Malware Analysis Report

2024-07-28 05:22

Sample ID 240603-swr2bsca64
Target 90b28d13f45c1362b9187e6e054ee644_JaffaCakes118
SHA256 36d1fcdd7fcfc8823685d26b34282ad8980274c861f2e753062d9f33d0562058
Tags
adware microsoft discovery evasion persistence phishing stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

36d1fcdd7fcfc8823685d26b34282ad8980274c861f2e753062d9f33d0562058

Threat Level: Likely malicious

The file 90b28d13f45c1362b9187e6e054ee644_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

adware microsoft discovery evasion persistence phishing stealer trojan

Downloads MZ/PE file

Modifies Installed Components in the registry

Sets file execution options in registry

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Detected potential entity reuse from brand microsoft.

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

System policy modification

Uses Task Scheduler COM API

Enumerates system info in registry

NTFS ADS

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of UnmapMainImage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Browser Extensions
T1176
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:28

Reported

2024-06-03 16:10

Platform

win11-20240508-en

Max time kernel

1797s

Max time network

1785s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90b28d13f45c1362b9187e6e054ee644_JaffaCakes118.html

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{587EFE0F-89DC-4450-A5DA-3EF8C7486F94}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2239F57D-F200-4698-9ED8-9BA870A2703C}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=1CE847F562DC446CB8AEF4116D44A368" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2239F57D-F200-4698-9ED8-9BA870A2703C}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\StudioSharedUI\RoundedCenterBackground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\PurchasePrompt\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdateOnDemand.exe C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\InspectMenu\gr-item-selector-triangle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Lobby\Buttons\scroll_right.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\DesignSystem\Thumbstick1Horizontal.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\textures\ui\LuaChat\9-slice\hello-button.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\shaders\shaders_glsl3.pack C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\VoiceChat\MicLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\StudioToolbox\Gallery.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\DefaultController\ButtonL2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Settings\Slider\Right.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\avatar\meshes\leftarm.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\fonts\GothamSSm-Bold.otf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\MenuBar\icon__backpack.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\identity_proxy\win11\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ClassImages.PNG C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\DeveloperFramework\Favorites\star_stroke_white.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\PlayStationController\PS5\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\PlatformContent\pc\textures\sky\sky512_up.tex C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\AnimationEditor\icon_dark_warning.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\StudioSharedUI\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\MSEDGE.PACKED.7Z C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\MicrosoftEdge_X64_125.0.2535.79.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\XboxController\ButtonX.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\fonts\NotoSansKhmerUI-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\CompositorDebugger\cursor.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\RoactStudioWidgets\slider_caret.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\9SliceEditor\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Emotes\Small\SelectedGradient.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Emotes\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ViewSelector\right_hover_zh_cn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\fonts\families\FredokaOne.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_5.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\xboxLS.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\StudioToolbox\AudioSoundEffect.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\mt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_de.dll C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_ca-Es-VALENCIA.dll C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\SelfView\SelfView_icon_indicator_off.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\TagEditor\VisibilityOnLightTheme.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.79\Locales\qu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\MaterialManager\More_Menu.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\textures\ui\LuaApp\graphic\Auth\Vignette.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Settings\Help\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\PlayerList\ViewAvatar.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\textures\ui\LuaChatV2\actions_editing_compose.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\TagEditor\Close.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\TerrainTools\mtrl_brick_2022.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\content\textures\ui\MenuBar\arrow_down.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ = "IEToEdgeBHO Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89FDB4D0-1F76-49D6-A941-6C3C08FC261F}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mhtml\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 903323.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 561928.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 352505.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5008 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 2400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 3416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5008 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90b28d13f45c1362b9187e6e054ee644_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff33123cb8,0x7fff33123cc8,0x7fff33123cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTA3QjU4NjEtQUQ2NS00RDRCLUEzQUQtNkU1QjE0QUQ0RUQ3fSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntENzMxNkM4Ni0zNDFGLTQzQkItQjU4OS1ERTM3QTgwQTEyMjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2ODY5NjYxOTkiIGluc3RhbGxfdGltZV9tcz0iNjgyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E07B5861-AD65-4D4B-A3AD-6E5B14AD4ED7}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTA3QjU4NjEtQUQ2NS00RDRCLUEzQUQtNkU1QjE0QUQ0RUQ3fSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNkVCM0NGOC1CMzRBLTQyRUEtQjdGNC00Qjc3MDk0MDA2NTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2OTE2NjYxOTQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\MicrosoftEdge_X64_125.0.2535.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3D80FF9E-2D75-4764-B2D4-E850E518A547}\EDGEMITMP_0278F.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e9a04b18,0x7ff7e9a04b24,0x7ff7e9a04b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTA3QjU4NjEtQUQ2NS00RDRCLUEzQUQtNkU1QjE0QUQ0RUQ3fSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRTkxNkY4RC1DMzNFLTQ5RDEtOERDNy05MjlEMTNEMTkyOUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1Ljc5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzA1MTA2MDU1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjcwNTIzNjAwNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5NDEwNzMxMDQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzA4YzMwYzZkLTY5ZWItNDk3Yi1hZDgyLWY4NDc4NzllNDI0MD9QMT0xNzE4MDM0MjE3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU1Vd0hMSDhkSFJHY2lROG9LNEUxcWclMmZ2cUV2UVVqWnZFdXBJUTYySWZ6cmpDRm1sVGJKcnRxQ2dmTFRtTk1IdkRZZUNrYnN3cVhPdTBTUEJucnkyZWclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM3MTYwMjQiIHRvdGFsPSIxNzM3MTYwMjQiIGRvd25sb2FkX3RpbWVfbXM9IjE3MTgzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjk0MTE1MzE4NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5NTQ3MDM3NzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjczODYyOTMxNTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3NTYiIGRvd25sb2FkX3RpbWVfbXM9IjIzNTg2IiBkb3dubG9hZGVkPSIxNzM3MTYwMjQiIHRvdGFsPSIxNzM3MTYwMjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMTUyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:gTQQXzdXCBe5RN__npqslsNuOtgsUVb3WUVRB4SHfVsCDPIwvkGwxPkPo9kJSfwyA9jdj_jxD1DlNLgO_MXDPxB8F9xhi65hKqDu3_Pm2Lh-B638kYDYePJL9uoE_1ckf5WhL6aroUp6bdKnu1m6HiVjkN2ABlbFNZlPxhEq4kdwrkvrg30scnyFHEAon1550wg_666KaWUFVbrdch0fvZ1R-aK3wSMND35HnM97FkQ+launchtime:1717429552214+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestFollowUser%26browserTrackerId%3D1717429347555014%26userId%3D356323560%26joinAttemptId%3D6e00f4a4-b9aa-40d1-b6f2-e392d3178dc9%26joinAttemptOrigin%3DpeopleListInHomePage+browsertrackerid:1717429347555014+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:IZ_AA04XkDa_QYZrku7gTFYp4M5n64Gq0JrP0E7x_KQ_HtO2rDnG7aqJbxieL4_wEHZiI26-7Nz__xdq25j5dUejgfaTxknJK6Xv72fAMGr4OCfYEY8gAtlqedIR-CCpUNvrFJWNhPXjl1UGg1UXaYYIF3lteljcO9mAWG1wT_uZLXAwL01lLAJmBQw_kP8_xzQMVA6B2Kv6BKUIy_NI47FB-MPxlL5hvJERjwAMQKg+launchtime:1717429650230+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestFollowUser%26browserTrackerId%3D1717429347555014%26userId%3D283869361%26joinAttemptId%3D23231c28-76d1-4e0d-9d74-bfef827b34f4%26joinAttemptOrigin%3DpeopleListInHomePage+browsertrackerid:1717429347555014+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:DRsLBEUKRdnkFfWwyNdsORqldk2KVMSXQeX-quKhCxIStVXq4LnvC-EXP7RSwwi4mFxFIeg2pFWn66Yqkzymh9p8jdxK2c-GyEyNmtM4_mew_C5id_bO-M1L_f5HAJXaZlGlZJmqSjFMb8-Rx7XOi5PJUItq4AZIrBDK5I0_MP4omRfLqzDLayunll9xFV_6DITr9u7vkLQ3bFJ5j3rT9DJV5iXaPby8yszkjEXUXxo+launchtime:1717429713474+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1717429347555014%26placeId%3D9391468976%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dddca48cb-52de-45c5-99f7-db28761fcd97%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1717429347555014+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{587EFE0F-89DC-4450-A5DA-3EF8C7486F94}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{587EFE0F-89DC-4450-A5DA-3EF8C7486F94}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe" /update /sessionid "{FFE87677-7740-4DAE-B726-13F09801782D}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkZFODc2NzctNzc0MC00REFFLUI3MjYtMTNGMDk4MDE3ODJEfSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyQjM2MUJGOS0xNEQ5LTRGQTgtQjJBQS1ENjhBNEQ3RTY3NTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTA0MTg0NzY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTA0MzQxMDM0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI4OTYzMjk1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIyMTY2N2RjLWJiMGEtNGFjYi04MzNkLTVhMTFkYzg4YThiZj9QMT0xNzE4MDM0NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWlCMzhwSm1vbU1qUGlsTUJqYmpOVlgybSUyYjVhZXhYSDVOSTYlMmZuZTQlMmZscXFZempXQmJHNWdIY1B5M2cwTG9tdGphYSUyZjNiV1FGQjBOR2d5azY0VGhrMUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMTYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODk2NTI4NjgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIyMTY2N2RjLWJiMGEtNGFjYi04MzNkLTVhMTFkYzg4YThiZj9QMT0xNzE4MDM0NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWlCMzhwSm1vbU1qUGlsTUJqYmpOVlgybSUyYjVhZXhYSDVOSTYlMmZuZTQlMmZscXFZempXQmJHNWdIY1B5M2cwTG9tdGphYSUyZjNiV1FGQjBOR2d5azY0VGhrMUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjIxMDQ4IiB0b3RhbD0iMTYyMTA0OCIgZG93bmxvYWRfdGltZV9tcz0iMTQxODkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODk2NzI3MzEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyOTQ4OTI5MjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzYxOTAyODA1NjYwMzk0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI1LjAuMjUzNS43OSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0Y0RjQyMDQxLTU0MkItNDQ5QS1CRjQ1LUE5MTMyQkMyRTg4RH0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU2A6F.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{FFE87677-7740-4DAE-B726-13F09801782D}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkZFODc2NzctNzc0MC00REFFLUI3MjYtMTNGMDk4MDE3ODJEfSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RDdEMDUwMUUtRTE1Qi00NzQwLTkyNzctQ0YxQjdBMDI2QzM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTc0Mjk0MTQiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzA4MzkzMTM2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:OxV93RBDr1AiqHwjLQc8A_Z04V58vcMJUL_6wjmiai3fheSgZDvmE9y5j-h2PaejvcX7e2M7umxAIZMYkBAl2qNZkRGeKrQ3iBMA57wMrulbAil9msirqIgf105qzL-r29HKr6QKtdldA8-AMWIRLtwnr9cNjD3f60lgqWblOao1gobX5wXYEf99_tqf-mPEmw4HyRJ3kJR8aEpr6_OMTiDIgesAYANCsm_yC5dTHk0+launchtime:1717429713474+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1717429347555014%26placeId%3D9391468976%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dddca48cb-52de-45c5-99f7-db28761fcd97%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1717429347555014+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:NixGYh0zN7aXJTGhJn-dtTJITAZOJXi4MjFkloKb2b4e9Oei0zvytBvOBvvNxicyz7P1ROo0H-66ow4xfoDNIeyp8LW6b6dqtNY2401sNEwMcJa2qTkya-goIJ9A9nrcfCA1YA-SSQysGYBWTafC5eiMGHC2n0xfy5FLmFS7gcORGqZkA4PoR62cLW4CWEjX3d0qfRGaAD-gc7tbO3IsOWzkD0xONslaoYd0BfA16Vg+launchtime:1717429713474+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1717429347555014%26placeId%3D9391468976%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dddca48cb-52de-45c5-99f7-db28761fcd97%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1717429347555014+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTFBRUQ2OTktRTkxMy00Njg5LThERjMtMzc3MUJFMzcxMUVDfSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzMwRjcyNzYtNDIzOC00NzJDLUFEMEQtQkY0MkZDREIzODc2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjI2IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTUxODEyMTYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1OTY3OTA5MDg2NjkwMjkiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzYxOTAyOTU4MDYxNjA0MCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTA2NzYiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMzA0NTA1NTA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2239F57D-F200-4698-9ED8-9BA870A2703C}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2239F57D-F200-4698-9ED8-9BA870A2703C}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTFBRUQ2OTktRTkxMy00Njg5LThERjMtMzc3MUJFMzcxMUVDfSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGODI4OEZCNy03MzhGLTRENkQtQkFFMi0zNUU5MzFBRkM0QjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMzIxMDc1MTg4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMzMjExMzIxMjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2MjYxMDUyMDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxODAzNDg3OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1MSTl0eW1qNzIwVUhBMjZpWE44UlBUbDVXSU92UVd2ZFhkSGs4ZGVjNHpGU3JYVVdscHpwYk5TN2pUVVN0ZjNmOEdMQ1o4dGRKemNJMUl6TEFZWlBTUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2MjYyMjY1NDEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE4MDM0ODc4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUxJOXR5bWo3MjBVSEEyNmlYTjhSUFRsNVdJT3ZRV3ZkWGRIazhkZWM0ekZTclhVV2xwenBiTlM3alRVU3RmM2Y4R0xDWjh0ZEp6Y0kxSXpMQVlaUFNRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iMjU4ODQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzYyNjMwMDQyMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjMzMDkzNzQzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2Mzc2NTQyMjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMjk5IiBkb3dubG9hZF90aW1lX21zPSIzMDUwOSIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\MicrosoftEdge_X64_125.0.2535.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\MicrosoftEdge_X64_125.0.2535.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff738664b18,0x7ff738664b24,0x7ff738664b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff738664b18,0x7ff738664b24,0x7ff738664b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkNENTE2NUYtODZGMi00NDEzLUE4MDgtOEE0MzQwM0Q0QUVDfSIgdXNlcmlkPSJ7RDhDQUZGRkItRkQ1Qi00RDk3LUE2RDQtNEQ5RDNBM0RGRjU2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2NDIwQzFGQS0yNjg5LTQxNDYtQTNDNS1GNzU1QjMwMzRBMzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtENmp4UGVVbUtmaDh5dHk2RjA3WXhNMWVaREgvVFY2RlFUMmZmRGlaeXd3PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjM5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjM0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzYzIiBwaW5nX2ZyZXNobmVzcz0ie0FCQjM2RjY5LTMxMTktNEJGNi05NTAxLTQ4QkM0MkRBNDQ0Qn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1Ljc5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2MTkwMjgwNTY2MDM5NDAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDUwMDE0NzEzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDUwMTcwOTY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDc2ODk3ODExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDkwNjQ4MDY2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDQ0MTAwMDY2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE3MzQiIGRvd25sb2FkZWQ9IjE3MzcxNjAyNCIgdG90YWw9IjE3MzcxNjAyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzUwMzEiLz48cGluZyBhY3RpdmU9IjEiIGFkPSI2MzYzIiByZD0iNjM2MyIgcGluZ19mcmVzaG5lc3M9InszMzFBNDcyRS1EMzI4LTREQ0ItQUQ1MS0xMzE5RTI4Mzg3OTd9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNS4wLjI1MzUuNzkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBjb2hvcnQ9InJyZkAwLjkyIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzNjMiIHBpbmdfZnJlc2huZXNzPSJ7NDY4RTU0QkItRDZDQy00NkU1LUJGMUUtNkNCQjM4OUUzRUJDfSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17018429257173743077,16067412191020218012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1

Network

Country Destination Domain Proto
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 77.88.21.90:445 bs.yandex.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 90.156.132.125:80 masterhost.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 88.212.202.52:80 counter.yadro.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
RU 95.163.52.67:443 dd.cb.b0.a1.top.list.ru tcp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 52.202.212.88.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
RU 77.88.21.90:443 bs.yandex.ru udp
RU 87.250.250.90:445 bs.yandex.ru tcp
RU 87.250.250.90:443 bs.yandex.ru udp
RU 93.158.134.90:445 bs.yandex.ru tcp
RU 93.158.134.90:443 bs.yandex.ru udp
RU 213.180.193.90:445 bs.yandex.ru tcp
RU 213.180.193.90:443 bs.yandex.ru udp
N/A 224.0.0.251:5353 udp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 213.180.204.90:443 bs.yandex.ru udp
RU 87.250.250.119:445 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru udp
RU 87.250.251.119:445 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru udp
RU 93.158.134.119:445 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru udp
RU 77.88.21.119:445 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru udp
US 204.79.197.239:443 edge.microsoft.com tcp
IE 52.111.236.22:443 tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
NL 23.62.61.171:443 www.bing.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 13.224.81.33:443 js.rbxcdn.com tcp
GB 13.224.81.33:443 js.rbxcdn.com tcp
GB 13.224.81.33:443 js.rbxcdn.com tcp
GB 13.224.81.33:443 js.rbxcdn.com tcp
GB 13.224.81.33:443 js.rbxcdn.com tcp
GB 13.224.81.33:443 js.rbxcdn.com tcp
GB 3.162.20.44:443 static.rbxcdn.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 3.162.20.57:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com udp
BE 88.221.83.162:443 apis.rbxcdn.com tcp
GB 13.224.81.14:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com udp
US 2.17.251.10:443 aefd.nelreports.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
NL 20.76.201.171:443 xbox.com tcp
BE 104.90.24.58:80 assets-www.xbox.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
BE 104.90.24.58:443 assets-www.xbox.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
GB 2.21.189.25:443 assets.adobedtm.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 2.21.189.199:443 store-images.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 14.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 166.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 199.189.21.2.in-addr.arpa udp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.253.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 104.208.16.89:443 browser.events.data.microsoft.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 104.208.16.89:443 browser.events.data.microsoft.com tcp
US 104.208.16.89:443 browser.events.data.microsoft.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
GB 128.116.119.4:443 ecsv2.roblox.com udp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:51053 tcp
N/A 127.0.0.1:51057 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51060 tcp
N/A 127.0.0.1:51063 tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
US 2.17.251.28:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
NL 23.62.61.155:443 www.bing.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
BE 88.221.83.98:443 apis.rbxcdn.com tcp
GB 128.116.119.4:443 auth.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
GB 128.116.119.4:443 assetgame.roblox.com udp
GB 128.116.119.4:443 assetgame.roblox.com udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
GB 128.116.119.4:443 privatemessages.roblox.com tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 2.17.251.31:443 tr.rbxcdn.com tcp
US 2.17.251.31:443 tr.rbxcdn.com tcp
GB 3.162.20.4:443 static.rbxcdn.com tcp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
GB 128.116.119.3:443 gold.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 44.216.241.94:443 aws-us-east-1c-lms.rbx.com tcp
US 44.210.159.204:443 aws-us-east-1b-lms.rbx.com tcp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
GB 18.165.160.48:443 c0aws.rbxcdn.com tcp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
GB 128.116.119.4:443 friends.roblox.com udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 48.160.165.18.in-addr.arpa udp
GB 128.116.119.3:443 gold.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
DE 52.57.179.204:443 s.ns1p.net tcp
DE 52.57.179.204:443 s.ns1p.net tcp
US 8.8.8.8:53 3.95.116.128.in-addr.arpa udp
US 8.8.8.8:53 94.241.216.44.in-addr.arpa udp
US 8.8.8.8:53 204.159.210.44.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 204.179.57.52.in-addr.arpa udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com udp
GB 18.165.160.43:443 t3.rbxcdn.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com udp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com tcp
N/A 127.0.0.1:52672 tcp
N/A 127.0.0.1:52675 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
GB 18.172.89.129:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:52684 tcp
N/A 127.0.0.1:52788 tcp
GB 128.116.119.3:443 gold.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com udp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
US 52.3.86.29:443 aws-us-east-1c-lms.rbx.com tcp
US 34.225.67.92:443 aws-us-east-1b-lms.rbx.com tcp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
GB 18.165.160.58:443 c0aws.rbxcdn.com tcp
US 151.101.0.176:443 m.stripe.network tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 8.8.8.8:53 aws-ap-northeast-1d-lms.rbx.com udp
US 8.8.8.8:53 aws-us-west-2a-lms.rbx.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
HK 43.198.172.202:443 aws-ap-east-1b-lms.rbx.com tcp
HK 18.166.135.247:443 aws-ap-east-1a-lms.rbx.com tcp
JP 13.231.51.188:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 52.35.245.117:443 aws-us-west-2a-lms.rbx.com tcp
HK 18.166.135.247:443 aws-ap-east-1a-lms.rbx.com tcp
JP 13.231.51.188:443 aws-ap-northeast-1d-lms.rbx.com tcp
HK 43.198.172.202:443 aws-ap-east-1b-lms.rbx.com tcp
US 52.35.245.117:443 aws-us-west-2a-lms.rbx.com tcp
GB 128.116.119.4:443 badges.roblox.com udp
GB 128.116.119.4:443 badges.roblox.com udp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.115.116.128.in-addr.arpa udp
US 8.8.8.8:53 117.245.35.52.in-addr.arpa udp
US 8.8.8.8:53 202.172.198.43.in-addr.arpa udp
US 8.8.8.8:53 188.51.231.13.in-addr.arpa udp
US 8.8.8.8:53 247.135.166.18.in-addr.arpa udp
US 35.82.206.171:443 m.stripe.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
N/A 127.0.0.1:53383 tcp
N/A 127.0.0.1:53394 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 2.17.251.13:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 18.172.89.15:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:53406 tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:53647 tcp
NL 23.62.61.72:443 r.bing.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com udp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
US 172.64.151.96:443 www.coolmathgames.com tcp
US 172.64.151.96:443 www.coolmathgames.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
GB 18.172.89.30:443 cdn.intergi.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 30.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 18.172.89.30:443 cdn.intergi.com tcp
GB 18.165.160.78:443 cdn.intergient.com tcp
GB 2.21.189.220:443 z.moatads.com tcp
GB 2.21.189.220:443 z.moatads.com tcp
GB 13.224.81.39:443 config.playwire.com tcp
GB 141.147.81.223:443 mb.moatads.com tcp
US 104.22.75.216:443 btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 18.172.96.167:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 grid.bidswitch.net udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
US 151.101.1.91:443 static.truex.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
GB 13.224.81.46:443 hb.yellowblue.io tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
GB 18.165.160.129:443 config.aps.amazon-adsystem.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 13.224.81.122:443 tags.crwdcntrl.net tcp
GB 3.162.16.219:443 aax.amazon-adsystem.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 46.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 64.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 129.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 122.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 219.16.162.3.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.97:443 ag.gbc.criteo.com tcp
NL 185.235.87.32:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 match.adsrvr.org udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 97.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 32.87.235.185.in-addr.arpa udp
US 52.71.51.230:443 sync.srv.stackadapt.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com tcp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 2.17.251.23:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
NL 23.62.61.129:443 www.bing.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA1 3f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256 d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA512 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

\??\pipe\LOCAL\crashpad_5008_BSVCRRXBKWDUQCQY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d56e8f308a28ac4183257a7950ab5c89
SHA1 044969c58cef041a073c2d132fa66ccc1ee553fe
SHA256 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512 fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 609b92d8d8ddfc3bd8755cfad1e9569a
SHA1 4925ae8be8f69439854f922833c2c98050cc6f99
SHA256 b716cb2dd5cb403f75f5c6872bc587fd7ae94ecbe27fdb3348b2a2c201c65a6f
SHA512 f1b20dfd5d840042e5353ecfe3403ceb4f2bb6fd7eb8d99034ac4117ecbb88362ff0d527aeb67069d9c21b6161c386a81dc207ab7ef652f34ac7d826c4f178a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\115b4d15-2f43-4091-b0c2-5edc31dfc476.tmp

MD5 4ddf4a4d117580ffbdb41432373a538e
SHA1 d0a89360ec30606911e9383eef68b05bb51d9cb6
SHA256 dbcdddc9c7f612f80463ea74a73d4913b3d69a15c30aa9192787633ec9dac327
SHA512 bad16f9077cb15e6d122e0d12dec40ca8f144bef534cc3aecc8fc15642c1a5292952e8bb0325bd7f0084a60f50936c76b2bb54ca2b6e188b357beefc1b8f8760

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2843067cdfc0d06ece473464c63fe022
SHA1 3f093041c51c3a60d757875780d2f809de1e265c
SHA256 7d0d3de3afb95a8e5ccc8859ac1cd5881716e2d9911ac4b30be0cd605d5a2378
SHA512 f72b2bcfc859d64f684b1a1e498857c30ea5b641c7dcea6ac280fdb2a835b7a3be56521e5a215b7f77931f6422262e0a61ff39b43b47b9402d3806bd763e82de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78882903efdc6954c5b1728f9c95ed40
SHA1 d0c04ba92aa06cafe978bc216ced1d4c2ec4a0aa
SHA256 b25568a5e122476bb8ea1bf70cba9e004680f4d2b07d831b1567c38afac9ed01
SHA512 95b966157ad42d61c7b776e1dc98f03946cf08626e5c677bdce2cd130be204b0605905ddb8108d7832498e9c6fd4787a440295110ab11830c2f0b9821a3e315e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9507a913b7b72282c26a00a5127caa6d
SHA1 0d0ebdae13f53420508b1baadd7dfd00d66c0df3
SHA256 3dd84a3c2805247ccaf4bcec60025b5499801044cb314c6ba6bc146d1e72cfeb
SHA512 cee98c5a19b1740761af69521f802e733776eb812000db3a5e747ce362c37c17c24a7d19286a957981b40552fa4d12aa7388f88a437d67d570f1a356b720b38d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17eb6217ed751655adc53c92508b0cd2
SHA1 f67246d1cde7b7ba4743b39f360400698d8af35f
SHA256 ae79cc8f726228a156ecf1e0de1438203b7ba6e0d14c16b409dac8b61ebf5c32
SHA512 3274adca4cd3bfc2285e72d1cf047280f67a7cc4096cda8c38e7c8f4c55a1807b09645d926e92aa409e88d3d7736363336d532ffac0516b1c6610f4fa6d48941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e6f143f13e8d9377d99cc9f6d03d2f44
SHA1 0dee4e933774c1be7c40627d735e75a79f58d24b
SHA256 b5c7621a4af74b59b3adf5125de5862c31cbf2c9d84587fed5cd72e8c2cde5a7
SHA512 ac73a75abb6aacaeff221c1ec322b627090249e4cf2031ee7ff3f0310ffbcc07e0c0d0c0e34cf7f39ca7865679730bab310ea36496338480f7431bba9df47748

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 926b7a6bfdc9c27740d4957fef74d727
SHA1 2ae5d9800c6a77a70d9fbcc6b12af38609e9995a
SHA256 ba4cdb93133c5df1e4840b15b70c54c9e5a4a03463f6024c29f244b047c408af
SHA512 d7f969c1cc1ffec8b2719cec63f03b5b69ad64e7074349634af1b9707caaed4ec33daa9558953dba080a67b3b7212b1ddc8d8b8b036cfbb4d307818227e104c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2a46187e193d1a5d63edb62e1d57765b
SHA1 fc42c2ac8f53e230c1ac2465fcc6878f46a49b76
SHA256 4d004265178ac1881393f0286f4f9759380d2b3d227c30669f879e59a27c04a1
SHA512 0b73d48c7daef67d2d9d232de52a3ab8cd414723182fb3e09c60575582c8a3acf9776047d682d9af45c298427badd41bfceb3b7539ce6db935d6650b773ea526

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f2f6.TMP

MD5 d1881591934e6b1b9d3dbe244adfbf8f
SHA1 b5d026148c87f5d13e9f04f9a08e3d6f784aa70c
SHA256 085b2292b0cf22aa2a6bc290afdef191864791c1812ef882672d4277f4082bbd
SHA512 77db5593bd73eebfb68713fe7faf4922a0af99948381c93691f677e0a0422559458e5b38d25de8b15db627290f08e13766f168356f24342005e76a85946d375a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b68ca1ee35226e520405c639e895718c
SHA1 b109997dfac5a21be71bbfee0d3e54c707f117f5
SHA256 ebf1c2c77b929d2640bc820e9d3b9663347fac568e1a6fa5407cc24319bb635f
SHA512 0c86484c5427ed4c640e354192cf2c17a97595266bb06443bb00e8b8a65f8e8f20f1ca4cdf5e67743a1c579c74b2ff59019372e9d9965301d9a754a3d83cac1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 6c8413dbb2b54b0d8d2c44902da2488b
SHA1 d798aaff61a4dcf553c40705a2029497dda61d1a
SHA256 fe8ffa9f7682f10f96899685ecb9bac43717904b88b54fd49dc0107f77f0096f
SHA512 f5ed56a26aaae0093ed55deba827d02df775c1673cf3270a1ec6d5feef3a3c556523d1ef5535da4488f284b8a9ddf67682309748a769f0b39c96f06409030fdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3c6402ca667d5be25d0cf118502f6f41
SHA1 c57737bb7409d91579569d7cb1f21c8c5925c430
SHA256 065c1d1d5d643ada11492f0b69c18d437cdef4bd9cc604af593cddbbc7dfbae4
SHA512 ac2fcbc9165343b6046b880623ccfc3ef50e43609f5432e41f477d8ab4142ae76eb82bbb27144f89053ec6196f87249085d7a31df25564c75be9a14ac58db464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7895a7ebdb34fcdc4de8c6ada207073b
SHA1 9d0f670616c30055ce14f35b991f76bed8c3d57e
SHA256 f07ff2a15c1b4cf92fc31297365e9eb52271db8b2099aa486051d61f79373616
SHA512 2908f1c062980b6ae58e6475cceb6c0c77473888574d60ad4a9d5c5d0372848bf81fcd6cb74f2d9596ada7fd827d969ddb435d05651682b35dbde7cc9f9065df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e24d375e181de0e55e924126439a4d2f
SHA1 2ddf1e824bc4f8c8e0488d34af71538a80a99f50
SHA256 8cf1f284d1e41fba9bb4ab7e881fae52c80f2c637351ff62e48251d1aca68d41
SHA512 c2789bab3eade01270f9022f94622821780e1f206b5961e3b51ef4d460019e00ca93698b030de98d9502a5b7af9a7ff2525001d885a3cd3b5d61ab1d48b3a3ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 941a3d2e8426de0b123f630ef476205d
SHA1 c60674507aae1509a47eef204475a477e09160dd
SHA256 4ccd04d11f2a6184a8f2ebaa82d82c1eabf9e797b12ac83962ab6b8fe0b14182
SHA512 97f6e4a58fa228055216fd5f952e72e9a9883217826e8fe00760407125540c78680dce871e3e7cc2f439c8c3ed07c9d4dab5356a2f69f1d47fce00c2e4a39597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ccd444523f58e3039bf7c7bc07fb66dd
SHA1 df769b703828f77890635d122e06534a793ded63
SHA256 11f9a8428a819a6b8e06720b0eeb6006a6bae0db1966473c8d0904ee723c15a0
SHA512 22996fe13c4147df489343ebeba02f49f7b5ba15178d74fee6ab0ed58465744af073e6167e31747a9e855891a9b33a829d197ef9fa6e04f53a833bf5b03ef3b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc7e7a7fb2ad89066fae1d1bb81f0a5d
SHA1 8637afd0152735d30fa3fe227bf1783440c8297b
SHA256 0723ba4fa4dcd5b9f81259a4d3cff4844ffeccd66cc96f16519dbaeef968d4cd
SHA512 cf02f6c7f97c42cfd553e0f3c1639b6fb8c23a0845f5a739b568532ae1b6f922bed1c6e668fdf3d3cad3ba8f35c3f68c19b4f6d631396d784437ed76e9dc5b57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 639d413d978d85fc3d9861f09a4b0898
SHA1 154988e36718319828b521f4d0a726d84d77e425
SHA256 0269a4aa039eda2a1c2ba0f757f2e895c64faf8471447ad82c2c2c05a9d4dac8
SHA512 8d27c505c82c280fcd32e3c7aa173314e9ebce30f6ad4a95e8daa52fe5220215bbe921de9d16243e3dc7650dbb6c7920511d9140a742165eb27aef32eb5484fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 274817ca7cacbafa407779987d63e7ab
SHA1 39966712689b95802e55b87fcabd8a75a3cafe28
SHA256 4e1fd134e56526fe562414c1d9f7ec7b291ca26bde65a8f6e66cb993d10308a1
SHA512 bbe8157e304e2003be495482643d87ef6053de4136ea7c81e97271c1eeae8f8333e242cf05062cf0be1f80c8e6e8aeb06ee1f879d8f5da375bf3f6ade3597ba5

C:\Users\Admin\Downloads\Unconfirmed 903323.crdownload

MD5 cfefb36838560b726b44c5eb64bc55f6
SHA1 28b9646a5d6e9aecf4b6cdf6bb97fe30f18900f3
SHA256 eb02f21fab1f3bd916d086a5129c7d9aa39027cab9b61e93866e0bfb0724d85a
SHA512 732173841815647fe8d3fa758669afebcf9e754c93ed1722b4d4119d04f6a5297ca6177ee1c777b3302ff6f72a810a037b2d344c66ba6086af791ed8a50c9519

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62b53910fac72aa557e6e9da2f045265
SHA1 4c6875d2c6ff3e0009f90f427e0f21e2e08f8f75
SHA256 f85c1d6a0202ebeea31dee303c516d5dba4f49a93fa286aec7858a13ba12c1ef
SHA512 274b563d2cbb83ff10815517d601577978fbcf23aacd6b8454f18b16a763923e05876035dbd27402ca8c815632ec9c9ff60f48b42eac496d33a3155aaed95e5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 89da2e2a6d124030b85bd2a2eafb0348
SHA1 b94f7ab46c60065e9e26b62fef664b980e7842f8
SHA256 bee40fbeef2f0fe5284bf9564287c66e9ceb62bc6f4297f999f98d6ead588087
SHA512 c99580e4a1a01a1bf162b1a287e82b8565782106621c6fc2d6aac7c92bd7d5e6955dcfe5753beb2c3848cac6a33e7f9414ad89fbf849b571c41e5ad9850a820d

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4e5aa52cfd40d01446eeec9bf7a2537b
SHA1 fd6044fdbad8808ddf484670c54729cb8f4a8066
SHA256 1acf893f342a7a5a38139593f5568351228a7be30c31a458143bf31bd06d9318
SHA512 e1f751aac0f08f80326e099c7be34a918b79cd46917a6956d642221389b351088eb03498466db142083a056e3354cc4fbb68c18e5aca9ca2ad903d9cd1a56842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 764955209d8417447445256aacf3cba6
SHA1 c1791390e8aeb7e99b038357d062a1e5c6c1baaa
SHA256 ed653bbd4c52e9a4a76c94e37a71c7a1e93d54a6ee6a71d07565d6d0bd0be993
SHA512 69898c6506c302debf9d8d1d5614d6036d36cf9eaee21946a959ebfa76b3eddc9587663109dc65e8c341f612ac3d7bf889dd4ba8892fc79189398dcffdbdbc27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b37c5e8e8beff065ce47aea46da01c3d
SHA1 dc3ad1bb462af90505452b6131a9c7f8c1886220
SHA256 b365e035c25af511e9c2e77c2f49d0dac5225ea0ac35ce20b627a851dcb60a41
SHA512 441951133ea908e76e45a93b9f26bff0d65a0ea674ed14e4386b6a9af678fedb5ed0e60709609735e70e0886fd62a01b2604cd88daad328f627144da730b3954

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 529ac613c7ac1ddbaebe9e7d9f82eca4
SHA1 fc8cb991735a98a9663776a61cb9c185a3335f94
SHA256 cd6a5d746b5c36525d781e6d40368f87a3edc3ea157bf63fb55baacc51337f0d
SHA512 e2378819587ed7eb417d0375d49a55ef9292b9e8d22718a52688e3fad59d68a711281f25d1045a9da5442f2d805b9d98aedbf4278c9188208bb2edd917751e04

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\442b78765b051e21bcf04e926b87079e

MD5 442b78765b051e21bcf04e926b87079e
SHA1 1a22cf8c593231a6963bf2a624bf105420d4dae9
SHA256 4387634feeb838cbf3156a553ff0914b3cbbc3369a1179a3c6fa57c58b755017
SHA512 da2fb23108d05193776703addfad8887fa8455e5a1de441fa2a53d1da6142559f19d1a64910d88643b73a23e12fa09b6cb04f3df2aa007edfe0a4adb8175feaa

C:\Program Files (x86)\Roblox\Versions\version-d6abc3b106a04c5c\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EUA49E.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 e04c197fd50b28ff55a8aaaeccc77a18
SHA1 e97f92ae316c1b4c71f9bef7b733f2eeeb014f03
SHA256 f0aaa2a932a004c0d2a91ddca1492a5dbedc913f950af2f73e9ae5f92d069d6f
SHA512 b987c8fb5a02d6bb7e94c48d27cba91611054c8e9770ae961860c231879821c7dcfa78385bc1fd4c3f278e569692b31de3222e0e90951984e13bdcbe478d22ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3b373d17891545f2fab6a7e30bfbe6db
SHA1 d79e0372d8ed75265b277ad381903ffc022edd63
SHA256 d69532b90e818e5806ebb43b9429439b32ae8eeb36de998561e48886b0dc46d2
SHA512 1c25555e3acd4b5a65f79d0262c746e666ad790307d8c90c51c641ae53cf861804b13b5d54e8c6aac3f2e26edd9011838a421cf394363188eee76435bcb7e175

memory/2536-1408-0x0000000000FA0000-0x0000000000FD5000-memory.dmp

memory/2536-1409-0x00000000734C0000-0x00000000736D0000-memory.dmp

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 5bd64ccd51bb368bc7e3cce5a460f630
SHA1 c9fa4863e252d42870e4910a8fe607f6bfd686b4
SHA256 dcf8b729197a877d634295ee8e4be09d4269fc0c55fc7a4f12131757aef07a83
SHA512 d97303be039ed43eb419fbeedb58132657083e33c6cce1128aac61cefd7d4a120ad7c90e4614a7820574b81fa287a9018bc46f3ed408f64707dbfa2baafe3854

memory/2536-1436-0x00000000734C0000-0x00000000736D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 29fb77d306b29c91cb69ed06987df81a
SHA1 381de90ca26a9c3fb30311f451fbbd1bbf932af0
SHA256 4f892038648dd48dca28d8accb280cfdba94339a5ecadf7a0201137b5947c149
SHA512 b7ab85b816209c2a66bd030f2dbcebb24656a2b9d48c9d5ab30827b922e12a5c6759ffbce2f30a07db1122080a62b1d4f3374f9b10e0715a82889d488079b801

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.79\Installer\setup.exe

MD5 365eb1aab5e477760126569b7f72f85a
SHA1 06aa9c213c163b7716644314ea6d3997f882ab06
SHA256 19dc1f8c7901ec057bfaf763d8354a07880ce6fa3093185c64b95d082f8055af
SHA512 0d34bc14ed5328f2ded1c48acc29872a2154db0c4c9072a098266a08c0d0b235705223f988e64e3fd418e9c62338560e33d7f3d9ae933f43da77763e88938888

memory/2536-1476-0x0000000000FA0000-0x0000000000FD5000-memory.dmp

memory/4512-1480-0x00007FFF41F20000-0x00007FFF41F30000-memory.dmp

memory/4512-1486-0x00007FFF42090000-0x00007FFF420C0000-memory.dmp

memory/4512-1487-0x00007FFF42090000-0x00007FFF420C0000-memory.dmp

memory/4512-1485-0x00007FFF42090000-0x00007FFF420C0000-memory.dmp

memory/4512-1484-0x00007FFF42090000-0x00007FFF420C0000-memory.dmp

memory/4512-1488-0x00007FFF42090000-0x00007FFF420C0000-memory.dmp

memory/4512-1483-0x00007FFF42040000-0x00007FFF42050000-memory.dmp

memory/4512-1482-0x00007FFF42040000-0x00007FFF42050000-memory.dmp

memory/4512-1481-0x00007FFF41F20000-0x00007FFF41F30000-memory.dmp

memory/4512-1489-0x00007FFF42120000-0x00007FFF42129000-memory.dmp

memory/4512-1490-0x00007FFF40E10000-0x00007FFF40E20000-memory.dmp

memory/4512-1499-0x00007FFF40FB0000-0x00007FFF40FBC000-memory.dmp

memory/4512-1498-0x00007FFF40EC0000-0x00007FFF40EE0000-memory.dmp

memory/4512-1497-0x00007FFF40EC0000-0x00007FFF40EE0000-memory.dmp

memory/4512-1496-0x00007FFF40EC0000-0x00007FFF40EE0000-memory.dmp

memory/4512-1495-0x00007FFF40EC0000-0x00007FFF40EE0000-memory.dmp

memory/4512-1494-0x00007FFF40EC0000-0x00007FFF40EE0000-memory.dmp

memory/4512-1493-0x00007FFF40EA0000-0x00007FFF40EB0000-memory.dmp

memory/4512-1492-0x00007FFF40EA0000-0x00007FFF40EB0000-memory.dmp

memory/4512-1491-0x00007FFF40E10000-0x00007FFF40E20000-memory.dmp

memory/4512-1500-0x00007FFF3F580000-0x00007FFF3F590000-memory.dmp

memory/4512-1507-0x00007FFF3F8C0000-0x00007FFF3F8D0000-memory.dmp

memory/4512-1509-0x00007FFF3F8C0000-0x00007FFF3F8D0000-memory.dmp

memory/4512-1508-0x00007FFF3F8C0000-0x00007FFF3F8D0000-memory.dmp

memory/4512-1506-0x00007FFF3F8A0000-0x00007FFF3F8B0000-memory.dmp

memory/4512-1513-0x00007FFF40CD0000-0x00007FFF40CE0000-memory.dmp

memory/4512-1517-0x00007FFF40D10000-0x00007FFF40D1D000-memory.dmp

memory/4512-1526-0x00007FFF41ED0000-0x00007FFF41ED9000-memory.dmp

memory/4512-1525-0x00007FFF41ED0000-0x00007FFF41ED9000-memory.dmp

memory/4512-1524-0x00007FFF41ED0000-0x00007FFF41ED9000-memory.dmp

memory/4512-1523-0x00007FFF41ED0000-0x00007FFF41ED9000-memory.dmp

memory/4512-1520-0x00007FFF41EB0000-0x00007FFF41EC0000-memory.dmp

memory/4512-1519-0x00007FFF41EB0000-0x00007FFF41EC0000-memory.dmp

memory/4512-1516-0x00007FFF40D10000-0x00007FFF40D1D000-memory.dmp

memory/4512-1515-0x00007FFF40D10000-0x00007FFF40D1D000-memory.dmp

memory/4512-1514-0x00007FFF40D10000-0x00007FFF40D1D000-memory.dmp

memory/4512-1522-0x00007FFF41ED0000-0x00007FFF41ED9000-memory.dmp

memory/4512-1521-0x00007FFF41EB0000-0x00007FFF41EC0000-memory.dmp

memory/4512-1518-0x00007FFF40D10000-0x00007FFF40D1D000-memory.dmp

memory/4512-1511-0x00007FFF40C60000-0x00007FFF40C70000-memory.dmp

memory/4512-1510-0x00007FFF40C60000-0x00007FFF40C70000-memory.dmp

memory/4512-1512-0x00007FFF40CD0000-0x00007FFF40CE0000-memory.dmp

memory/4512-1505-0x00007FFF3F8A0000-0x00007FFF3F8B0000-memory.dmp

memory/4512-1504-0x00007FFF3F8A0000-0x00007FFF3F8B0000-memory.dmp

memory/4512-1503-0x00007FFF3F6F0000-0x00007FFF3F700000-memory.dmp

memory/4512-1502-0x00007FFF3F6F0000-0x00007FFF3F700000-memory.dmp

memory/4512-1501-0x00007FFF3F580000-0x00007FFF3F590000-memory.dmp

memory/4512-1528-0x00007FFF3F410000-0x00007FFF3F420000-memory.dmp

memory/4512-1527-0x00007FFF3F410000-0x00007FFF3F420000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54088780b67179158f203b4180259dab
SHA1 25d9762ab5af182cbd9709cc9e9bac6cf9ec6e95
SHA256 7220e1fd262c92f7e00f45d0a434ab7188abcf7aadf2e58f8747278c15ad4354
SHA512 655609b915517358f832b7680fe9ff20c77edc5d265634097faa6dff3f4ecea83e9609ecc1132665d7507380621425e194c06620f64a962ee731272aa7ee3d90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a50528e0743b248242e3fb5bbb43fb35
SHA1 f9197f1654d7bdb0d6c56110c0928836ae94c5b7
SHA256 dcd4ec303b188477bd8fcbd07bb55df7d204b8c6e36d2e9564d2b517d14419bd
SHA512 efaf58c98c79db2c4949d8f86b04d13e5db9cf7ecad0555d762010216e96d19d8d22171467e71826eb202fe2cf405b567ca6b9612cf82cae16f12e0b7b46c721

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f7bc18b1b95e3a589df6c25d7e8a7ac5
SHA1 c66c5f135a117d209151c39c84c1dccf9af26309
SHA256 75877ed52c34bb1dec5c6d80cb06b31f6a7d3b7825447b707a0a96abd67c3790
SHA512 b20f35a8d44204d8044257b6aab431eb78e43c9d381409b3ee825b33264d673e7c816ccdf0b11c3f80c7da828981ed32856259c148f3087b00ff0ebfc80a51ff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8db3fa51f238637bcab910c9d50617ca
SHA1 47170d6e3db3ec401209c8eb8e9a9c81d941a031
SHA256 62d5515df39c6c46a7e9916033cf0444031417dae2b00583f63f647111ec5a34
SHA512 6c8521a652da68b32b5728283a9a0ff04b9f70343efe83a698490eafdb59ecf707388477ff2c414ef7c08e69e3f752e8e1bec531938cc7f40a9d25ecef4b4f42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 b211e87eb6f3e92b19d62cca00cd3a65
SHA1 da9a9016de3783e97f86b52f794ca9aad960ac5b
SHA256 1b2ef38a1516ba1f5994b56193cf76c4df2ef29443cc7e248228dbaab4b69591
SHA512 d91c82879321640184cad6ddb31e22d1c6184689df96cd254c19fa5925866d8d0d6afc6633df8daa5a9ab266ea17ff75f89f35f1511a0abb7a50b93a58261340

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 675c8cb828c9b9c9e4d5a02d397469ea
SHA1 c8701c08b5e9ea3ceabfd2e6e2b15d529cc473eb
SHA256 5acd6b4eec3f04aa20c4472e5bfd54189712ff3481adbda327b64f5143c682cf
SHA512 b324dda611ab9f14222e2ffaf1af33589d9910147149427925a3264b24ac0143b47e8ee0921492e167313b332965ff1c0d09f2c3dfe4b2a0ba2885c513bdb310

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac2bc5e222b575d6d12939252f786f25
SHA1 57ea1dba6f0e36e7867893bdcd8b351bc7cdbdc0
SHA256 04428097e48021663e018a64bb43d65581f46a0e0d0440abd89b40a4d55dd448
SHA512 10ea12657bbd476bd544b18360a895e4e6a752f3970cd999d25841187c43a0b4079db51e0e7cc02b259fb0e59d74a034730377f36787eb9f152ca3f15c6f5dd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

MD5 21af9bc981d404957c6344aaff4b3e28
SHA1 e5569bc0876884ded0d9594432cc261effc66d47
SHA256 e9515acb1b0c8f7c1008358ed424d6563cae681f0e87c53547d0cb7b9f51b051
SHA512 fb42427a114a3cb5739c30f6235c4fe3102876b2063772665c82ecce483955d357dead930e6da185f2b27fb0e72b9837ee272c3271efa5b7e80f98edf4cfaae8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7af07610b940b0a1f8741fbc4f26556a
SHA1 42f12909edea4d81dd60c77cc72c1e18a81881f6
SHA256 a6930baa5ec93cc3b5e83cb334c6fd8fe0780118ff50ea15db69b87b28f6f24d
SHA512 5b2451b627d41ae5e3e17fc06e4909c22e02adf13e2c7d16c8e8b30437ec79cd6a1c6b73d5c76d66bde01a6abd3a54baa06bf41488bd7c5c3b1d41363d5e5d36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70444e44b0c43bb04c47d6606f91505a
SHA1 0a9b3c0a03ada525467fbecefe088caf0f80345d
SHA256 d2e37bb09d299898092742a4ce878ebc872008567fbe6e372ae6df3e2536918c
SHA512 9a5e20e9ff130c29fb053c1a68d08a27c0b90efd5a6b52302f7ce9fcb52038e369eb0f780c857c0b78ca388d831338fe30cbea203a99bbdcb99c8061bc17978f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c90f9f4dd8af7c515dc8aab7e6c4c594
SHA1 850d9ae5631056f916d16d095ca435eb03f5aaea
SHA256 f90e671937a370fc60580d711be233945293932c24e32d63ca31df632cb4baff
SHA512 c5cf43a73229868f640351e8025138633e30a21aadf442e2cf7fa0f9989989b1ebd568854a8e44c519e5a11594bfa97c70e2af16fd3e64cb92ede5d864aa3e80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bbe87a0579d8e405d8dd35e30c479e67
SHA1 f1a146c63b415fc78a2aad8e7ca8b8794a771625
SHA256 7ebcfac23c7ada609058ce57afc600b28e56cfd506a063731452494d7f72103d
SHA512 6dd4494054e455cf3777c546e39c0ac7e0db62baabf4cfa46e5e76cd3f7249f6c4a9a8bd4b703896e62eeafeffc698f4035806d9e373c9524291098281206584

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5be885bcd5fb2b32a66e4a67953be57c
SHA1 867a2d5b6c55d845070ff0e636c252d54ba7c4e8
SHA256 b853b0f582a9c12072c4ddd4312bf0c0f4cefb6077363d45cd65069e89ad31d2
SHA512 9d321afa89782a24c17d2fc5f3f2f30086f5571ca58c9a63f5a89752d55444a455813817455bb24a6142905febbdbe0e82fdd4a87a9add0014991b74431ad4f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f9af05784ed82621ed0b1e3ef869e87a
SHA1 dfde9af56db857fd59aa6eff296cb9cc871a06ea
SHA256 b77005f8a411926900c746506560a3c48d6a0d36aa3bfe6c309eba227f78d029
SHA512 01ea3c4aa9d9ed47de7a8445b1f3f5af7eb497324a07673d91524d73e65df9350631add8cae4c7be9847ab6603f7834129e448dc47d06190e0bc0d76508f8228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9eeb3482b8e7ad2426cefcdf4a799076
SHA1 e3360ec4d7c2c38e0221550754a1bf67239dcf9c
SHA256 f60a2a83c601d1639a3c066455819fd71761d5cdbd509ca67d56e9e01fd9865f
SHA512 f6a33044c594220abb7ccfc5d3081a50b9a7d1bbb0b9475702eb1616cd6c0ac1a1129aaa5ca24972e3ab4ef7fd4aeb9c61e072ca79d69f1560cfde64c05c354d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6aa2481ebe8cbb1d3cb99b1f44f06f78
SHA1 c83949820dab7af25cc695ef6851196ee43bf23f
SHA256 873feeb1cb3324b779c7c0956e8ae7a4ef147bada8f4229dd228172c869621a8
SHA512 fbb3d2e9cddc352b2ea28891c87baccf6bfe899e5d2a0fc762c08cc1be888c7896c2a30a01a05d3ad1c5baf35b1bef8ca1093911b234d9c929b6c1111b810470

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d62855a2a4af7823cbfad71732ac85cb
SHA1 32c8a73284fd8003d7e5a537fe56d26c4f768f4c
SHA256 1465e07e5cf0dcd6ed6b1fd9cd4c1380515363fa43b30b648913e0ab5f8f2bbd
SHA512 02aa8d54c575cf9b6185f7fb5a41dcfb095d48687e57405dd1219690e1bdba1156f0b2ba0fb1f01990fb44813e330d7db291f6c1a83217792b9fc960a893e2f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3f53080f61fd367c2a98b6b8ccf20c9
SHA1 3c791265238029f9ec7e692dc979ae58f381cb6f
SHA256 dee126dcc7e0360a049f49d190d717e51ebd2f161c3dd0974c46919c841c6873
SHA512 807996a6385c8a7b4aa19c503087eb4eb9b3f6ee72814dcdd1f00beeb6789f60c0fbac1b59fd3d11b21d2c5d336109ae584751b68a566caa07231f9b172ff7b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d11210ca79c29123f6ae846f401c6d53
SHA1 bbc2413d2a5e2d8bd18143afa4a040f270de929f
SHA256 43badb44bf7c01619e6cf2047bd5021dc0b6db7aff9be0951082686b48a9738f
SHA512 656a1e74084aa5966448c595d75950de2888a143cc87845b974b623307377d85f7bbfb34abc295159305ff39795aa3b80b3850945f71fe282201ae70cd365783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 626b8d0b374aff762939fa5c8baeee85
SHA1 fb7db016b44014e7304c8d54c079b5103327ea44
SHA256 116a412cd312bbb7782ee1632f2125c73613d4cc87383124965df6fc1b6d707b
SHA512 7902ee3eb7e4ab9b58f2262709b4343ffe1dcb76b304e3d830be71cd20ea78b5f99205eb62c16bed0190f5a37297d1d23f2964df9cec9d633efaacd6dd1fb8f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e057cea31d1d524e764b54e3c809f197
SHA1 c435786581b3a331c2845e0f2eced5b415497466
SHA256 0818c14a341cc0aadd348faea5cc272fcaa930a44f6e44411b880cd92925fcdb
SHA512 330abb6ce5438e6de3b2f21f85cea2ce0fba20de0dc3e79538ab79e8e98144f0bc4c4d110a6e9404ea21546ead77bd0a9491ea3c49f8de23e6b3153da5acd713

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 235b4f60066aa44fd1c6b5c21c4cc216
SHA1 6a7cd109d09e693293126ea78f979424141bea2a
SHA256 4102b38c57c4dc6abd5d21c2be90399114d8f90c8ccf09cb3806cfffaa3be7d8
SHA512 e6be79361db4d617873cfdc9d5953f55c1605d89f52d879a1ba06dc986db9741fa35b2c2299e97ad1575d384b8323355033414a825bf4e220732d7676e90e169

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2beb09dcafdbccf1385d606b78340675
SHA1 488f3a5af40ac4858b2cdde93343ea35a603c6b4
SHA256 fa124428bd9c0e7ca8edb3df9007480bd3e8dcbf75bb52f29ec31674206fde7d
SHA512 4bbf7db99a11b9058c5fe305a55192a98ef2fdbcb9845c8dc1634ac4c3949b087f205dc2524267518db653d1568ed49e76d8c1bee2bbc08679a4249207f0210b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 de16c914db6ad74d2284c8a9ca44713b
SHA1 e91808626a58ac730975e3b095b5eb4acf828789
SHA256 4fd157e3a76471668dfc4f0cc61c0a1f7b78f406dc6fc436f204ebc928972c1f
SHA512 e7ce51de5c4273873544cabf2b5feea9d1d580a223c9523123dcbeacc9082ba6ebdc151458203659e33ffc91ec45fa0480c6d94e464458f1e899f9ce7b947ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2ce1842faf5ce6f8df72c2e368b8c36
SHA1 871cd7fe04fefa026fcf653efd8b542853632eaf
SHA256 081bc72502cc60a7e61be2160446717659e1f31177dd61335929a9bde297d2f0
SHA512 c9d218ba8305f14ad4540b744ae27973c8ae433b541c3832e25456071ccc5ec77fc7c64416d37d817a18670f4e49159cafd241ca9ea7571993206df84bc7a8f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 030534f6ec92a5774e11cd9d2df63555
SHA1 4cb63784207fe5d4c829ace2c746b64d32ce2a8d
SHA256 d14da02af6576860a98add346d4196f02f440692ffa1a6cd210385283030f7f2
SHA512 3024007264eb590ba656fbbfc65684176b481f881c557660b9b616735bef30f084b840b841a8a212b434da0fb5e4b15607279a2b050b6e7add7963578fdb466c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a29426a869c5ab801bd2ee1e8111ec59
SHA1 6d3cc59eef5652829dcf3c869e4e4d6a8ece7c3d
SHA256 72caa80da7d08d31b8ca9505d161a3dfad4f0aa82bb876f8de11b88a5aa919f3
SHA512 28e41a2888df229c4c6d65bb520cdf78aa80c5842dce5f27f4f7ecfea808a0ed895dfdf2ea29ecefd11b7daf10f54da3f06f8716faa7b7161c6739ccfd1bd801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 874cfb00f154d7c015399bf99f04ce60
SHA1 2fa5c80532917474b9cd21ee30d921378115b11c
SHA256 d305fe04b9d7e7a0766bc7107c195090103bc43d5f383af19e042a382ec552f5
SHA512 0e7dd90e298093a0d4f11fd96369e39487dc9ac65dba1077d054ed4c96cf54f850b320e26d64acb918a1ddff43dc8eec77bdb27a2aa21b51aad071c85f11aac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000110

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0496f7baf7e57dfab2a320ae2a6fd45
SHA1 4d1b5ecd4da2f9ceffa5ea2afb724cf5dd794e17
SHA256 cfd5eaf0d3c88d17134d9a100b7c22def31c63709bf45debe406e7d2ec1feb43
SHA512 adc12fb51278081680e6ea9e87c224d1385ab92cc7f1cf3d81b5f617b9823d3157fb5d31a9a5671d63d36dbe459cfcce2f04a7432df9a04088f217f150cfbc0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef1c74a040dbcd0626f31c88ba54715c
SHA1 33355a2b0123d8040bc427774b5dcbf47bdd417d
SHA256 03a38ff3b01971b2f48844f480884f374e2e44424dedefcb1ce6bc39fe244faf
SHA512 8a59e9571919f8832ec9751341a01c866105dc2fe1a3d25dcf829836d370ad7e2cb55957d4fdc747d5620bc89332ee3f8e5d5653fd95eb1437c00e826f6f989e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d49b327d1ca5df3adc14db63c2df5b9e
SHA1 d622a1cb244c1da015579323cf512ba0ad14f101
SHA256 2bd9cd958c9c12c2d31e8b689a0efcab9f1367eae3641d046fc8a1e11795ebef
SHA512 2cca6942886dff3a098ac9101a7893bfe29ee1c5f872bbff81aa6aa3e09f807af9e48b2dd3beefda1f74935214eab3ce243e97bfd3e0568b325c02e8df4ba138

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 f7876aa772901757901b99071a215498
SHA1 27d6d020493502f3676b7c05fc863b450d83ef90
SHA256 a3d2407761446b714dc7638823035359e93bb7cfa34b87ad6c767908a0158af6
SHA512 5b036863337f7605b72ce5037484d2ee75f935651a2403dde6fb80f5e1a3aa7c37ad4d3fde3cba197bc4346fe1f69cee017587a351cf1b0b9a47ad76bca0936f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 61abf720468c784300d6001ec7a521fc
SHA1 94dfdefe9bd65e2d9d9f5322428c0f66ba0c31b1
SHA256 db81fe46248f453a2bef36f92f4c476ac9690d854ee7c6e472992c7a84bf86b1
SHA512 50bea0118a3c8d3dc284c0fa687a7c1219b9a48f2ee1779350bc6dc3ed2b69b31df6c8c5753a8b7956e90c9eee7a93f1ca6794daa06b651e6971e227fae31c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9205e2e8e84d6a29958396f2634fe89a
SHA1 8e8975ff0c739f6fa1916e67a6266d6829481173
SHA256 998ce6977ea06a27031c77c76e422d6b576e00ac77ec19a131d9fc5a64d0643e
SHA512 a38ddcf361c323418196053ebb51bee8cf4c3752f36373dc0e8a720b59da7ad88e976967477e3144db3c85f0d45a932d884db7913bd2f6f2e30528d497a5bca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 286f69f3502a24282fb5c9f6192a0245
SHA1 f55a88bf4b6461d385159867a22da2a1776a4fcb
SHA256 debb657872b40df07818e007c3b63f5af372d873bb988971eed420636bb2c4fb
SHA512 dc5dbebe2ba56e7cb63ef6e1533deaac1ac1e6eaea6c05df755e5a82662ef316e5531b1e9568080901fe630ee8387151598bfaf83c42cd01e6920371e9e7277c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 340ed45d3e609796b0aa64b66cf2d577
SHA1 ea38421b8c5f59c4cc4377ebd6216c4540c845e9
SHA256 f53b59d5979d9cb9e074cd5ab4b31e5503559e55f67a9a23c7fd7c28f4ced059
SHA512 f92abfba6ca9db93c58e48d23130dd920554a9a0bb46b66f6423f352b991ac227a99655b9592278e3df225526beb4e94ffe2d1bcc929f82064d358a403ae485b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 294748e8eeab585ca6608bb1fa457456
SHA1 d012e4a5be3b56873a6fb9add2bfc637bb559ee6
SHA256 0b8c9120bd7b7484b40268ae754e4ff3f2ec1fb8ec786beb68419db03d76588f
SHA512 50a1c411de31cf507e07ae3a5a1010cae1592ee2766beb2ce479473bfa536a38cb6b67810d6c3e4f76762635f0e8767d59a6db5bfabc6e62fc8933aceeb16b1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 998b64968b197fd29c6a06c9399554de
SHA1 f0826ea3716a99a4f93a9eab25b38a5948051c47
SHA256 29ad66c689e75da58024b44052d823c1d578bc877cc51faab18b81341f0eabcf
SHA512 4c3c371aa043ab7b12273dcca9ff799edb0cf9a66300051c55a73ee0678e57e1c54f59d32f41ccf90c0c875ea275222d274c084e0c2016eacdb1217412179233

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.39\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe

MD5 1f744e1c802560affe8b308640b6ab67
SHA1 bbfecefdf891c11d573760d4dabdf86091463421
SHA256 fa7d8a8cae60ab620d2aa887de62039d2647e4f5c1c649d75f0f52e14ec11a99
SHA512 780440aa518397e52bb429b5a8e7697bf0096db0fe343cd40a541b60f34ad4976ef7fc2204737d296a8c1fbed2951496503dc50158d6455617c67483f87f3015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0f8b834046a57a3b069cedd891bf6c14
SHA1 61bac12c23063cc56afb7fee1741ac22dd025ccd
SHA256 a5efcf690d6cf5a6bf40e2074041f91c57025dff589fde6c5f47a7f9ae3b4d37
SHA512 b983798f531c0d8b09c6eb1277d93d734ee29b1cec6e099ee22e1cb775a067dfd150127f5c9824b37a6c0656715825fd4f92be879619fa5a15b7259ed8c983b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6aefb0ee0ca8454615e714099a80c613
SHA1 95df6a084c884507d3a42075d1427c8f54842bdd
SHA256 4b78022a46f722d15403bc6e372e68a9faedaf4b224f40cf5ebfb5884efa5feb
SHA512 b2ab86f243702618e3cb1fc00171445d2f6a86d3d94caba92ebb5704f20da20d6e0e83d974bfad04d63d7f8f62a858e6663956b0709f0555fa7a0c6a34b9da7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 94376f7f8d812d0e95225f0b9b07f32a
SHA1 8f11f76c1cfa7721ff5b73f25f8360e4093444e1
SHA256 6edf04e8bfe8a922033982d7ca1f00c25cb51194f8780ba2a30cb1dd1e4bb4e9
SHA512 035cae623c0bc2d1b2381c6774e16bd39771f0080e2e7f2e7a3e4039583cb1ebe4c9930fff1b9652ec14eb173181f97676605876177550f041a8e87a4c63b55c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a38f421ead4ccb426aa06d6ae02bf3bd
SHA1 91f4f70c9261a11902874f4b420fad0525c9163f
SHA256 48ad41da37cdec332b2048aa09dc132738416d80cb899758326dc3176a4ba427
SHA512 aff7cef153c31c62866b3b519bbc72c1699353c04b04f50ce76b2e71ab1334eb6e3fa6fb3cb50f5fcd245db8777f46365f994e4f02a730142cd90e1c7b787832

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 226a266d5c2ace8664ac04e1ea968b45
SHA1 972b7172d8cd9cbcf4681a3bf6125649b8ad0860
SHA256 a3795ce768435ada7e1cd5173fe52319d48ccf5108d01364c2bf266087d7a921
SHA512 d70e65e01242d4371b84ffaa4c75040a7bed18db5e803fa202779b4cd4ffa446970a52c07cd73122c4e998f965f289ec3649b27cba10871de08b4b6de7506387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55a50f3364db6116dd8a10aaa3f4cf5c
SHA1 3d4b29c9d1b61a0c3cc8343e6f65f32d218797b6
SHA256 72c026610cbcfc6a3d5727c908127630d371ca3526a10850a9275fb1dbb3d005
SHA512 cd1e925294a68f5aaccb28186027261cb65dd31c86e76ef38e8e950297a8dd3b8326ffc2e371a70eac2f725448f043fc953fff0b79b6163332a6957e4178e7e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9301c2eb96b3f760aac10aaa3914c746
SHA1 ef7d05fe615ca0e87563ce3b034bdb4dd2333754
SHA256 e20c7a6ee64bedd892f05a35092e2325680f14253c2853dd612d24f658ebec9a
SHA512 e8ed23c5dc08b3067ff5ac118ede16fe5479870688c9d76f1784435e8ce31934823902d39a74e036a6a3e2054d0da924a8d7fb59fe0020f6b7ad99dee352c2bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9954111f6d78f00f4c3c250e71c875f9
SHA1 c5ae726045da2a7d537ed5ceb96f2d0cda9baaae
SHA256 e8cd18f6360e8c504e83d4491fbf541946f44bb2e3cbd0772b177b2d634588e7
SHA512 fd3413553d01715843ed38a5546ec68ac30fda7633c164ad6ddc39c18c29dfb6d7cf12d2a586163d3940f24196986d66550ffa35ee96dec3349cb0dd91bb2648

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6cdc54def9d4f12ca62a817335d594a4
SHA1 f7c817a46ca73453d157e4152951db6081407a48
SHA256 601ddd457ddb7d512cdd993a64f3e1d6436d7873ecdb2e297509de891f8e9396
SHA512 51e4d78e350fbd71a2e885f66803d6e7b467f8a91169c6fce6520c3fa9b549c66fa9fa2438641511a0864c218a5fc2115653b43a9b58187f3eb6e2a704d7a5e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 51288ae71b1c032974a8a0bcfc7f32ee
SHA1 637db0effb556dc7e2669c7e9336b47e906371b7
SHA256 2e6f8df556173e7960e1995b9c085ec3f883b270274aa3ed4ef00dbb03e4b3a7
SHA512 5bdb2e85d69a49cd363ab7aa52049ab7982283ca3b1564452668417737e8f8187038cd2c45faa5cf401308deba0b699ae80071766a3d74f65ed31f9074841d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbcea7083172a5648d6193f36281cf60
SHA1 b4f8380f85ae238e04f7197b78740bec25f20369
SHA256 000543d0b80cca9cb90f2e09115070978d93fb2cc10c1d7376df3eb2e8be4a34
SHA512 36ac6f224a071eb7ff87862a97ce5ac9d0d8202c34916df1b0534a082451d18d4a779124a8e75e575e17453c61c75296e6fd4a5086f5ffab6aa87de97a207e37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 36fc06c98d7e9cb7a5e9b6138c71f3e6
SHA1 636b7840bbbeafafafd57df3ebbb75edc1e1fb30
SHA256 2463c144d64e7a02d65de59eed1acd4a4677d5083413de10c34d21d6f3c225ed
SHA512 ba3d1671b60fcd2d46786cdf7014c47f5c7e21bd4bc8db640633b41f17b731b8f70c6c7b12df01e5b47438059ca597dd2ac7e17c5c22725b5286fe732b3c937d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fde77f6a6b691f4c4c16f9e691e89ae6
SHA1 34eb83e6c2ca0b460ee8b75b6eee44652b647c54
SHA256 e44c08a257b9417fdf2ebcf95255b052f9b19c74e685f95fb3c4adc2af85bdd8
SHA512 13d7b2a07056b8f520fe7fbaedca4835c319e0c001a3775637f1fded3a807ba30416753f84fb4f9e0fdb56297a9a1ffc98e611805ad83dc70f9724e21c8a24f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 777128583369c69faf574f7d5cfa9900
SHA1 e92df45739f1adeade18122e3f6c27041a330876
SHA256 d2788979ddd8b24f25618693a73ca3aacb3529a5292059a934bc030272ab7764
SHA512 7a878431f00707fbc5200c9f3f7aef138cbd6abc9f784a9503780541738552d3cb7c96705482042f6c3087e07e20b91a2ca6cfe342f0d35770f66f5822afca4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eddfb86730f7f9e7acf0ede125220875
SHA1 b041d82467c23cb25bf70eec5a8763f72cf898a9
SHA256 1ed9ac31eaca907fd42c0f619e7e55f2b694118f5e217bfd978b03775c39aab8
SHA512 ace0775ed5a6d3119f57005b808934cac14dbfb0e159b99dbe9ac2751a49a39da5d7719cf0fcdfb92ce13984acf9b28b10dc2cf74cf959ae6a63564b05c73eac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63c9712a6466d3b06f521c0f89acfcd7
SHA1 97093bf0b2d9e278f8bedf6da37bed6b66f6b3de
SHA256 dfc5321316306cdb050c5e6947fb957ecfb5611d1c420e2a34c91d05c24336db
SHA512 347747477568100d3e2b06fa53060a60550f18c19b45578f66c39dc53928294008720b16e95fd31f52eec8faef9453411afa1783e769f1e4f27de97c0a615846

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ac8a860f42eddd5c4734bcc95ffad184
SHA1 05f07576ed9fa168c0443e4009100c9f4d563924
SHA256 5b7dc5b2270854d56ad73b815db1e836da27e1af4fe7986b2414be65b8999a66
SHA512 c6c61f9aa59f170aa44ffe1b7b355843f777723e1c8041cc3c9f843cc21f84684bfab5b9db4e3364abba9f928e4c4fb3c97c988791199ca1e2af4ff98d066436

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe62c9d2.TMP

MD5 ca1ec718e9fe160e452894dc8a063571
SHA1 47a9f0065afae58f74cdc27bf0385b8d84fdcbae
SHA256 ad601195d403fc11f3dc6df3b8c8aa146c05a3a414b026ec778fb41d17b65fd6
SHA512 61794c1a92c22b050ace45dbc20cf14ce6ab1772b4ec260a1f4500183fb33e871d73ab13a076a064c798d9cea24127cd2c0d7cf66ab17486fc2b39798b6103dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2463c5fdd5dccbe847fc2d1087599ce3
SHA1 3ab5ba25dc600812989a1170f273ce28915b1237
SHA256 707d188b52de9f154811ef5857eda1f95904b21034729780833b4dd4b3859b88
SHA512 e17ad06908f1c16baf919d54202c22a06dc409672f96d356bbc8f67631b6d448256b0ef66a52e763cae493618e238cf6dcf6a83882b2d199c9e32710c76a31dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 32e4620b5933c786fa02fdaf9df8e4d9
SHA1 f0bd3e6fe1ff562f79bc9bdfa4198b1c9d14be0e
SHA256 7ae406f7b05123bec455b51ff51d46ebb3fccb6ca0fdff4244c3025fcce9601d
SHA512 6d39627ebdbbf4cc27b431c3f21dc88f3157fc6e1aa5ad677dea5cd5171d34a833be9f8538a74420e21322a93ce1ba99ed63d02802f05e71b0ec13eb144cbe8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 daf6b25925de48efc7102d844c31c213
SHA1 1485324f0f397b46e45bd9f35396ec1184b36f01
SHA256 8b212a66c65d307f8abc047bf41f9660f8114281d1752a805ce3aaa9f42899c4
SHA512 79311707401b987800a7071c0e516a3c7efc2841755bbca89d383ec8bd03984c5644d6c10c5e7714139d39d2474b0d9a49eb8fd1d93e32297192d7b7e38adfc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 328b6af5735f23dcbbaf6cc55fe15fff
SHA1 4d8b4aaee584b4f2502870635e15d7f7bfcb5543
SHA256 d4d2096a9c365896c40c5ac6abc56b8c02cb063757445c4f978ff4bdc1b0cff4
SHA512 5f4e715c767fc69d6815351e32b6eb2c41390b66b99ac79d424ca2c912f3601517d696376384a18d4ba7d7a8186519a115dd02cd4e6c819d664300c8d0987fae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c430967a53791c03e2f258d7cc23f8b
SHA1 30665b5cb8e04a7336011cbc60b2d4f4cd3a8379
SHA256 f0509b97fdead49e37e92c6f49421e69e3b73d932d2982a1ca7f88da888eb98c
SHA512 6294ce391cd253425d17ec8924daadcaa6f42d3de9f12a5621343be27e2ce9d69dabd239450145af0f9e472d73f33a38d56bd7556e6fa78b06377c1a3f1d2e62

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dc528ccbf4d6172717ea9582e413907a
SHA1 e245a83bdd4bff6260bbcb3b8c9866e41afcf66c
SHA256 3fa38271c0a5ead1f508ecc9b1f4c5d1eeee4f70b67b5938b72f4c5a45bee05a
SHA512 90e19ece4e47124e5f52a2ae991d87e090040bf16d0d467c1934b565b373a68f7f9052c1b31bfb73be9276d13fbdc0c8d20e2b252f87f68cc54d053a2dbf4ff5

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23195A09-0868-4BF3-B889-6F135B6E73FD}\EDGEMITMP_8C1F7.tmp\SETUP.EX_

MD5 acba8d068b4ad0fb79a424af26103aca
SHA1 cddda10d8d6f495fd331132df3ffee76369833d7
SHA256 597006630d186095a14e003334b1260b4de8a5931b68597e3916ae2129b24336
SHA512 5097fbd09f42582a5cb2cd82dac4eeecb2e5c8e652ebf3601f6eb78b9438fcb4e9afdb4eafb3dca73a837d7536f981c3bd977815bbbf40d03e1837d2b93f529f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b638e486a085cad5aebf3eb0a6431424
SHA1 3020bad89bf77cbb4c15b374189d8c0e4c385ae5
SHA256 1736cbc7faafd623b2aafc0af430c5746667a6ce19f03bb34df5d8c71ff959a8
SHA512 beb7bb85c80ddb45f25bff2ab80474c7377485829d31f68622054337af96c4c6376494f1a7d7aac11a2421894a0b2e87694ffcff74d2424c008de8b76f1cc2a2