104-9ed2138ad233.tmp

MD5 2882042127e7c817e0b55066fb1e5c79
SHA1 ff6606b56f5d0a3105d655f83c375df830945584
SHA256 cb60095d00d3e2a8c92b39c0732ffc5453ea22261066373f0e3c7f1596bf7a40
SHA512 9434006236eecde10ee7e06b2a1015e12623bbb60950b62ebb951a3b2d7ab48a2d1cec13680034660702ea4f03f467d3190ad533c835fd22ddb296ed92e835a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9fbd84b4f3f353cf46d53ac80b6c222e
SHA1 e75b31c5e90e82d9d65218641e8828d72417552c
SHA256 a78ea875fba01a1827fc481c6c87d4a252a74304a3844d09f76a56b09b62db7c
SHA512 cd4044cf051749eae2d66f4c6baad92a80ff6c36298293daea5bb9966f40b0b652f1ae97bc4bf9a51a0fa2c020ed4680cdce9893d4eec9d263c46d3eefd54747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2db061b586495e07222bf7217383951
SHA1 8884d6cad2deffe57a41f6d2f1da162fbff9246f
SHA256 7561af78e75e2f495da76ca83a39e673bae7dbabb734ddb556ec7e7075675734
SHA512 fc90a6ee69ff072108b4431811bd719d55de45711eb348b45cdedee069e536304aa7fe377f094a5ed910c2554f691ebd7aeca9db37f8c95de653131fecb1683b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bd520c03ab0a080ab18aa6b0d119a2fa
SHA1 0fc78c2e9d92d385e1bffce1868b225c083e1967
SHA256 abe9f8dbe61d7cd666059f99634cfda34e8fc2147a1e666aa16ac6049ec84202
SHA512 1106a4903e661dc804c4cdcef2ce22874513672110947a38ad81d28953ad505b716f9b5dfc9cf71a1af1b672ae0f9ef3f03583594c8e7cf7f8e64599c79d981c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1592ecd8e2bafd39ac10c77d58cee508
SHA1 d55559dd3478eb68ff62ba080fa9030413a48f31
SHA256 0ce17d8f60d9315ab9653d2cae04f41d336c5c06edceccffa21fcb2de3909a29
SHA512 ffb36ef80eba237bf22cf8eda8ca309da3a90fdd5aef573be56f238b8bcdfd1f513f9938dc32374d4f454be017afda25e045a5537b54aad55fd84c8ce0cf67ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6427563fb5f78ea0830e0f0f043c653a
SHA1 da6eb54d107d8f5d0c3f14096262a344ebf7922b
SHA256 cdd78ed0be36f046d28fd77ee67e0faafcf0cbe6217bc693afe25a143f74d001
SHA512 b59c47af14cd25e372eb218a317788e1f7d250cc432ed814f9a62f6f1243970f6e406222ae19b706bbdaa8aba099f42d1505451474557c3751702c862acc5259

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d3b317223113d5b885cd409e54234f2
SHA1 082748b638bc0a307b9f0340ecfb44ad63935fd7
SHA256 7312570054fea266fd6becff5cdf53c6018a7c4b869b394ec8325516c6d6944a
SHA512 9f6ef712f8f111cc68e4ea7edbfd041cc59b03c58398a67585981c3b4e391a4b6ed96ea5a0d4dcdf712eac1fa1009fd9c11edcc35e07d993d5c2f06fa51b5b56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ccc68f532d8da111a2852bc42ba907f1
SHA1 db0aeb821ec46bee01f23d5a7f45325cb8f9877b
SHA256 d774b6c5e02b504315f2d8f6114007ec6bc01da0b799d77ed90d488cb1e3fce7
SHA512 9dd1460ead043af2fc311b96cfac009e7554459f7d2d421deff902d0e89a5211dd7e603d5987165c5877b5c055f5516510357ca658c28266a83422ead9b9e375

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19d15a9f4f853bbdc6996e69f1b7a24b
SHA1 26a4769c853fe647a0b0d57c29a86f689687011d
SHA256 9074a16bf833a8ec1b7fda315da5a769aa661439ecff8f7135c48f455fc0fb24
SHA512 e0c5d1cc250a98292cd2bd1010ab79ed5a040ec9827ad636c1d59b849ee43adac99a90da4c23ae34535e543c17543656b160b0863d88df17a29b2a73f28c97e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8e6b2f2c21d1379d74f4b8644bf689c
SHA1 52cf1a31accdabb92d757e3140f01b9c0ba39f9d
SHA256 fb1c703ad094ca267950163eea39f51159ae91301faa1fd320e0627d1cd341d3
SHA512 3624c219e554dbd70ca13d32df1368ba6149f072107c8ab0d3ee5fe22181fff09128cb22e5c66084c02e36ef80c91efc631879b5c94a7aa5e0c27e0a7fad0698

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6c635ee6b6235151e424eb4ce4add00
SHA1 0627d8e50706929725884e8b5b1f861a5ebe434f
SHA256 b9539cc2a4374deb324995d1548a656382f889140aa03930998e6b0a7abcf608
SHA512 2a523be2bd1e4d50fc92ea6e1d9f188b400508a0a84d30418ded8af4613555a372726cfc7878206b86bbd33a09e7959f5970f6abb19beb3ce1450b2239931577

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02623c5672303f5c587426f64889e602
SHA1 5f728ed0ad18dfe559ee9e1974d0ef57aa2d079c
SHA256 533abd1bd2b49ec014eaf43356c563c171bb2c4fbc0ca5de2bc5477253c6beb0
SHA512 475531b5584e27afb1643b0a1b0c7f8bd6cb8bfce2a6c3e9a0e05483ed6e2c46339816db8e3cafe9cdc2f0290533da89c187a106e89a5c52e1b6f9e376c26f78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6fc3324f1e9cdb702caa4d293802502
SHA1 13a01ce9f6af4bb39e0d6a72e6af8f434c099dc6
SHA256 8476126156d9ad457afcfa2e28627730a615bd228958ab00e2ecbd1e18bf7cee
SHA512 47e1d3de4b6a79eb85f37c486d6c4a9987535b889bef6323ee4ddf7bb98e5977b73d92bd827f55899d053a485fdaac6d4716b3c4d3a4b24cd32b9ab5f6f3ddfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffab7b6fde91840f17e8308b3a065a19
SHA1 b85e6ca19d0c2cd680ed35abe85c8d62cb50e4ba
SHA256 db89df267c0332b2075177c7053a951cde8c70acd9374d6cfc69a98e47c73417
SHA512 8bee08faa27cb13e5d879c20a19214ee24583628881b3e485948016b0b6eb71e15a2a364c2ce431c6fdbf9e315673c60114b05acade3fc6b75bcb42c6c802961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80f239db04fb70ca3eddae59f6dfbba9
SHA1 490f38c452550584de883ef5ac4eec981ff80197
SHA256 77e0140bef6895e18b2097f17c1b28dd10510f281f35372a6effcb5867d4795b
SHA512 d6211ab25f86de7e7f54e018138e31da1048a3d0ec4c7daee7e7412b9f7c8bfcf30f5e7847241f78bf69b54669f34e527be969aca2d847fc810e0bc0ad98e7ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55b48c011ed2b0e42431356f380ff15b
SHA1 96b8839d69b4b5f72f2776dea23dffa3cf90f3be
SHA256 21a7403b432b1335dab9882dacc9bcdf15a20da10a2215ebb9a0c45546cc8472
SHA512 cf25c46865aff9766b8471a256bed6dfde703add7713e31f00d5ae5c285a7cf420232989752266bb901723e19207cd701e1976d5b93be68e8173e5d7330addf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 480ea3fe2506e5a2a70f4c0884afcf11
SHA1 9f0d8ad262d57b07e54e669e1a74cad3f979c10b
SHA256 49f5f64122a7f9723727ba7767295255dd176d4a91a411f44629b32234ec8d02
SHA512 c2e808ce20345a235dae28060b3171d6e387eb4e95977884b3a0572f89d9a87b196582fe5c952a65910371def4d6589406c69f7767a8bceebfca607204347a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a22be656d3ea09c490cfd4a641b1a84
SHA1 f9ab03c32599f712ad21293e20fdc8c829a3cf7c
SHA256 c67c9e944364750a47723d93a2b286a7b3a387a9b21cdcfb41d4621e7258460f
SHA512 04fb31516f306047a9eab699dca2956a027bcad34d689f5ad5c0e37e223e1f0029ccbc3ca35673ab8688a0574ae69c28ffa9c01e00a0ac59e67815ace3adb44c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2fa79a4c740510fb978326a92b89839
SHA1 35b986a983f05e3b8ea438ff3da7132a7da773c8
SHA256 160cf3c57e70691ccdb3608a501088c58f7f4d7111ef91efdaf63e06e58b74ab
SHA512 742038418ad0b9e0f9819e3a2a3982f6c5aab1f213084ecb409ae513c70382c42a1a947bd0b72f398297049f28872ac2f60e31181ab110b21ff08d020a108655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c55bf4c41a445217f2039d9867f6c724
SHA1 a7ee917a0ed2107d8a38f2b9d54b36741e69602c
SHA256 267121bf30e5690eb7d6b030bf84e66cba493b6a78acb027622b6e020add3811
SHA512 93930a9e0d73facbcdc0e8e9873f54bf2b07403ce0f98618997acbb4d051bcbfdfefef2e92bf3637621d097ff669cd0368b380370b49f7723d5e752ab32d5cf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a24b2db3d97be198706431b425298cc
SHA1 c5d823bc8e663e944a740f20103ce45212011508
SHA256 303ab444567b5a263315f20f0390a7d433cee4837f3c095d2f6207fd9a3765bc
SHA512 d9629bb75d2ba1f67b1a45636719542babd648954088eeb33febd49bc6cde0c923043881daa193bef0ba9e0fefa03a51fcbfbc0d8f78e6d817ff4c7da378582b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9377c7269ecbdccc5919fdf7f78de202
SHA1 c8219b1acb24c33e3792a0373406c6f7d647ed5b
SHA256 2a3f5a47aef91f693faf0def84a73affc733be214facf2a834333f96eebcd819
SHA512 9c33c67bd40589eb65e37bd7f1eab0cba976664aa0fe9fee345f9676089965f0e4ca111165047c680bfabcde65a1733f6d326d2a17748f35645949cfae6c8283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d20ee380a28ec5ee0604a4ea612788e1
SHA1 4676eeb759155632440e52e9373ed93b3eaae5e8
SHA256 7c42006ac78976016cffc08b5b7a1d0c31b22b46668239f46679e564702f448b
SHA512 38d279de50d13912f763a25fefcee131669964d58922b69535ba210d554361d73317e12ada93d034137d697feba0a6d97d6a5f352aaee896c75e88d90d81a46a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\821e683b-323b-44e6-ab64-dd1ff55480af.tmp

MD5 3c4d3f83ae0a6bf5c13f6ec81cf4d1c6
SHA1 a17f62d138ddc80df6a3e3cb7e9e47d5f2b01bb6
SHA256 da8f11f205762cf7295b9b559196bb0f9f2cfe8b0d68f6ef969eb7ed24466447
SHA512 b1dc3444d33361efd95fc009172c6cdc6c862f7ba493994274c596884bba0af9357bd380aa0f456ee5e84de7881895b73aa1011d7d3af7c9c3a820efd9335b78