Malware Analysis Report

2024-09-09 18:59

Sample ID 240618-mgevkatcpl
Target keylogger.exe
SHA256 556f39b521ff9cba0b5c3bf77526b55995f03614a4d2e924d30ac5532bb3758b
Tags
pyinstaller adware discovery evasion persistence privilege_escalation stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

556f39b521ff9cba0b5c3bf77526b55995f03614a4d2e924d30ac5532bb3758b

Threat Level: Likely malicious

The file keylogger.exe was found to be: Likely malicious.

Malicious Activity Summary

pyinstaller adware discovery evasion persistence privilege_escalation stealer trojan

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Loads dropped DLL

Modifies system executable filetype association

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Drops desktop.ini file(s)

Adds Run key to start application

Checks whether UAC is enabled

Checks installed software on the system

Installs/modifies Browser Helper Object

Checks system information in the registry

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Program Files directory

Drops file in Windows directory

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

NTFS ADS

Uses Task Scheduler COM API

System policy modification

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 10:25

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 10:25

Reported

2024-06-18 11:11

Platform

win11-20240611-en

Max time kernel

2700s

Max time network

2697s

Command Line

"C:\Users\Admin\AppData\Local\Temp\keylogger.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.56\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\MicrosoftEdge_X64_126.0.2592.61.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B92D5DD-1AD6-4FCF-BB24-60834BFFAEB6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{562F2B5D-DA1D-4723-8895-183CC618F63D}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\MicrosoftEdge_X64_126.0.2592.56.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=C7669D366DEB4A2F9DEE470774508262" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{562F2B5D-DA1D-4723-8895-183CC618F63D}\BGAUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Radial\EmptyBottomRight.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\PlatformContent\pc\textures\plastic\diffuse.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\TopBar\leaderboardOff.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\msedgeupdateres_ka.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B92D5DD-1AD6-4FCF-BB24-60834BFFAEB6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\families\SourceSansPro.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\Auth\CharacterShadow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\particles\fire_color.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Chat\ChatDownFlip.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\LegacyRbxGui\popup_warnTriangle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerLauncher.exe C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\LayeredClothingEditor\Icon_Play_Dark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\hu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\MicDark\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ViewSelector\back.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\LayeredClothingEditor\Default_Preview_Clothing.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\icon_friendrequestsent_16.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Players\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\CollisionGroupsEditor\ToolbarIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AvatarEditorImages\Stretch\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\LayeredClothingEditor\Icon_AddMore_Light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\ButtonSelect.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\msedge_proxy.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\Cursors\DragDetector\HoverCursor.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\MenuBarIcons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\InspectMenu\gr-item-selector.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\Controls\DesignSystem\ButtonR1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\MaterialGenerator\Materials\Limestone.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Emotes\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\ErrorPrompt\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\msedge.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Locales\pa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AnimationEditor\button_lock.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\PluginManagement\checked_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Scroll\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\avatar\compositing\CompositLeftLegBase.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Help\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\Controls\DesignSystem\ButtonStart.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\InGameMenu\ScrollMiddle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\mtrl_ground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\dropdown\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\ExternalSite\github.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\SpeakerDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\avatar\heads\headB.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31113667" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.56\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.56\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\ = "ReadOnlyOverlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_CLASSES\BANNERNOTIFICATIONHANDLER.BANNERNOTIFICATIONHANDLER.1\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\ = "FileSyncEx" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_CLASSES\WOW6432NODE\INTERFACE\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\runas\ProgrammaticAccessOnly C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\ = "ICheckFileHashCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_CLASSES\WOW6432NODE\INTERFACE\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\OOBERequestHandler.OOBERequestHandler.1 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\NucleusToastActivator.NucleusToastActivator\CurVer\ = "NucleusToastActivator.NucleusToastActivator.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1380 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe C:\Users\Admin\AppData\Local\Temp\keylogger.exe
PID 1380 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe C:\Users\Admin\AppData\Local\Temp\keylogger.exe
PID 1380 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe C:\Users\Admin\AppData\Local\Temp\keylogger.exe
PID 1928 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe C:\Windows\SysWOW64\cmd.exe
PID 1928 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe C:\Windows\SysWOW64\cmd.exe
PID 1928 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\keylogger.exe C:\Windows\SysWOW64\cmd.exe
PID 2920 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2920 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\keylogger.exe

"C:\Users\Admin\AppData\Local\Temp\keylogger.exe"

C:\Users\Admin\AppData\Local\Temp\keylogger.exe

"C:\Users\Admin\AppData\Local\Temp\keylogger.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff2880ab58,0x7fff2880ab68,0x7fff2880ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4192 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1348,i,7595718849755091309,17259023795000080281,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2880ab58,0x7fff2880ab68,0x7fff2880ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff731f1ae48,0x7ff731f1ae58,0x7ff731f1ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4708 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4836 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2808 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3420 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4356 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5504 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3864 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU5891.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REM2NDIyQjMtQzAxMC00QzQ3LUE5RkEtNzM5Nzc1N0I0N0MxfSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBODA3Q0IzNC0xMDg2LTRDNUYtOUI5RS0zRDYzQTFBQ0U2NDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NjkwNzc4MzYiIGluc3RhbGxfdGltZV9tcz0iNTE5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{DC6422B3-C010-4C47-A9FA-7397757B47C1}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REM2NDIyQjMtQzAxMC00QzQ3LUE5RkEtNzM5Nzc1N0I0N0MxfSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswMDg2NzUyOC0xODlCLTQzNDctODNFOC1BNTZCNEY0ODg3OEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NzMxMTc5MTEiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\MicrosoftEdge_X64_126.0.2592.61.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2664 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AEBAE886-1395-447E-81CE-A760FC033EDA}\EDGEMITMP_4469C.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.61 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff798d7aa40,0x7ff798d7aa4c,0x7ff798d7aa58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3416 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6188 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6320 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6276 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REM2NDIyQjMtQzAxMC00QzQ3LUE5RkEtNzM5Nzc1N0I0N0MxfSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswREY1QTdBOS00MjcwLTREMzQtQTYzQy0wRDEyQjA5RjE3NDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjYxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTg2MDg3OTAxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU4NjEzNzczOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3OTE5ODc3NDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcxMzY5ZGY0LTllOWYtNGExYi05YWY4LTlhOGI1YWE0NTQ4ZD9QMT0xNzE5MzExMzkwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVkzblcxRHNNRDlVVXNmaHNzSXU1akVsWVVrUU9sYm9EQm1JcEV4Z2UweWpveHMwZGNnUGtiaVMlMmZsS2RxZk04dnElMmI3dVhKJTJmME45ZHM5V3F2RFhWZEFRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyOTA3NDgwIiB0b3RhbD0iMTcyOTA3NDgwIiBkb3dubG9hZF90aW1lX21zPSIxNDI5NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3OTIxMDc3NjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2ODA1NzA4MDY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjM3MTgzODI4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzA2IiBkb3dubG9hZF90aW1lX21zPSIyMDU4NCIgZG93bmxvYWRlZD0iMTcyOTA3NDgwIiB0b3RhbD0iMTcyOTA3NDgwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzE0NiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5800 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:HOa2vJSpl7XGyJIBNOtg-pWCKL-LbPYDIrs9mc_e0Ct4N3z0qS9haeH-z1Frvm2eCs3b3PW5L4sjL9TBsEwIDkCiLgeQKgfqmvivmyf0giQWva25VTbTx7R2LV2bUiPJDNfEaskNq5c0WXiq_PQtDWiywgGMsa9FoL5JWk7_JTQDRnen3UmRh2SVHRZsWl1zo2JS39jvMsAcLrNlYtq8RVGv-ZSIY900lm_ATkZrKwU+launchtime:1718706546966+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718706446179002%26placeId%3D8737899170%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D09db953b-2c46-439a-a2b2-c9adecba475e%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718706446179002+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2920 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:W37FbWrm2XSjKHFwmPH-DHun1lig_Y9sNUNDVb3XCGKYpCACrRB1TVG6XRIkhWIN_WxXq4iFzJuZdBydVghcbdPneJHRpK9JmKyDcbO1ADQqZFJ-F-kJmzpN4TLAE3Hf3LszbnFODWICGcEj-OayJDpD6FAoRXI7GmNUJ2fYEfW3Dm--KA3J-hqTozcTHpKD8T0M9pZq1bEXN7RXJqSyy0zzf9jCnEBy8sucE6p4rNo+launchtime:1718706714307+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718706446179002%26placeId%3D8737899170%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Da32d2e1e-7a59-49ff-bc27-f8658e7615c6%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718706446179002+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5804 --field-trial-handle=1780,i,1035998716237825068,749623801611036779,131072 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:kIApi3p9_JludA7J_hhiFGJEkkwiXG2aAJQ8cWKBlsNezbwvkrl4GWHyte4_il2gpfNV-0W3ZpDuqLfLRKDEHBgzH371jAOEQtHojGhE8rAiBZFnOAgE74fmBMDyAxVEvBMH-lL5EXTh11BJ5Q9tSJfoydQee5q4jNw0Wudt0Swaf3fwFqcXtBBxDjYxPwMz8mbMI1bVVp3HBkQpbJ-TOCeWYDAkjyIongBMPAXZELw+launchtime:1718706774820+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718706446179002%26placeId%3D8737899170%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D60a893cc-29d8-49fd-8ad0-ccc478c677f9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718706446179002+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\WatchCheckpoint.mht

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2880ab58,0x7fff2880ab68,0x7fff2880ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3500 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4356 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B92D5DD-1AD6-4FCF-BB24-60834BFFAEB6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B92D5DD-1AD6-4FCF-BB24-60834BFFAEB6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{A6CDE619-394B-48B3-983B-96CCCC718251}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTZDREU2MTktMzk0Qi00OEIzLTk4M0ItOTZDQ0NDNzE4MjUxfSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFRUE2NDg4Mi03ODZGLTRBNzAtQjI0OC1CMzlBNjAyOTgwQUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3MzA3MDMzMTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTczMDcwMzMxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTkwMTM5MTA0MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzE5MzExNzA1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVN0MUk2SUhhQlhNNTZpZG9hZkpPNHMxMHk3d3BuOWJEek50Q05YN0lycEhFMkYyJTJmYiUyZjR4aXE1RXlKNkpBQVN0T0dHdk9CdnVBcUNOVUdHcDJIQTdDZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk5MDEzOTEwNDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzE5MzExNzA1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVN0MUk2SUhhQlhNNTZpZG9hZkpPNHMxMHk3d3BuOWJEek50Q05YN0lycEhFMkYyJTJmYiUyZjR4aXE1RXlKNkpBQVN0T0dHdk9CdnVBcUNOVUdHcDJIQTdDZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSIxNjk5MCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5OTAxMzkxMDQzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk5MDY2NzczNjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzYyNjE4MTU1MTExODMxMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi42MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezY2MzI1OEQ5LTU0ODgtNDZDQi1CQzdCLTQ0QURFNzM3MkEwOH0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU742F.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{A6CDE619-394B-48B3-983B-96CCCC718251}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTZDREU2MTktMzk0Qi00OEIzLTk4M0ItOTZDQ0NDNzE4MjUxfSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NDFENzE4RDMtNDJDMC00M0U3LUIwRTAtMUFDMTJCQUU0RUFBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTg3MDY1ODciPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk5MTYyNTY3NjQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2612 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4008 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4212 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3256 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:2

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3044 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5688 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5660 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1472 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5812 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5212 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6240 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6452 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6580 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6020 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6820 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7040 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7052 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6800 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5212 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6960 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6668 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6804 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5880 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6736 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6256 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5740 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2716 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3276 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6648 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3276 --field-trial-handle=1776,i,5487715182999364239,17838228865626460496,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDBGMTkxMDAtN0JBNi00QTIwLThEMTgtQkFBNkY4M0Q4Q0E5fSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Njc0ODEyODctNkU3Ni00ODk0LTgzRDMtMzlFNUI0QkY2QkIwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjYiIGluc3RhbGxkYXRldGltZT0iMTcxODE0MzEwMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzYyNjE1ODU5NDM0NjEwMiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQzMjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyOTE2OTk5MTQ1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{562F2B5D-DA1D-4723-8895-183CC618F63D}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{562F2B5D-DA1D-4723-8895-183CC618F63D}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDBGMTkxMDAtN0JBNi00QTIwLThEMTgtQkFBNkY4M0Q4Q0E5fSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1NTE0QkFCQi03NkRFLTQ1RDgtOTlGRS1GQzdEMDJENDQ5OUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyOTI2NjA5MjA3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5MjY3ODkzNzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NDI0NTkwNjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxOTMxMjAyNCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1QWjZKbUdBR1pCSkNPSUFjQ3RYQjVGNDRGM0sxdHZZJTJidU1tcmxqUVd1cmR2S1JVNFkzbHc5OWFGeFpZWnpUVUtNcG1DbGdYNnNuV1NyJTJiTG1mVTQxNFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iOCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjQyNDg5MTcyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxOTMxMjAyNCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1QWjZKbUdBR1pCSkNPSUFjQ3RYQjVGNDRGM0sxdHZZJTJidU1tcmxqUVd1cmR2S1JVNFkzbHc5OWFGeFpZWnpUVUtNcG1DbGdYNnNuV1NyJTJiTG1mVTQxNFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSI2NzA4MiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjQyNTk5NDYxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NDg3NzkxOTQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY1MDczOTExNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM4MSIgZG93bmxvYWRfdGltZV9tcz0iNzE1NTEiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE5MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\MicrosoftEdge_X64_126.0.2592.56.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff760d1aa40,0x7ff760d1aa4c,0x7ff760d1aa58

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7D70BBD9-E00C-4F91-8B12-73491D91AB71}\EDGEMITMP_6B0B3.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff760d1aa40,0x7ff760d1aa4c,0x7ff760d1aa58

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff66ca6aa40,0x7ff66ca6aa4c,0x7ff66ca6aa58

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.56\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff66ca6aa40,0x7ff66ca6aa4c,0x7ff66ca6aa58

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTQ4MTQ2NkUtNEQ4OC00N0FCLUFGREEtOTUyMEM1NUY1RUNBfSIgdXNlcmlkPSJ7NENCMkRGNEUtNjg3Qy00M0I4LUJFRUQtNTA0QzY1QkU2MEZFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0OTMyM0VCRi04OTk1LTRDQkQtQUFCMi0xOUJGNTlCNTM3RkJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjE1Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzc4IiBwaW5nX2ZyZXNobmVzcz0iezAwNzdGMzlGLUU2NUUtNERFQS05OEE4LThGRDVFQkQ2MjBENn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjU2IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2MjYxODE1NTExMTgzMTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzODI1NjQ5MDM2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzODI1NzA5MDk4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDAwNjcxNjE1MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzY4YWRlMzU5LTU0NjctNGVlZS04MTc3LWM2Y2EwMDg1NTI1ZD9QMT0xNzE5MzEyMTE0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUNZN3JyaXE1TFJZenRFcWdmelI0elBIUklHc0xQckxYalBhWW1OeTRKeVkzUUtnR0FYMzNhSGElMmJ1cldsWEVSSXF6QWNvajE2WkRJbkxWZyUyYkdvWGFnQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDA2NzE2MTUxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82OGFkZTM1OS01NDY3LTRlZWUtODE3Ny1jNmNhMDA4NTUyNWQ_UDE9MTcxOTMxMjExNCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1DWTdycmlxNUxSWXp0RXFnZnpSNHpQSFJJR3NMUHJMWGpQYVltTnk0SnlZM1FLZ0dBWDMzYUhhJTJidXJXbFhFUklxekFjb2oxNlpESW5MVmclMmJHb1hhZ0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzMwMTg2ODAiIHRvdGFsPSIxNzMwMTg2ODAiIGRvd25sb2FkX3RpbWVfbXM9IjE2MTM2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDA3MzQxMTg1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDIxMjQ3MzgxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDQ2NTMyNzM3MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM0NCIgZG93bmxvYWRfdGltZV9tcz0iMTgxNTciIGRvd25sb2FkZWQ9IjE3MzAxODY4MCIgdG90YWw9IjE3MzAxODY4MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDQzOTMiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2Mzc4IiBwaW5nX2ZyZXNobmVzcz0ie0ZGODVCNjAwLTZENzctNDYwQy1BODE2LTFCQzc2RTFEM0EyRH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi42MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuMTEiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjM3OCIgcGluZ19mcmVzaG5lc3M9InszRUZFRTk2MC03Qjc4LTQ0ODAtOTZDQi1BMDUzMzRBQTIzNzd9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c

Network

Country Destination Domain Proto
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 128.116.119.3:80 lhr2-128-116-119-3.roblox.com tcp
GB 128.116.119.3:80 lhr2-128-116-119-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
PL 128.116.124.3:443 groups.roblox.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
BE 2.17.107.162:443 static.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
SE 2.21.97.42:443 js.rbxcdn.com tcp
SE 2.21.97.42:443 js.rbxcdn.com tcp
SE 2.21.97.42:443 js.rbxcdn.com tcp
SE 2.21.97.42:443 js.rbxcdn.com tcp
SE 2.21.97.42:443 js.rbxcdn.com tcp
SE 2.21.97.42:443 js.rbxcdn.com tcp
PL 128.116.124.3:443 client-telemetry.roblox.com udp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 42.97.21.2.in-addr.arpa udp
PL 128.116.124.3:443 gold.roblox.com tcp
PL 128.116.124.3:443 gold.roblox.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com udp
BE 23.14.90.81:443 apis.rbxcdn.com tcp
BE 2.17.107.145:443 css.rbxcdn.com tcp
BE 2.17.107.219:443 images.rbxcdn.com tcp
BE 2.17.107.219:443 images.rbxcdn.com tcp
BE 2.17.107.219:443 images.rbxcdn.com tcp
BE 2.17.107.219:443 images.rbxcdn.com tcp
BE 2.17.107.219:443 images.rbxcdn.com tcp
BE 2.17.107.219:443 images.rbxcdn.com tcp
PL 128.116.124.3:443 gold.roblox.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
PL 128.116.124.3:443 gold.roblox.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 35.219.153.27:443 e2c54.gcp.gvt2.com tcp
US 108.177.122.94:443 beacons.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 142.250.191.131:443 beacons2.gvt2.com tcp
GB 18.244.155.10:443 roblox-api.arkoselabs.com udp
SE 184.31.15.64:443 tr.rbxcdn.com tcp
PL 128.116.124.4:443 lms.roblox.com tcp
SE 184.31.15.64:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
BE 2.17.107.217:443 css.rbxcdn.com tcp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 8.8.8.8:53 aws-us-west-1a-lms.rbx.com udp
US 8.8.8.8:53 aws-ap-northeast-1c-lms.rbx.com udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 3.135.120.9:443 aws-us-east-2c-lms.rbx.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
GB 18.245.143.90:443 c0aws.rbxcdn.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 54.215.216.30:443 aws-us-west-1a-lms.rbx.com tcp
US 151.101.193.194:443 roblox-poc.global.ssl.fastly.net tcp
JP 54.248.200.32:443 aws-ap-northeast-1c-lms.rbx.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
JP 54.248.200.32:443 aws-ap-northeast-1c-lms.rbx.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
PL 128.116.124.4:443 lms.roblox.com udp
BE 2.17.107.195:443 t2.rbxcdn.com tcp
PL 128.116.124.4:443 lms.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 18.190.37.100:443 aws-us-east-2b-lms.rbx.com tcp
US 34.205.21.180:443 aws-us-east-1c-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
BE 2.17.107.152:443 ctldl.windowsupdate.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
HK 18.166.23.199:443 aws-ap-east-1a-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
HK 18.166.23.199:443 aws-ap-east-1a-lms.rbx.com tcp
US 3.135.120.9:443 aws-us-east-2c-lms.rbx.com tcp
US 151.101.193.194:443 roblox-poc.global.ssl.fastly.net tcp
DE 3.123.132.50:443 s.ns1p.net tcp
DE 52.28.200.16:443 s.ns1p.net tcp
JP 128.116.120.3:443 nrt2-128-116-120-3.roblox.com tcp
JP 128.116.120.3:443 nrt2-128-116-120-3.roblox.com tcp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 34.205.21.180:443 aws-us-east-1c-lms.rbx.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 18.190.37.100:443 aws-us-east-2b-lms.rbx.com tcp
BE 2.17.107.152:443 ctldl.windowsupdate.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com udp
PL 128.116.124.4:443 lms.roblox.com udp
GB 18.154.84.45:443 js.stripe.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
GB 3.9.154.15:443 aws-eu-west-2b-lms.rbx.com tcp
US 151.101.64.176:443 m.stripe.network tcp
US 52.33.51.5:443 m.stripe.com tcp
SE 2.21.97.57:443 setup.rbxcdn.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
PL 128.116.124.3:443 ecsv2.roblox.com tcp
PL 128.116.124.3:443 ecsv2.roblox.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
SE 2.21.97.56:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51451 tcp
N/A 127.0.0.1:51455 tcp
N/A 127.0.0.1:51459 tcp
N/A 127.0.0.1:51462 tcp
SE 2.21.97.56:443 setup.rbxcdn.com tcp
SE 2.21.97.56:443 setup.rbxcdn.com tcp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
SE 184.31.15.42:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 142.250.187.238:443 consent.google.com tcp
GB 142.250.200.42:443 waa-pa.clients6.google.com tcp
GB 142.250.200.42:443 waa-pa.clients6.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 142.250.191.131:443 beacons2.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 88.221.83.248:443 www.bing.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 95.101.143.201:443 tcp
US 20.42.65.91:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
BE 2.17.107.107:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 225.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 21.233.34.23.in-addr.arpa udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
SE 184.31.15.50:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 152.199.21.175:443 logincdn.msftauth.net tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
PL 128.116.124.3:443 presence.roblox.com tcp
PL 128.116.124.3:443 presence.roblox.com tcp
N/A 127.0.0.1:53751 tcp
N/A 127.0.0.1:53756 tcp
N/A 127.0.0.1:53759 tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:53770 tcp
SE 2.21.97.57:443 setup.rbxcdn.com tcp
BE 88.221.83.248:443 www.bing.com tcp
FR 128.116.122.4:443 roblox.com udp
PL 128.116.124.3:443 presence.roblox.com udp
PL 128.116.124.3:443 presence.roblox.com tcp
BE 2.17.107.162:443 static.rbxcdn.com tcp
GB 18.244.155.22:443 roblox-api.arkoselabs.com udp
PL 128.116.124.3:443 presence.roblox.com udp
PL 128.116.124.4:443 lms.roblox.com udp
PL 128.116.124.3:443 presence.roblox.com tcp
PL 128.116.124.4:443 lms.roblox.com tcp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
SE 184.31.15.65:443 tr.rbxcdn.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
PL 128.116.124.3:443 trades.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 54.189.254.207:443 aws-us-west-2b-lms.rbx.com tcp
US 3.134.28.225:443 aws-us-east-2b-lms.rbx.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 54.189.254.207:443 aws-us-west-2b-lms.rbx.com tcp
PL 128.116.124.4:443 lms.roblox.com udp
PL 128.116.124.4:443 lms.roblox.com tcp
BE 2.17.107.168:443 t2.rbxcdn.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
SE 2.21.97.49:443 js.rbxcdn.com tcp
N/A 127.0.0.1:9229 tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 www.youtube.com udp
N/A 127.0.0.1:9229 tcp
GB 216.58.204.67:443 id.google.com tcp
BE 104.90.26.246:443 design.mayoclinic.org tcp
BE 104.90.26.246:443 design.mayoclinic.org tcp
GB 18.154.84.8:443 tagdelivery.mayoclinic.org tcp
BE 104.90.26.246:443 design.mayoclinic.org tcp
GB 143.204.176.82:443 nexus.ensighten.com tcp
US 15.197.170.207:443 webmetrics.mayoclinic.org tcp
GB 132.145.57.130:443 cdn.decibelinsight.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 18.235.90.196:443 aim-tag.hcn.health tcp
US 104.17.23.84:443 assets.sitescdn.net tcp
GB 143.204.176.82:443 nexus.ensighten.com udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
BE 104.90.26.246:443 design.mayoclinic.org tcp
BE 104.90.26.246:443 design.mayoclinic.org tcp
BE 104.90.26.246:443 design.mayoclinic.org tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 196.90.235.18.in-addr.arpa udp
US 8.8.8.8:53 141.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 130.35.229.170:443 s74881809.t.eloqua.com tcp
GB 18.165.242.110:443 sb.scorecardresearch.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 18.235.90.196:443 aim-tag.hcn.health tcp
GB 18.245.218.29:443 solutions.invocacdn.com tcp
NL 23.62.61.138:443 cdn.trustedcareaccess.com tcp
US 34.149.147.33:443 prod-realtimeapi-usc1.rdpnt.com tcp
US 34.149.147.33:443 prod-realtimeapi-usc1.rdpnt.com tcp
BE 104.90.24.133:443 c.go-mpulse.net tcp
NL 23.62.61.155:443 api.trustedcareaccess.com tcp
US 3.232.203.184:443 www.medtargetsystem.com tcp
BE 104.68.78.171:443 ads.rubiconproject.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 216.137.44.108:443 tagan.adlightning.com tcp
N/A 127.0.0.1:9229 tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
BE 104.68.78.171:443 ads.rubiconproject.com tcp
US 104.18.166.224:443 pub.doubleverify.com tcp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
NL 23.218.48.210:443 secure.cdn.fastclick.net tcp
GB 172.217.169.74:443 waa-pa.clients6.google.com udp
GB 172.217.169.74:443 waa-pa.clients6.google.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
N/A 127.0.0.1:9229 tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
N/A 127.0.0.1:9229 tcp
GB 216.58.204.67:443 id.google.com udp
N/A 127.0.0.1:9229 tcp
US 76.76.21.21:443 insomnia.rest tcp
US 76.76.21.21:443 insomnia.rest tcp
US 76.76.21.21:443 insomnia.rest tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 143.204.179.196:443 cdn.segment.com tcp
GB 18.172.153.79:443 cms-react-testing.cdn.prismic.io tcp
US 151.101.2.208:443 images.prismic.io tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 20.26.156.210:443 api.github.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 18.165.242.80:443 static.cdn.prismic.io tcp
GB 143.204.179.196:443 cdn.segment.com tcp
US 35.174.24.46:443 cms-react-testing.prismic.io tcp
US 104.18.32.137:443 kong-privacy.my.onetrust.com tcp
US 34.223.74.168:443 api.segment.io tcp
IE 20.209.97.225:443 optanon.blob.core.windows.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 172.64.155.119:443 kong-privacy.my.onetrust.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
GB 95.101.143.201:443 tcp
US 20.42.65.91:443 browser.pipe.aria.microsoft.com tcp
GB 95.101.143.201:443 tcp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
FR 152.199.21.118:443 static-ecst.licdn.com tcp
N/A 127.0.0.1:9229 tcp
BE 88.221.83.226:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
GB 142.250.187.196:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 216.58.204.67:443 id.google.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 216.58.213.14:443 www.youtube.com udp
N/A 127.0.0.1:9229 tcp
GB 172.217.169.86:443 i.ytimg.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.74:443 waa-pa.clients6.google.com tcp
GB 172.217.169.74:443 waa-pa.clients6.google.com udp
N/A 127.0.0.1:9229 tcp
GB 172.217.169.74:443 waa-pa.clients6.google.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 45.60.13.212:443 community.spiceworks.com tcp
US 45.60.13.212:443 community.spiceworks.com tcp
GB 18.245.187.47:443 global.discourse-cdn.com tcp
GB 18.245.187.47:443 global.discourse-cdn.com tcp
SE 184.31.15.200:443 cdn.static.zdbb.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 23.62.61.193:443 cdn.ziffstatic.com tcp
NL 23.62.61.193:443 cdn.ziffstatic.com tcp
NL 23.62.61.193:443 cdn.ziffstatic.com tcp
NL 23.62.61.193:443 cdn.ziffstatic.com tcp
GB 51.11.20.152:443 secure.intelligence52.com tcp
GB 13.224.132.82:443 sea1.discourse-cdn.com tcp
GB 13.224.132.82:443 sea1.discourse-cdn.com tcp
GB 13.224.132.82:443 sea1.discourse-cdn.com tcp
GB 13.224.132.82:443 sea1.discourse-cdn.com tcp
GB 13.224.132.82:443 sea1.discourse-cdn.com tcp
GB 13.224.132.82:443 sea1.discourse-cdn.com tcp
GB 18.245.187.47:443 global.discourse-cdn.com udp
GB 13.224.132.82:443 sea1.discourse-cdn.com udp
NL 23.62.61.193:443 cdn.ziffstatic.com udp
GB 18.245.187.47:443 global.discourse-cdn.com udp
NL 185.172.149.104:443 avatars.discourse-cdn.com tcp
NL 185.172.149.104:443 avatars.discourse-cdn.com tcp
NL 185.172.149.104:443 avatars.discourse-cdn.com tcp
IE 63.34.2.42:443 zdbb.net tcp
US 44.205.212.213:443 gurgle.spiceworks.com tcp
US 34.195.185.248:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
NL 23.218.48.210:443 secure.cdn.fastclick.net tcp
US 104.18.167.224:443 pub.doubleverify.com udp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
US 18.214.43.31:443 gurgle.spiceworks.com tcp
US 52.6.103.93:443 jogger.zdbb.net tcp
NL 23.218.52.105:443 tags.bkrtx.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
IE 54.228.156.250:443 hb.minutemedia-prebid.com tcp
IE 54.228.156.250:443 hb.minutemedia-prebid.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 172.64.151.101:443 dsum.casalemedia.com tcp
US 172.64.151.101:443 dsum.casalemedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
BE 23.55.96.210:443 stags.bluekai.com tcp
N/A 127.0.0.1:9229 tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
N/A 127.0.0.1:9229 tcp
US 104.18.32.137:443 kong-privacy.my.onetrust.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
GB 172.217.169.65:443 c562abf98fa2d6ea01f25cafda66c7e8.safeframe.googlesyndication.com tcp
US 35.190.39.111:443 esp.rtbhouse.com tcp
IE 52.17.55.191:443 bcp.crwdcntrl.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
GB 142.250.187.196:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.169.86:443 i.ytimg.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 172.217.169.74:443 waa-pa.clients6.google.com udp
GB 172.217.169.46:443 www.youtube.com udp
N/A 127.0.0.1:9229 tcp
GB 172.217.169.74:443 waa-pa.clients6.google.com udp
N/A 127.0.0.1:9229 tcp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 162.159.152.17:443 qph.cf2.quoracdn.net tcp
US 162.159.152.17:443 qph.cf2.quoracdn.net tcp
US 162.159.152.17:443 qph.cf2.quoracdn.net udp
GB 18.172.153.106:443 cdn.sprig.com tcp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 qsf.fs.quoracdn.net udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 api.sprig.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 3.228.185.195:443 api.sprig.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.185.228.3.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.14:443 google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 54.221.228.179:443 tch810303.tch.quora.com tcp
US 8.8.8.8:53 179.228.221.54.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 q.quora.com udp
US 52.3.138.231:443 q.quora.com tcp
US 8.8.8.8:53 231.138.3.52.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 4.26.95.13.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
SE 184.31.15.42:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 162.159.152.17:443 qsf.cf2.quoracdn.net udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 afdxtest.z01.azurefd.net udp
GB 95.101.143.201:443 tcp
US 13.107.246.64:443 afdxtest.z01.azurefd.net tcp
GB 95.101.143.201:443 tcp
US 8.8.8.8:53 fp-afd.azurefd.us udp
US 20.140.48.70:443 fp-afd.azurefd.us tcp
US 20.42.65.91:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 70.48.140.20.in-addr.arpa udp
US 8.8.8.8:53 254.18.107.13.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 162.159.152.17:443 qsf.cf2.quoracdn.net udp
N/A 127.0.0.1:9229 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 presence.roblox.com udp
PL 128.116.124.3:443 presence.roblox.com udp
PL 128.116.124.3:443 presence.roblox.com tcp
PL 128.116.124.3:443 presence.roblox.com udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 games.roblox.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
PL 128.116.124.3:443 games.roblox.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 thumbnails.roblox.com udp
PL 128.116.124.3:443 thumbnails.roblox.com udp
PL 128.116.124.3:443 thumbnails.roblox.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
PL 128.116.124.3:443 thumbnails.roblox.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 images.rbxcdn.com udp
BE 2.17.107.219:443 images.rbxcdn.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI13802\ucrtbase.dll

MD5 793eaa5f4b9e9433d63231a3da0cd2ae
SHA1 71dcba32528af7574a1bf463e1affd6ee25834b8
SHA256 da23ba5c0a69c2199bd2ba04ea6d2c022eac59829ac489f9286e4df7079ccf91
SHA512 7bfe866088037df804fc8979ddca6137aeabf48d59d171bdd0ca81c516f644aa8ad47b14458d73ab24800a829d4309987e1290234aace13e2a42e22127b463cb

C:\Users\Admin\AppData\Local\Temp\_MEI13802\python38.dll

MD5 15dc83636ae9a81d7655b96c5e35ceb9
SHA1 d1d24acbde8cbae61a023200a457b152f2f41959
SHA256 2ff297c95ec95f584edde4e1f852aa4aa7976ca659380a86551cbaa20b20a33a
SHA512 bc145b0db0e9ed08f37603ee0a5fab50e2168c6ed43f75b22b2b03f853aa2c019ca85bf877079e38e5b616688cc641ed81e2421ab2f3940ac826e188a1aa1225

C:\Users\Admin\AppData\Local\Temp\_MEI13802\VCRUNTIME140.dll

MD5 2ebf45da71bd8ef910a7ece7e4647173
SHA1 4ecc9c2d4abe2180d345f72c65758ef4791d6f06
SHA256 cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b
SHA512 a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457

C:\Users\Admin\AppData\Local\Temp\_MEI13802\base_library.zip

MD5 980803999e3d3bd6bede5686f86fac8a
SHA1 22dc630261b52c28ba6a96087cea822860b20862
SHA256 ae8d5a7ffdf6e0b75b930e2253fae4a241e198625cf8579c1dc3113ea8280dea
SHA512 7d586948f7c06bf5bb12cb45d8ab1535a8a3e955419d5b1349870259b3b4ae6b29a1bc546631f384dc6e8f98d01d32d71f9f57f61b18c8b0b6ac004592b4d092

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_ctypes.pyd

MD5 6264e928d931bd665febeda1d1b15117
SHA1 f656513a17237543de115a5864a49e71e7a6049a
SHA256 a12fc926903b095c7cde1c020b2519428845f485ff5964c296667246b2e0f262
SHA512 b4e1cdf8b12ca026e3d330037eb570cf055e95e8d96e5700cf752191b5b1b468cff3a5317cbdfc54e71e1ab1e75674f15f7df246d75d3a29b47ecb373226166d

C:\Users\Admin\AppData\Local\Temp\_MEI13802\libffi-7.dll

MD5 bc20614744ebf4c2b8acd28d1fe54174
SHA1 665c0acc404e13a69800fae94efd69a41bdda901
SHA256 0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA512 0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_bz2.pyd

MD5 afc7802468dca43cff7bf902feace6a0
SHA1 cd028e3178ed5cff9e2d2b5752c3651124b66614
SHA256 8efbc8f4dd21267a6b9a72276a48aff5944f0982b577172675db2bda457cceb1
SHA512 b445a61b8e1e56273169a2f55b88a3ccd3351bc03e99b3edf8ba1792483e7bb33eaedfe5561a2f6070c41c9c41a878a2367bcd4662da22532d905af7638a8155

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_lzma.pyd

MD5 fcbceb644f1d31ef3ee573bca0a11601
SHA1 fabdda171a58b2d07e4fafa1a15629e1f5039b4f
SHA256 1b597eeb44fe2986e85c9c501670b88c267b8cddbb453fcc5832f609080f13fc
SHA512 21fa8ab08a5e4a4d02fe6678e89c3f2be8576a5c15bcef38b88504889794e23d8de223052f963c42075b5548a6a9364ac8f100171f47b6fe1d917d7b2684a7b5

\??\pipe\crashpad_2920_IECRUQKQHBBTMUCN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6f1e7f3d27af38ba4378634044ed99e0
SHA1 46e59e516f213a5553829dbdff551ac41b6e8750
SHA256 c4a01dc5a54103874d1d1b4e21d994b8f05603447b21018ae7a3f36c63897a5b
SHA512 df5ab6456ac0f06a70f31827d1b89c1d137386f642516b3abe1f23c003d4d28030a9ee9cb63de83bff8a21be327f29e0ccc6bc7813a0cd05dc0d25a0df05d80a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 42274351780fd95a6e1896c10ec7a91d
SHA1 57ed48ac6c1e95e757b6ae392b4e3a6e7929cc29
SHA256 31b6f41924f156d10a20059c5c445e26326fabbbdbdbf97036761829b25bdb86
SHA512 fdc1265f9f4b2b4bcf07d1a46c488cbe88ac1bcb8af467018e885ee82c5bbb83fb2beb6407cb9a75af40f7bae46f8e4ebc7d35e234f3ff81699f0d4f45093e5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1224a46202aa9dda073329f6508a61ad
SHA1 5565886b83b385a340b7632a1aa7f43c47b25543
SHA256 b30ee0e3237b48496b0bea8ae74d98812867a9e6c59b070193851e464d475f98
SHA512 4db570986e70982ca0f608cc8a146a0fcc4c58e7015e6713b91e8118eab7c927e4c8a9c2b6641c542029a3622479d92e565f8d7c68877c9e2a42f996fe44f438

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 143dd6366274a33719b61b577569d2dd
SHA1 5f366ec51082b642aa56a4321c60a0f5ed64a608
SHA256 fff7050a326f54b9b963dc46bfeb43f9cfbcff41d62016ab646c110d11c764d2
SHA512 adde534bad14c2859801c975ec67532fb2291acebb46c2fdd34479f1e4564180f50fbb6f0dc3cff3e555d2960d4477f708fb6b0cffda5a3542944b677548218e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 758c28872566e6dc034833af0a0f7fc5
SHA1 a623021691caa9323b36402105ccde02c26c2f11
SHA256 4cfa122895b3d4c82ee2e6083721f485a893be73f52af5856a858e8039839da7
SHA512 612457bf03e8a57c8d69781dfb6d1d012bee8c1f6e0f945c3bdc2aa195355dc81e76efc45d5f478b23805adda926682c376d6c162fb3f72531589bcf83b724ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e97a9d672f9434569f257d2c1e14e5bb
SHA1 3e53c615dc9a0c31f7055bba32afa3e7990786f1
SHA256 f2f16b1cf9f9f273cdc02aa2e78a71958b5a57756f145a0ceec8f7e5472a48f2
SHA512 06b4ae5ca0a37313076ee05d1cd6117645c3a61e5b8fc29522f3d82fb89098bb4c068772a5a3035a0ba688e3776406345469a4ba112ef4f3c7c22def76599ebb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

MD5 bd11993c37524ce1912d4ef72f1fed97
SHA1 87a4db2ca2f751b4c4043fe7198cca07df3b8b7a
SHA256 80e0a5ec94c808353f8c0bd751aae2361caeea59171fe4a30ff5a6c737ca4ee3
SHA512 eb214e510d4641863839624439ed87e0096c22e3639c0135c528271a0e05d7297a9a0c8faba4f1194eaecc8ec797ce5503ef0cf283e64517fa0b98123ea07670

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 084d0e1a697923e0f1021a0b2c99de1d
SHA1 8338997cbcefec57e1ab262c15ab495d291dcb9f
SHA256 cfd544db2c5ea5d2bdeeb9fa3b6c5290e3820473225582c4f243ac351f2cbbb3
SHA512 4174464bfe8518dc6f8952f6d57d186b815e841da8990ea31c495eaab5a8693a757c839c47587b64227bf8f630c0101d88957dc37ec14d5c26797f2a7974923a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

MD5 56ff7b6ee122d8cd4ee704a2e6ecebf8
SHA1 e908846f0214169f002ae8a87949d5559d78b9a0
SHA256 785b0d4ab984533e129008e7008648ccfdd8e345638835e237bdb1688483a99e
SHA512 594f0b1a50d07f34ebdbe09ba007e74d007c4fc121adc2a7ce17799ab838861a8570ae166f5da1a5294854ab25febc8282f2d09ae1d2354435cd47e386e19fcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

MD5 5e2623fe27a423cd492f58721c99f656
SHA1 68bbb4b543697ba2a486d17e761ff0af126bef3d
SHA256 0c8a30343d17d22a92703db7a7d3cf29688a12064eeba4996d06549edf9ce493
SHA512 6f569e69049450c26dea3ec524f0a850a988f849b1b63d8eed2e3576f12c791451a5aba246c3bea1b945e6634a9c9d31690bce5e952f29e099866f664896a65b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 a3af04e122595ac0f1eeebaf5cb37d4b
SHA1 31fd86d26fae0cc6836c54dcb3608fb990c29c62
SHA256 7713b86216f0e6d625bdec33225aa08eced4b2b5b5d0516ff29d96992fe7ec8f
SHA512 b6b619041bb458792f192a9410201cfba4c30f48d136407cc2b8bc565c609c02f1029ae7b9ecec7ecf69ea2afbe20c039d469ee9b58b4788f9654ead07b60a9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 40cc4e8fedc190c9f204740c213ccf02
SHA1 4634e62d11bc8a567fc5456a8987f247af15d43a
SHA256 206afcb367edd30431d48f19e5f33bd31c8b202f6d23aa56e6a286b293b60c81
SHA512 f5729741aa520361bda7f5a7a2191a935b0740d3d59285006e03a6298d5dcb272ff18ed56a3acb28ea02de8b1b121c9341d116a35eadda8429b8bfc1a7fcc0fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 59a2d35c9e5c193100b7936decbce1f9
SHA1 3316295ad4ead105c062b85d1b7e38e746e49516
SHA256 52fd57b52eccbeb461ca076fae6e1f3cf805608364ffd4a5e3460fe099726156
SHA512 d898fe9ec4a1eb06a4cd67237628ccf4ca5a3ae52c9db66c68f68dbe886b1657ede2bb292b59a0a84ce5d2f781edb234dcd57acda2698794d0583cc3fda93cfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 b962fa441437a29136cb08e63501b2a7
SHA1 91a208c3eaed915d81717157a10da6afbe87c445
SHA256 9feb077a7d9879740a0c393773f5790cc0a3737ea1720e07e9a75823ac21af3e
SHA512 d39d62e3c367a8af99250e0d6b707d6336885fbffc945c67372badc3fa005efa57e5e54ba1f7603ecc1766fa139642139fda10054f3ed07469195a42c1a72f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

MD5 a1a5a714284675746c74be61275184f5
SHA1 2a396b7d5d1b350e7d25c7db00443719dab2eafb
SHA256 d67cf54c2c037083170cb51b87184aa5f80c7f83ec82a8acb51effaf64cc436d
SHA512 0f7e4a779ca23db5a287cdf482c4917afc5eb7199656fd203a37aec1c64ec4bdd917dd4b0796aecfe7d8c97bd84e4b7014025d958cfacb9cf489beefb6885865

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 4ea5717f8215e82bdf261c951eb8f456
SHA1 65b0ffdb1592412ee6033b34e9949709b35614c8
SHA256 a8bfebf292636f9e0e7056b141a0a344c86428e42126d4c475e0665798ec683d
SHA512 020b07672cb516e1a696749de78045326293d37e0a9e8b13efcbff378ed22a22bf076ada45bcaf2d5969603420b80e7062814eb3155105716d0b531642653ce8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 6b5c10102009075753c6f22e933fe9ad
SHA1 b61a9a29acb0c129d49d62623611368ff3aa23f3
SHA256 1f1747cfc76f06e6690845bdcba186c5c8a39173b46b12bfdfabe1d4dd41c9f1
SHA512 e11effb3c80e7c859ff937d688224bd59a1b67ce449f7b0988f3cd31db48c7e2f8b1387b7d4a224b7829c0811843876384b14d1fa802573563f6bf67d02b644d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 5e297e0d83f3d837cf0648a56e3adbd6
SHA1 684745d31bc1ba43cce634a68b94492dcb35efe3
SHA256 3d416b92f1064bc5be397b6f9696d23a1453b24b153c189205dc031ef0bc0e7b
SHA512 b515343478d5f6917a0294fac5fca0f7cc609a3da1e7f5f985491b5f41febc83818e76a40ccaedb7279e76e72e0522a266f0bed8094aed2b562aee58b2d7c007

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 a62846d77f27b10ca234799c500f1ab6
SHA1 6c50cfabd62527e3988a6c5ccdd02b159c84cc07
SHA256 47ee4e06ccadbf19ffc049e819a132ab8716b310daa62d32ee75fb81d6013b1d
SHA512 6540e71b52ef35bad8b968ffbeb9b0a4b11f469601c7d1b7c144c18544728b8f3a6531883e9a7cef031581a33b677ab22536102938ba6c6bf609750c07e6569b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 4555036eed126dc1fe9bfe9bbad170d3
SHA1 305fe1afc0b158734f93e21923e36367b9192ff8
SHA256 9a16b332f044f9333414a882893670c2abe4b87db25bd540320229e7fd82c051
SHA512 5d24d65f39c14dd840628bab30fc65b1f80c5eff466b5014bd6c50bc4aec916789d327e46d149486c95422f1b18936c175dc6f9c2d331704618ea8c7d1d80929

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 e097e9e5b5b62847c6ac4c4ce6f174bd
SHA1 4b01ce5f35476b2aa7306d23b039021377bcdd58
SHA256 c82ce714d0a9a11a501353303d8bfa0ce3e41ec9e804f6f2884dcced56aa75fe
SHA512 7f54ffe64516e9d0c9de3f45fde1c0bdedb6089f7099398109e356489d5ad5d941a3a045e11f58f80685cdf5bbdac8e36a4e982c6a2b73f9bc7227d802e6cd97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 caaa5222d179a24ca5540080c7018b99
SHA1 1f415a7a73a12a4c16f25709504f4e4e4beae9dd
SHA256 b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf
SHA512 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 626db63821a067da9d49871102c9916d
SHA1 e90dfbb48a9321e4a1c0457efe0b4dc3ef37caf7
SHA256 535d9ef119688770a0661c7fdd152cd992e0699b0fa47109feec60bedd6cbfbe
SHA512 e4ee9502172cb01e7c164314de75da38a8877489e6e67264f4d9f34e79cf2c1fc26f0c62742d140eda8cc39f20c9f0313004b699efe1975538f945d51c59f87a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 57f200d7da656a3165e5f3b0da65faa2
SHA1 42b475e3ba75f1d90f906b84daeb515dbf0dc364
SHA256 052b56f495fb8102446cb26a7afb7fa6e39d613529104bc2be5d123c46a7c20b
SHA512 fd3069c7251c44c93748b955d03d8fd3617d088892a858b54ca8b6c385b667b5edc994b56d373eb5aad79f2a1c66be96ec5046df704412a17956c617b5df3f2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 c4cc026ba9c6a06fb7237734d18d13a0
SHA1 65b5b78b21cc2f82ddb5b7ede3777872a676c5ee
SHA256 c620ab7d666c26e8873b9805fcb06d812fb6c5e7ecb55198b8dd924b17da486f
SHA512 7311a34058c0671e1fea5b5863c8744d5df8abaf85865825a8e013639d36daaf8556c92e18fb32d28fda8c591e643e962d4ac08bb0ec1e8a0f5551b5400dbfc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 60efc27efb38bb3a80d16edfcde52674
SHA1 92f76a865bd6e0cfca3e0738331414082622e197
SHA256 5498197269e89d6df6564f95bc4abb6e9578de31c7ab3820608096a1afacdfb3
SHA512 a6d898d7720eef4b7535757738d4e7648c673424bed48da88314763b2cea6bc3587f17df966be0b601864e814ff1ed1677cfd9b97f5246a106cb60238216979e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 af97cb31bac98449fd5e5a6f83a823db
SHA1 86884a2d38172a95cf5ee04e2c304bbfd126c311
SHA256 ef81de0da0b4028fe81662505387ff9084efbab5f8443ef95ff65a93cd04e6bf
SHA512 08002f43888644791b76df7872bfab7aba6c27ff8933d46f56a7de70ef038fbfba097a2c2d4366f5a464291d810637de8b827e3c10e2d81adfdecbbf6652e2b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 94b45db2fea99313ef24bdb64e60fd69
SHA1 02c04830a8399722737ef3ed2c97580c86ce9e42
SHA256 cf19fd83d6db1b197701cd8927038fe2ffd335433b7cd2ec4a7aa97b34849303
SHA512 5e42f09aecb987e5595a825a0afb9ba86e6fa5862e9538f58fa6317e3d7e9b0792f44c038079c8f32d49c6ac35a6eae5038de9c1ac01abb3fc893000b3000301

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6261dcb1b426e046e95bbdaf9dbf3d6a
SHA1 b8dadc5d0497099dda6d110e1268db2c914ecb24
SHA256 8852fbaf193343f8477fe0e32c39b24bebb08e67989a09904157a4667124fd38
SHA512 eee58b174c7e852f24e278a88923b858ff3e5654603b63bde05e853ea03535cd46aa15c5511523e303702aa6f40cf7354e6760c1f5752a4efb9b622404bd0966

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 98f28a52af13ca1fffaa28240beb2086
SHA1 7ab148459f5ce6edee32dadb9f5576d76c3907cc
SHA256 79de2c57de1c90617346826f494386b1e1610cf6c9073641ed083643cb9bef6f
SHA512 623878891ea806bc6e932fece628d2051e7067ef64afba7b3a0f756d41c17211ede9db755e475da779a3d8f8fd5d07461cd89f80a4566930575be109c74b4bbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 42324c3e640cffdd7e509f7bb51c3d73
SHA1 5391ad8f81e6292435c87b26d8fa8f8daf7c004b
SHA256 66078146f08e9e8f65b1e6328d22d2d96a86a6667c629ac5948d79434e8bc5c6
SHA512 18684e40831a9c0d0e5105ae8ff366ccb40b945ee33b7eeb302d1d16e0f56af01727617a993411604755840a58c85a2fb8bfc7bea0c5043ff7fbb5f5dbd97053

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9eda459fb5f3a2a686bc734b4939fff
SHA1 5d80655d674db5baacf505cf850c95063dd03bc6
SHA256 1532afc175a16fe1da4d12bc8567e8379313dc2cf9a1b509bf0e41a707776245
SHA512 a32bf3928e634014d14c5a8af5b63b0ed19a205cdb9ea4dfb336982904bff363900327174d9f52682d14138619ea30adb8f0e6a89be3bdf3b6ba881384a6c23a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5891ea.TMP

MD5 65e7cdeb16aff2ed206fac34856a395f
SHA1 cda174bd3045119cb2e8c739515d98c5640c4d5b
SHA256 509410f34b264579416987ed3a919d78a6d23898d78de8faa541e55957e37760
SHA512 0f19b7bbfaedd75be0aa67f031184ce898868c6da544ae30f0fe83d0e041983d90ce69736fc6fe102f77466b5269f25902e1062b19e325c88e10238b76e0f37f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e9ad9d87e8857db390361a8e83444d11
SHA1 01894723f9bce4ab00884b0c3eb38d87a04f8ff3
SHA256 bb21d0c00a1e52ce5c644c06161537dc9003643f7a98faefac244b04064823f1
SHA512 4150852fcd5307dbfef6f0efe6a1a7606da4e18312e55553115e72b08381e972e1f6d538c56a7330b8b3f7286faec9d704f1067cfec1d5f274832afe497730c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c596d3528625d713252818144af8641
SHA1 143b70a01503f46e9aba7a9b74d8062743199e52
SHA256 ae0436f7a81d2ab980c2c615c321e8c5559decfc6711a0dfd127777086c962e2
SHA512 2ee7f9ca349673839ef144d70e5b11cb52033b0fa6877f1a1fb0c8c779d1d7e18c3b0f4304938cf3eb4c327bda92fc3cf3d1d2ad611bf170b5e4742915035db8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 75146b30ec7f0c4806d1743b5a9a3b1d
SHA1 c15b50e726bc1aa1e69da14cc61ae2878f6dee17
SHA256 e829b3f3290044135817a1a8dacfa1f87dc5acbe67705971b26feed6a65f3ef5
SHA512 7edb70602aae7ba8fe5c7c6780e23ae331a4b885f6942eb9a45fa2fa612d46dd6ad876170c31adf3c68f585bec33a5dd4172d8e8c8c2b515d0f0e49b68e67f3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8551229a4ae00ba9144ff597435fdc9
SHA1 3f610eb0b711700827cda54cb634eefd8e88d8e8
SHA256 f2c6a7cc39bc8b6b9f3da26d141c56f1a8471d68806a169acfa848e96f3a7f93
SHA512 8058790bdc00bafb76aac8eb044fa22af9faf7400b6878542890a7b3c795be1f3ae59a2eb2cc408f8086ab57ebfab8abd8125c3d113033169ceb289b027812f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4470e327bc8fcd21b3dab5771c6988f5
SHA1 c02b4664f66ee03f79916f9a6b8c516cc3b4d46f
SHA256 acec73677fe418623052b1e7c506140d99bdea7396a4f9f9a8a73cce89c8120d
SHA512 07b3ff34c256a9eea2889d65037422ff2aa5488a2f83d99279621384927cc5499203ed8852d50a5b1144fbc27a0433862eb5adc4523d66955db3db56d765b1b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cbc6853755045e7eaabe87d5d8d8e331
SHA1 3946f622d89ffdc172a402b435161b3e6878674e
SHA256 c5dc49d787cf02a34dc6bca48e2e29a1f49a5ffd12c02ccd7b21449ac2beaa8d
SHA512 1b68fad78043f66b2eb3216ed7ff47a255a2d17e192322de2ac8a108583ad02507477537c48e13f2a00227ae8b69a29b2eebecdadc2d619d55fcfa58d4c15770

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0e73019faffd4d885a88b5236be06c7
SHA1 dd5109840ebfc5dc1aa77508be71d98caf5913c8
SHA256 88ebbd01efaef961a596cd023d1108906f9f99cef3a2a2a581def432cbc6d90c
SHA512 278187c6810ab17f3ead93c5472ccb0711dc04f496e62ce9cca878b1da97df436ff0741dc99ff1ede7387559268f9de7f1f058e6f9d3cd65d22643edaf818f39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 22df41ed902d418e12ef7acb92bd3967
SHA1 b77594a5259bda565e36266086349c0240096006
SHA256 c06c8aa49c20cae6330d4966c46db574402c54f153f0d8ed5f0cfa662810ac07
SHA512 1546331dfa5a8d75776bff817526b19092d6381ccae9fc00c5a4c25cd7da555ed90172f5fe7f9b61f8505eaa652b7202c7de057324288aa2d578bedff57768c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26cc108713a551753a916cb1b757c811
SHA1 6af8366891070e017b17cc36b570d3351554bec5
SHA256 5abfc4e1e8a84f8fea902035f5bba3f8c4052d34069442bc9b2b85ca382a1f82
SHA512 0d9423c808349f9c6213ba7fca2ca5be4de3124845d14c798cc8b2657994957408375e3cb71a389787f2c99721b31b38128d4d87f807bdc1227f96d6a4a9cdbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 3020c417c60d75bab45eb5bbbc8692ba
SHA1 9cbf1c694914b66e445ab9dccd9787fc39e464cf
SHA256 e051b84978d4d8421e774833fa27ca6e3ffb06e677766898cd3350e16c4afd11
SHA512 f02977e465ce26a0935ce893a5f85e00c225bcfac181ec190c3c73722329eac6257d3d4f32599f3c917d0e708d4231bf7877d029a58e6383fc090fd78cf05243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 759ab24cf5846f06c5cdb324ee4887ea
SHA1 41969c5b737bc40bbb54817da755e3aa7d02f3c6
SHA256 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471
SHA512 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 50f83e2d32121c81982d88ce1425bf33
SHA1 b8d58b59de7213cb927d08a82f7aa50866d207e4
SHA256 2bd0b15d430572df075363cd4b81447938c58fb92c632d2d7b73c348bbea0c48
SHA512 7960c34e75229d3a6ab838b85e801a59afb9cac167404bb64d6819eec3dc7a51a27f5a4bbb2787ef2cb9861f6d9fbe50c19254c44aa6b95ed816dec5a9901f9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 aea7b2a3f1405bdaa44325f05f6c216e
SHA1 2954e7f80fcf27d75735718515fdb0e8702be641
SHA256 a1eb6807ab0519de23caa00e17163c933331785288aa9672d906e2e7ea6dbe95
SHA512 ee8393fde7f6d5c2bdfa2e76be9541ffdd6b1023f44bb5cc0519faa793a3d22099df465408deed92879ca3fd0277b223505ec3800490adfcc9c6893288a20c87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe597fb5.TMP

MD5 795eaecc2ae1377a40ff93f3875bbc2a
SHA1 67f5b9e6353d86cab9518a2bbe3e94686a514e5b
SHA256 17ec67d23c7a97b90ef70c10cbe6b43725cf8db134eed76acb80aea9fd8d2fc8
SHA512 668765c1a6798a724d883499949a1dce149ee4cc1348e666bfe920454b3083d157f515813add8bac067a8840b49c72a876916588123298e8a44311dff2f1c9e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 62d5eb4512769c4285ce9c06c0b55bd8
SHA1 7bfa44ee7c65224785d3a9747f632f8e8bc1348b
SHA256 8a7d8e9b13cba03dffeb3add4227f23bd40cbb8d7bf5b497933d12758d0835c8
SHA512 bc487bc9ff67bc25d4206d804400f9403fde6177fb8803a267b8978a2929d69eca021c51e725f8c93d70794656bf0641a82c0ba63ccc0389c3ba56d7bee68470

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 1534ab46a9c5d659591260944dc01050
SHA1 321a7be32bb33dd1a3416af8a8b31e3f87f47b03
SHA256 34fdf8d97c7f6dbee87f1d255a91ab0eda31d9b72fc5bae3d8f76796a277f43f
SHA512 e705bf341439ff5808ed25bc644b70a2ac2f751a42fe7ece78879ce9c4c42ab869186d29cd2723665ba00f23b9235d416c74de1343a54c26188268b4a8cf976b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f283345cc4fbdcc4e3446a0d35c0ba9c
SHA1 a509f0f2636d2c5bc912ead3825b55de531e2ad5
SHA256 c5f36136dfc003db44a85c2739444ed5c2b99d4a5b658a8a7d4053ef88243396
SHA512 b5ee85b7fee62283788183cda887e6a95a19777adef5f2bdfcdb3d8f745d457753d352244c08b0deaa6dd85c163235bcd62e2043d262bb86df6edd2ff1b4435f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab135d6aed01bc20a3b27e167bb4cc72
SHA1 6b4f982632e41f14fb5d94ed55c8253e6e452a35
SHA256 c1acaa0708b972da7f3a7276972121c564a7bab2af6d23211a565cb5bbc2779e
SHA512 8de239c341a776cf83d947211965b2b5576c5376a583337406c21a8b086562efc64d5b76900699aed517d4a5c3b63b85118266573b47be9c17573b06185fd8f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be055d9d2e9e434bed7a5db3fbdf4aca
SHA1 cc6743000b22a6903a43102e5eb3dc031c348df9
SHA256 9dec700bc904d842cd8ca231c16309f2c5ea4b6f4286591e3a2e5c82fa6bb5d8
SHA512 fca355e97920ec1a05493628c1221e748c6b44b789d2049793d95257e833e2a24b43ebf419a094480cc1765ee29abe0123b1ced67384f4fa5fadce298c293399

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 f899ed8284f9df71e4dd43b152dd60e9
SHA1 715796f8e8c83699dc2672f5acee91dce08715cf
SHA256 8d886a250762d21047a8a579251909225f5adab2e372a7f03e2c1c8c3d294152
SHA512 49b6ec6cc9b7256a19ec18ae5045fb01118b5ae1b2aa5b6e4d9b66daca8b7b3dcbfdde84c20a416378ece260fbb06addaed2c3d6af7eaff4958934fbb81dd796

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 722bf93a32c301e8cf624549c105a4f6
SHA1 e9bebe4ac08d49479d0d58bc8ab7dafc7df328c8
SHA256 639d60899370e8686985ca43ba172add69bbabc789d53cad6eb01b022ba77b7b
SHA512 ff968460dc2569c214c2488fa751d1b628e1ab0b78fe0ab1142e64715183578ea8abdaad5f13b1b256b31fff16088ac34755224b0c64b1107d1eb4136a5e4d0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e56fe6dd59c05e89380e13412c082bd
SHA1 0dfb1d72dbc7e6eea7c03c6d4a541bae0fac8a0c
SHA256 7252c7f3c5fcd23556caf264608636795d4b91335e99766992ec315126470b22
SHA512 de7faebc5a5a0fb18c2de7f1a0bfc7f2bfcbf75ee988605939e812fde5c6ca0428feb5ff67512d92e5a152026cf3938bb54545d79f21e8cab45b52bd545fb74e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bb0061e5d8d31185ba03a2bb9fa30adb
SHA1 f4831d62ea488cff45e4f547956e9250a65b6743
SHA256 fc8590e4515209eb39e167dbe15813ef6511f0bda626e2ed51f14fe44aa18305
SHA512 bd3daeb503a0d55a8fa4af2bca76b5def78e11311df202d6c787d94055c1235a5e82fd5574276ced711af24d22546c6b0f98daa2afe6d4299af6b84813fd2d55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0193d463d56a28d791aaa4af3eab0508
SHA1 0d26cb9b6b8c98343caca626c1896bf3d21cd218
SHA256 a42b2f323e578be8fd0869aeff4bd965ea88fa4b76660afb1327af81c79df844
SHA512 84c57ac8fcf482c0e7db5ebdb719af94cb46b9c8095cb7593e0de45d89856b183654bb730a1081ad684ffcb125862da60e8078766587b6d61079b199d6486499

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\e602387055ae7b12c23fbeefeb417682

MD5 e602387055ae7b12c23fbeefeb417682
SHA1 4efa866cca9693eafb65a6babfebd64bf99037da
SHA256 8df68686863894e7f47069b854d07d6eb449269f527c09433495efb130f33dde
SHA512 87ee31aaf7929c3ef6ddad322727185efe0702f239d81eeda85ff0bc5c873316a660129aecc3bde5809de1449efd5de0f458db27610d126a69dddf35d38c27f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d25777a507ab83ab94075444897d661
SHA1 83b570601c6b8a9beace360f0fffb7968d88722e
SHA256 303653017000317081cab630af685ee0b6d79c8cdad2e6fc26dec99822d8a425
SHA512 7db069fdaaa6482f02a5fafebd16af9aceb649bd8619e128d0686b3d5ea75c5e403f6302ee9c99e0333b1baac345b55980942c61fd89823f34c8e94be850853e

C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\RobloxPlayerInstaller.exe

MD5 a0396f9bb5e0144808cc7c7fda47e682
SHA1 76bef1c55c6f288ca5988d344c4e92ee8f3a6329
SHA256 b5d35eaf2ca4befb5ac6de8680609c9a86fdc257b49d21ce4c8d17eddaa1b51a
SHA512 dd49140d4661d813501d67c44d5fedd6bdc7ce731242fb33973b0b7a5b603344682fe1bc393fcf9fe3f5ad10ed9f1de7dbc42c66ec16b84063fe535f288ab7e0

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 52a7dd7eeae7bd6842c4668916af7b4f
SHA1 3ff77020d1739c36f408bb8983cd13a6057aac12
SHA256 84ec6168166c4cbbaa26999097d4296c13db8043a987b3761962b86877d86f4d
SHA512 d5bfbcd4dc950d6a0660defb89256b18373d5fbd16ebdb5e61e893bfeb1eba7f1ad3365055921a654edbd69d1f1589ecbcf58fe82e13e1645429a076be3d7421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fbd840e3f1a9fa642c3b214aa07ba982
SHA1 179b479e23afe3f25ce551e50eb9718c9aeb14d6
SHA256 a0059eae1b5e0f845c6c8158300d904c730457666e3a4638d24527998901eaf3
SHA512 483b974fb2c6976337a37854ccfb8b3890c2ce5678b7ca9cca2f80f5784e7725d726f2ca45cd907aa879f1368ddac6c614c3bbc97c5482515334c9a1e020d376

memory/4812-1843-0x0000000000EA0000-0x0000000000ED5000-memory.dmp

memory/4812-1844-0x0000000073250000-0x0000000073460000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f03304ef5df5037be6a156a9151600d8
SHA1 7297c5bc0e6d1722dc7c9f736712937f31e1249a
SHA256 de59c2e129efcf651ea88a472d2462b306fa855816f3c8b2800146c3d965259c
SHA512 a78aef1637ff21e8886df26b4c2d0cbbb68883bc68780360fe986243e4a17fb914faa2e75042de44497bb470a6a7578118a3a25df8481517d22c4e86100ee5f1

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 be2bf7110e9bc08fbb93f673514ee7a6
SHA1 85d19e0444f1ab0ef4ef06cb02fc7c9a0ea02490
SHA256 cdd0086a50fa7edef09c608e9f2ec161110fe00ffa045678418e6e7e2173df2d
SHA512 74795aa4df1011617a7f479e7d9d974c861ac1d9fccbffd554efe25af3a3d0b23edbbaacff948c36e2e558fb7020f2d81a7404de840aacc78c1dc490ab2092ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d445325fa3e5d436db1553fda4f48896
SHA1 f95f63da3d178e07c4ff7de586d90ea5794f4799
SHA256 21b7e87e94eb4524b6b9606ace14fdeb05bf92cbde9c21268438b685ea3a44dc
SHA512 237a4dcb3773e61d1bb3166cf630dd0652eb274daeec2da32186478b1f3212382e1fba8f69b89f9852d1eb9e6521f9718f220c91a9685fa434a69be6ccb2575e

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Installer\setup.exe

MD5 f9e45fe262a291c37f52e1baf1cbb75c
SHA1 2c3a47de71610e3ad80e34fa7d0af9690d56d8ea
SHA256 76974a5e0e00af7c5d759a30b04ec614e819a4fcbe418fb1312b0426b87d0b26
SHA512 a7ea36dc3c2322f5bdc97ed4c2cf4d1a6d8261f80ad774155e557127b0b3491aa6fa9bab14bc2f65d483bb9a3680ff0c8f8920b0920b3058e0aa5f992b22f94c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 74904cab60cf4aee7081f17a1c21583a
SHA1 bd2c5f7419586f1f82106f6995cf319d2cabef99
SHA256 a2d9c86587af702511b04bb7e293fcd9d6b46e847c0aa9184559077575070dae
SHA512 78b2ffb3fea265943bd62271229ddd2dbaa961c45f5a81634e350a219f9c4196a381605c99e55f3612c9882acc72bc8b43c3f17046bc628d6bd936595534c7b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19176f296cced1a48a92c97f1a80911f
SHA1 6518a3ca4d77838dc156cbc7c4a4ce88cbf94674
SHA256 cd7e82b754edfcb72f67500e6a36ca7581d3d0646b36a071be95819f85a3b08b
SHA512 9d94beb814fbbde44a839c0191c680fd15193fda6b3fa03dbc4ed149a135582d7a55464cfc077e81add72b63c6a57251ddc198e153ff014e2e4244272c952caa

memory/4812-1941-0x0000000073250000-0x0000000073460000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28826d22d0cd499966f72651304a16a0
SHA1 456e38f655481642c053fb7529109783cd7631b1
SHA256 12dcfbb20239e3b8534409c18f2627cc585a14227d0c3bfde88cf9047662ce45
SHA512 9001c14a531289c0a2cea9eb2964460472c79bef2a7f9384a7dac7ea89f6b94d49c79dcedfe26d94be98b26fc439c29f35977bb4aa94bf2d125c4f987be37871

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9663814efe02070b740914403fdaf8c6
SHA1 9a7f3f799a62952cade20c116d808145c46c0b47
SHA256 f97ba532702a37c890d3fb8a53cdd301b1c09d04b098306c7d99d5ab85d9bf13
SHA512 faa764e6af187f7235b359d5e61001780ab06f9fd4ed36fda24417995ad72049658c2ea72b80ea0ea3ada99c730ae3c7ec9c089781c6253483eb3c245cb5fa83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e78412a1e11e2cb74a90c24cb1614fe
SHA1 9cf1d7efc0881fde1a03252f6b50db9abe280c07
SHA256 de41a5a3e9b0834322178b79dec96cb523c65c9967c6f31f4b3f7c0422b81b4a
SHA512 b20595a18e9568c94615e1165e3cef1d0db79aa29c13359617f6a0914f7f722bbc2c513cd3892754fad14153fbfa04ef3a3a87fc5c18ede8beff657b5a710992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 66ee3dad5b8d61813ae725e1359067b0
SHA1 34630c2c8a2a42f5bb4390b3007f2832adf1d487
SHA256 4e2124db02a3f551348af694c83eabd7f23f7d6cf4ab7439aeffeb335d782e51
SHA512 31f707be5724da46b50ab2bb13fb1bd71856d6c6af234d0b45f46bfcce14a6932c06a8384a5e9d7f57995de4cf70f680ac23326562eb0c3a2a0a914427341bb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 404ad44c2596b1d0978ef8dc604b0b8f
SHA1 587b6727b595eb0a4e857e8a2eef6bba75e738c4
SHA256 8a37a6c7393ac60fe3a3aa94049299609c95dc40c5dad47cd374d4a66d060215
SHA512 fdf4da39420c9081dd475012da57340adb9d96ccfdc3e286c76ab43453b2ea8688371771bf517980804e72506a575d3cab4f6c9e403e3615025baf4150338bf8

memory/4812-2020-0x0000000000EA0000-0x0000000000ED5000-memory.dmp

memory/1504-2029-0x00007FFF384B0000-0x00007FFF384E0000-memory.dmp

memory/1504-2034-0x00007FFF38540000-0x00007FFF38549000-memory.dmp

memory/1504-2033-0x00007FFF384B0000-0x00007FFF384E0000-memory.dmp

memory/1504-2032-0x00007FFF384B0000-0x00007FFF384E0000-memory.dmp

memory/1504-2031-0x00007FFF384B0000-0x00007FFF384E0000-memory.dmp

memory/1504-2030-0x00007FFF384B0000-0x00007FFF384E0000-memory.dmp

memory/1504-2028-0x00007FFF38460000-0x00007FFF38470000-memory.dmp

memory/1504-2027-0x00007FFF38460000-0x00007FFF38470000-memory.dmp

memory/1504-2026-0x00007FFF38340000-0x00007FFF38350000-memory.dmp

memory/1504-2025-0x00007FFF38340000-0x00007FFF38350000-memory.dmp

memory/1504-2041-0x00007FFF38200000-0x00007FFF38220000-memory.dmp

memory/1504-2044-0x00007FFF382F0000-0x00007FFF382FC000-memory.dmp

memory/1504-2043-0x00007FFF38200000-0x00007FFF38220000-memory.dmp

memory/1504-2042-0x00007FFF38200000-0x00007FFF38220000-memory.dmp

memory/1504-2040-0x00007FFF38200000-0x00007FFF38220000-memory.dmp

memory/1504-2039-0x00007FFF38200000-0x00007FFF38220000-memory.dmp

memory/1504-2038-0x00007FFF381E0000-0x00007FFF381F0000-memory.dmp

memory/1504-2037-0x00007FFF381E0000-0x00007FFF381F0000-memory.dmp

memory/1504-2036-0x00007FFF38150000-0x00007FFF38160000-memory.dmp

memory/1504-2035-0x00007FFF38150000-0x00007FFF38160000-memory.dmp

memory/1504-2049-0x00007FFF35C60000-0x00007FFF35C70000-memory.dmp

memory/1504-2054-0x00007FFF35C80000-0x00007FFF35C90000-memory.dmp

memory/1504-2071-0x00007FFF36A00000-0x00007FFF36A09000-memory.dmp

memory/1504-2070-0x00007FFF36A00000-0x00007FFF36A09000-memory.dmp

memory/1504-2069-0x00007FFF36A00000-0x00007FFF36A09000-memory.dmp

memory/1504-2068-0x00007FFF36A00000-0x00007FFF36A09000-memory.dmp

memory/1504-2067-0x00007FFF36A00000-0x00007FFF36A09000-memory.dmp

memory/1504-2066-0x00007FFF369E0000-0x00007FFF369F0000-memory.dmp

memory/1504-2065-0x00007FFF369E0000-0x00007FFF369F0000-memory.dmp

memory/1504-2064-0x00007FFF369E0000-0x00007FFF369F0000-memory.dmp

memory/1504-2063-0x00007FFF36960000-0x00007FFF3696D000-memory.dmp

memory/1504-2072-0x00007FFF35FB0000-0x00007FFF35FC0000-memory.dmp

memory/1504-2062-0x00007FFF36960000-0x00007FFF3696D000-memory.dmp

memory/1504-2061-0x00007FFF36960000-0x00007FFF3696D000-memory.dmp

memory/1504-2060-0x00007FFF36960000-0x00007FFF3696D000-memory.dmp

memory/1504-2059-0x00007FFF36960000-0x00007FFF3696D000-memory.dmp

memory/1504-2058-0x00007FFF36920000-0x00007FFF36930000-memory.dmp

memory/1504-2057-0x00007FFF36920000-0x00007FFF36930000-memory.dmp

memory/1504-2056-0x00007FFF368B0000-0x00007FFF368C0000-memory.dmp

memory/1504-2055-0x00007FFF368B0000-0x00007FFF368C0000-memory.dmp

memory/1504-2053-0x00007FFF35C80000-0x00007FFF35C90000-memory.dmp

memory/1504-2052-0x00007FFF35C80000-0x00007FFF35C90000-memory.dmp

memory/1504-2051-0x00007FFF35C60000-0x00007FFF35C70000-memory.dmp

memory/1504-2050-0x00007FFF35C60000-0x00007FFF35C70000-memory.dmp

memory/1504-2048-0x00007FFF35AB0000-0x00007FFF35AC0000-memory.dmp

memory/1504-2047-0x00007FFF35AB0000-0x00007FFF35AC0000-memory.dmp

memory/1504-2046-0x00007FFF35940000-0x00007FFF35950000-memory.dmp

memory/1504-2045-0x00007FFF35940000-0x00007FFF35950000-memory.dmp

memory/1504-2074-0x00007FFF360C0000-0x00007FFF360D0000-memory.dmp

memory/1504-2075-0x00007FFF360C0000-0x00007FFF360D0000-memory.dmp

memory/1504-2073-0x00007FFF35FB0000-0x00007FFF35FC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e560c45f1435cb7b5b4d38cc81a3e34
SHA1 39cc404609adfd30e7bf7908682fae660541b6ba
SHA256 e761201f8304607078a31bf38ec7208f45d844b4caa69f3746072d3f96fa8735
SHA512 a997e33aa35e1db7035294e648a6bc259ee5ffe475799aea414755625c794490728d0f7780e938200fb7de85f6515a9ce3ed9650d849c70bca7e2fadc5f0b8ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d963e6ca2b19fa8508bee09bc4df3026
SHA1 bd8169ba1a7ac81f69451de7dd97ad2abe11ebfe
SHA256 146e84ca77f107d610dd27d3ff0228ca34dc201c5bfba607e322a58fcd79b363
SHA512 08dbf1c83925eceaed73190a7e346e19743e55f5d24690bcc7541250d52ddbe79b6f0b5ea387757b752064cde9115dc82981db30529ef13423a28571dcc82697

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc8261883df83ff76262e2c7148ba3d5
SHA1 645e6cee8744e7552ccb85a06a92dd75991bbce5
SHA256 dc9da211a3a04ab7606db848f88cc45658798190e3cfdd772876f6d508824f37
SHA512 647ba05449a5148503d7018120dd3665afa4b873a5325a9d212608938db92795eb23002ee5ae7aeff67e837ded704586bb99532c38c2642655e63d1a6498c7c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 39cbe581eefd186a50db4a3eb688e59e
SHA1 d4ce1ded7f278749f71078210ef35a64503b680e
SHA256 72eb32e722648e3da130b379bfbcbf9340ed69cc62db33cc7e1f7772432547f7
SHA512 db78d2e553bc1f357ad75f9a2acc5aa1a398f7e486ad8c658df170b65501ef70e7ad89a8e8817bfb632c81f4d810ce24c125e76ad166bcfd5a1f39fb043b6bc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c4fa6406224e64bfedef7db4bea8877
SHA1 1aea86144b241de4ff45373160c17892f7ac0aff
SHA256 d341fc609f36f01900aa019891642a8e515febb29c5873fd9f0f0a0c0383df2c
SHA512 0dde6ed667df1006f24dc5eaaf22f74af0c9944cdeff4acee7d077426edd4e577228b326ea868ee6e5a1853909f7175ee45ab77d451958f845e3f81e53498dd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f45631793ac50396d49cb0cdad02f600
SHA1 94862ed9176fae362ae028038a59cea20d136aac
SHA256 d769f75fea422cf05ff416040476e3990d2d4a77e8713c088a6b268414a49003
SHA512 1d3ce1cfede994652860530a346855469c0650d60f7f4eaa8b497fecaedc9d47688c339b028043ddcde54015b147a1c73be375d64020800c3b37b62a1ccde7cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 04e0a2bc3e892ea7992c54818d221b15
SHA1 53a7a1fb22c640c26d6ec5983dccc09f4ec9eff2
SHA256 bc95f6223196e93eeb54fa23aea9328c6fdc2fc1ec46471bfea8c725d679e46f
SHA512 214495ddd5e510e22411ac52e6651a151c2b91042c4ff1cfc48301efe8459305ebc0b2dafd1909c01669990b269aefab809b8610d6ca38c9f4041d928eaa2bfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 92759ae174aacc9998ed823070497f16
SHA1 0f458847cea09c152c5ec1b7ee32b89f75daef21
SHA256 78806cc8a6ed70b68689b7c9b18e00cec5995ed114fc846c9dea735929920d32
SHA512 684768cadd16679a25cefb7366591a06c7ed178b15612005b2f3aaa9397afa61c6438046db8e172bf4245d6259a92e09b4123d2ea9e6295aff94083a60144b2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ef27941858e2c34e30f36825e9931d47
SHA1 29c5ef56c38ca6f9c67c8d8becf9afc4379ddacc
SHA256 16a5b22a1edcdd9dd3ba4f43f462f972b8f6ceb36073f0fe7012c5b3f067497e
SHA512 f47ee1f9150e9d01fb888fa7e12307dec1c0d7c38f97db3a2e164f885b0e1142072e7c16eb29024f39d950c46d005cebd477f139f79500a7e97c2df72d8aee07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fbb5ab9d2a86122e722ae7199615c4c8
SHA1 413292e181c41f675802e962faa387102b6aa816
SHA256 030e466f9741ec5d746eeabf36e1efad14d43052580d04039a8a582ad33a641e
SHA512 7335bcad8b5704a28ee9235b83c6695bc2037b22542e6de57f1d3b80e89953a11e31aca9ac8c6adad228b4de94b9baa435e9129fa390492a013743872e991b59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 af8206bc2c585798990091a65059df2c
SHA1 0835346951bbed7d92cbc19263a624bcd851763d
SHA256 daca64dc25bee780c0d9f040b85f7199198976bdeb286d0ab6f2640bcd445dc7
SHA512 492a0a0aa99a4b7746e3ae750b73529570f36561f0a8090081aab3ad8504b9f33e66a0a2eb4c7c39b4cc5480f4188e02f9013c576dbb6af87ce3cefab92acb2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54e6b31d6afab12743c8649edcbbc461
SHA1 b104901c0af2f430465468e75acacbdb98dd64e5
SHA256 29d34e79792db36d70b35abdac98e1e0e40e560b25395db31f944e621da6e402
SHA512 3489646c57e971c6161282da0a4745f9fcc431a527bd5b458e0e3eff4ac1a676d20cc05731f7de4b475923d449edf79bd158beb0b1d2d2657a85edeaec091da4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78590cf4ddb58bf828652a673c3927ec
SHA1 7d7049e66f00e480b74869bb1bc25f1c9f750f74
SHA256 d54583e14bb13d2cb360a018bacd6a3e8a5779f34191ac5dabe1ad44da88d3b3
SHA512 4762da5f6922fc87dcb7b55b265e72286c7b38e8943d0e8603c58ef3e8350e6e0b7f920440e3e32a0c913a142f00605d4f2dadbe981d513d0a71e9275924c048

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77b22acf33dd006be3a433946a862c25
SHA1 70700f76b75644ec03413588295bd0dd9455cec1
SHA256 073b509d9904084351ad72e811a0d0b56452d20ae0f7d19ddbb66603f506aa54
SHA512 261d357677d28fbc99c76ae8ef1a29f26c63cbf1744150a92f4c72fa0b6c957e0af1aa89197656b0de38dfb2e751c7c0eb56d53e3ccd0bf5591f9444f48faa67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e7fb4b59b1201b95daeb6226158b6eff
SHA1 d6000326c1c695804ba68578ba303e7abb72ec38
SHA256 4caad99ed505d0d7afdb997f18f47adc15788dfb293bc9fa6267c4d5744260c4
SHA512 9fb74b0dadfb6f8981cd56dcfedee50cc24c12b5962d4910425a9e5d4fe283d2dcb2ba3a90080af518088e66d0f441d1a7e9663071f8d0d5ada35faa5c66aa40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 715f6e05072227f4f09b3ec29a755c33
SHA1 801a96350bdc98bc895f64e6ce234f83d3dccac2
SHA256 746621548f1934150c1ed5270ad745c35a08bc46438a262a13e19039abcb0c84
SHA512 d9b9f81ef7081a9a7dc56c25c4d2a4758dcd42d42be19d4a9550737f2d187061cf589cb50a08dae4b8a16203ca430626acdd635dc763ef4ed4ff8a41796ab204

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 af0e5680311d567f126f94bc615d0061
SHA1 f6de90190be49fee923715b8cd62bb32f4ced4d4
SHA256 758c64f49b2bee63e51420dda2d15be8574d2ca5b50f701a080e020d3931810e
SHA512 64b92395c0821279795eb9bff31030377ca9d636e451d25b2c0955d8d2524fed35ac89bc6a68dcc778b3a7c9d723c7d8104bdcbdb1742e26dbb916e4fb35eb4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 679a388af958c540911e8b5675786d2d
SHA1 3a8cfc9f3788257b4d593a96813bc26f09fcb461
SHA256 d9ed7b7761ec5eeb0d090b2e9ff03d21508bdcb264f2f9f12e68b6bd5289f48f
SHA512 7a092a6f19bce9dd179c25fbb568bfacd0932f593f086156983586ac42679c3c5351a6c7c32da5d6539dff17ac34749f5da82295058c1b4ff96e44451c59dcec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b4634cbd3948325d85744bc4c58a525
SHA1 5ad661eaedbad62e823ea03e84b4bddd988b1b0d
SHA256 c35d913a71f03a6216b4a3e07b8c2e5cafbe099beb78d3a11364f39154190b78
SHA512 3947bae7b77163e040cd53518fca8cd678fa09faaa1c453b26f4b944f0a99b82541f69d359ad716b58f298f5a5ee69b03903d784eff710fdac2b05b7f9049bd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8461d409210a5973fe1507335ccf50f2
SHA1 4e861f4d82254cd6de29d902e2db309d56ff5682
SHA256 3708a9fa7feb62325a0e24c5516cf161a2bc4fe9e1311f4301341eb78ae1acef
SHA512 bfd529fc8ae219979b370524678449607f27eb6cddba4ff3f86d6753d277510e9c7e563f76a669012a28c9e9db2d9b7687ca30d36721e5b65d08859c3cd4cb3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36fe821fcf95fbc12a31dcc9d29a7730
SHA1 37f6391391c3b582ce86d168455dfa3657908790
SHA256 711cc22241273bf2e0dec1946b02eaf457576b89f291bb3f086370acab8efe51
SHA512 ce346dfac9e82f8c28a990f87c3a62cbbba656a16501e146c41ca0e3db527475fb703542a0a321cfe00511643164bfc22ff659d0e26e60c1436872caedf13b46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2fb2d9fb1a6b497ece2a863df309f73f
SHA1 c7f188e159259020bec964cf2d35db080d863164
SHA256 7e0f6db18dae4243d36f527d4c157e59614696c0d037e54e6ac02bbd03b565a6
SHA512 a9b5e2b0991878682330804c419f0032123e243c08c5019ecfe22aa21092a1464a8e6467740277662712c3330935d8000d57237a7b0f28525ad49ab3433e0f3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4e0f198b9c33deba74ba3b4dcbd68051
SHA1 84dc80e036e51d8b5e7fb6da3720bf5111e8b416
SHA256 2172fa89c673c75803018fefcbb2d448da27927fb0aab0fc678ae30f63d11291
SHA512 e7d98a8a4f1b5315cd4a53cf1a80632eaaac6f399d6fc23e3e4fee8833f2e905de90845a27fd0b20f816ef675c58cb1be2fb02408036bca178ca1efb08369bc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1bc02451-8d35-40c2-82f7-a70835d5f105.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6a0abd48d91cf93adb1694baab4f2635
SHA1 1d83c9145b651c75b750e575bbd1e8ef41f38f79
SHA256 f4cc49a1525c93c3592224939b2033639423262a570357b7c5ca8545a8babb54
SHA512 20d69c8314bf88ef77fa0829899eb6d114eab98ffdb04eb2eabf4ea00b557cbf9c628a40fd0a239888c8ca72d0111af3ccd1facd67194f992299f030eaece709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27ae72c18177723b9535393bd143912d
SHA1 592ebe013354fa6253f45d057527afbd09292559
SHA256 c9b8dbd6d9b626a3cdd413a3523cc514498c54f1a638083404320c762a9467e1
SHA512 afce302d1f68772dd705a44dc7d4a5dd5580513eb672d51724cfdc8ed86af16a80c67790524d558e5471f3314ecc615a71c7afada0c248dc3302d580b92e6769

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PIYE1NLF\update100[2].xml

MD5 53244e542ddf6d280a2b03e28f0646b7
SHA1 d9925f810a95880c92974549deead18d56f19c37
SHA256 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA512 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 fb4aa59c92c9b3263eb07e07b91568b5
SHA1 6071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256 e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA512 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

MD5 bd7a20fcba3229735f3b23d1aa0ba0b0
SHA1 6b56a708a778f7626325164e213be7ab2fce853f
SHA256 f7f149ca20b759d4c7d5fd96b925cc99f562981995781ecb7689be84400dde9d
SHA512 70f97e94f697eb2b04eb9536db20eb181a8362cfc81334454e5d1ba4b0850a725482d1d8ea75b1cc2c1f0c35cd8f9cb8dd98694e9913a40a3c5c50d030c2a3e5

C:\Users\Admin\AppData\Local\Temp\tmp2592.tmp

MD5 5b16ef80abd2b4ace517c4e98f4ff551
SHA1 438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256 bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA512 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

MD5 c2938eb5ff932c2540a1514cc82c197c
SHA1 2d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA256 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA512 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

MD5 9cdabfbf75fd35e615c9f85fedafce8a
SHA1 57b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

MD5 57bd9bd545af2b0f2ce14a33ca57ece9
SHA1 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256 a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512 d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 b9bae1634293d5e9c421b9ee2a211de2
SHA1 1231ecb3bc80aaed3514ad10626b2bbb68dbe959
SHA256 cc8d5882cafc61c7a587bb7f9b44d16f78a70fd034767103a6a127b7acbc140a
SHA512 91eb506bcd5b91c76189d43fda690fd7a257fd1be807230eff3f82a143e777a1df4c7cbe59aba9bb4530e140c26afe6d18a6181524863ce7b978c64ee47cb161

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

MD5 a9ad77a4111f44c157a1a37bb29fd2b9
SHA1 f1348bcbc950532ac2b48b18acd91533f3ac0be2
SHA256 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889
SHA512 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ccf849ea937720133835eb32004cccaf
SHA1 bd9041471d2b02616b9232ecb872c1d54f781a54
SHA256 7350521b1aa7854cf2ac6c609c6fecb3b507f1dd174212cb93de43655ebeaceb
SHA512 ffef5fbc6b3184c98ba13e78e67da3a79807919ec63031b289db5dcd8d0dad3f67f3895f17ee11706cb0aa49b79ec1ac2d702a132a44fb06b5c63ab653ca3336

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8cfa0ed4f8141099549042029abe1b62
SHA1 bb454d339ece6f6b64c94a10e2124e3c49885682
SHA256 86f27f21b57a72ecd56663d3322f9fd2e6242109974b17b321caf0a5a5e5c1de
SHA512 e0becd16f538a85e89c3b8d43751fcd640f763d23898dc5b78bbadd4c0131a0f3daa2a024678fe941bacae9bed5e51baa8522f876329784bfac50713ae7d0348

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 40acfcc2c872aa3c5c100045e3c86d0a
SHA1 1026773830edbeb8efe35a2bd8df654e425194bb
SHA256 f2feea1eb97d96051df3b9b33b0b389ada75e86df9a828c9d74155bb646eccdf
SHA512 e40d4afe5da9591afad5fb77b23056e1966cc6352df6bedeadb821a857ab27b89b5ae6c590007ed8e526d6760c35f9e1af2bef0d97c3d925af605a97efb05b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0d3cb1a588139202ad459e71d6223e94
SHA1 ee4b482100c42f8defa245c06b94261b6acfed15
SHA256 3fb33dcebb3aab67a44b592f2730ac8b5a4ec7f01da20d02fa6f725915a29d99
SHA512 2de0f99df63efc6cc32b75262001538d892dfd8656f3d5461af84c2fca46019096b963a9f97de9359d8014480e6ac233d51dcc19b2a14fca080ad0fbffa9f48d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bc3daf244ab2ff2f65875011f56dd69d
SHA1 f0645572df98f8323bb53509be20fbf26e381246
SHA256 249b810cecc7157f7b1299791efc3da6cad801f7a53d5ab06fce5927b1b3b3ef
SHA512 1581f30e2eb8cb0bf6801efdd5a6886df931befaaccf82073287fed3e9f2afbf21d57f3118d032505c7c713451df2c81392a5f8c012b847a25fa786990396b60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 313d896687e8c1af1a7f559dfd441c52
SHA1 d3de0e30033f56ee274230fd329ba260ea347587
SHA256 fcc05d606ae1fe0ed2d79a9c23b8b01d3c811d1ba657f1267cc0505bc04375cb
SHA512 4a3e9205dc85bc906ec0cc132118e4c8b0c82d4fb0fceac38890ba51b9a07893d69f4c34e9a2a6d24d5a5bb018fac4c9edc68a98a9b577166108a03a52686203

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 683212c38a304e92f0cb8cc21bdb2225
SHA1 e629b762634c6582863338d7ce2f852970a204f5
SHA256 db6c8b7f5474edffac9a4da962f9a4da0745dbe0eec216d141517862bcf6535c
SHA512 e577f373265523b67036ca6b05277463178430c577da8c87f1024f4074e7228db81d2ba9ec4550480ec7f8abd72394bf4dc000e1973fc1806b78f591eef139ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 302c5f1e4c78925133fa074097688bfa
SHA1 ebdc89b357692c986c35c5a3a2e05b69af4701c9
SHA256 a8e9d12f29655118eee0a5ca3e568189eb02ce30dd3d1cf340c84838aed2f5f4
SHA512 52b84294e405fe964719eff176f293193b6adcbf10e6e9b0ed6e4b26da48ed31a2ec6752fb30df7dc73b1eef40e94934162e47f73c751947745a770718ad9e03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f67e51fc8e243523db4b8928fa53b664
SHA1 ec59323bd5c5faac13e0f735e5b51984e7b3453a
SHA256 9c7c43d82945a6148f67a0baf3c563856f6ef5495d9af4e7faaad1d90a82b362
SHA512 57505f9fe4833f06f71e3f9012c7079beb7a326587fb288ed1990ae52b4b6f1d36e3ee493ae0b7f864835e69edaa2bfdb09a49d19180b3205c51f2d02923644e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f7b8f45acb71e1cfbe868fb596c8aa1
SHA1 38b8ed27759d42b8acd74111a8a1787fbd6f8d4f
SHA256 1768da8ab0f486105ffae987c63975d06856841bdfa84e1eb3491e5003cc9011
SHA512 7e2577b81d83877fb04ab87cf776bb5e26644d489e8e981c986522255401adefe8ccb70db96c990d0ac2ba1f6003d801df7ec5bff7b80e34485e12354d1fe2eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee3595472a1a1b184df614ed79efbdc5
SHA1 c139316ff186c5a7f990099e535f93e35d1b8baf
SHA256 4dcf550abf3fb06e50120c67ec5fc1afad4f4c04352123de6b284988f9ee77ab
SHA512 6d164f941687ca437a3b427330a3effd52ba56cd22e87a61a527bc8ca9b753731ed86849028da9939612d4a240f69d9bd63ac2ab0c2e623a49c2885c16604174

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd3cdf2e46bde71c2fefd4ad6b8a4d7d
SHA1 35cdfcc2ea5a2eff0f4287cfb6baca2c5c411146
SHA256 a048bc0e950296cc21e357fc9e43ba6c68a5c0b3b090061d27a3724e45a04f07
SHA512 4799d4132e1d1bc8607d886b3cf268d25a6c9648399e0d3d9ce286cd58b467cbecc8df0776b3150dfa3b1f83b084722a7cb592dd9bafeded6fcb28ab12aa8f02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c1f954884dab83bd3831b813f88771e8
SHA1 c7b9d8ebd598a2f8e64b6b3e1ee07afffc2c4f26
SHA256 2c59b7ab7b71a2ab4fc953a11be2a8fe351b5fb58f919405e8de4c5ef870e839
SHA512 da91c34f028048882d5dc63295945ab24f9309d049b991449c8e54b103301947b23fec528ca6aed38d7dd7a3216f292e565040a97f47a532e1c2e0c2dd1e9a03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4e87eab200e9fe67cbb057940dfa462
SHA1 1dd04cb9b731faf1fe9af14669c87684d8bff3f0
SHA256 7bcb344f37597e8fa3f81452ee18b0102e724980d4fa5f846ef3b3db115fd120
SHA512 66ca6685730729842202f1377a22500a67e1cfe2f8d635aaf01bd5e355bbaab49187da5b433eb7517a774ed96e385876a96bd097eba50ed4c16b3001f373d6ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ecf281024b910414e5f42a21865b917c
SHA1 bd1335828f24e0ddb3bccbace4faa08e5f7b7e04
SHA256 3884c688b5caa985ad487f055d5c51efe805ce3409e31d5c7a7ab4577799cc2c
SHA512 dcd62f3d448c82c5f3a9bfba00b226be18b097526cf761332f4eb9b9c3e71526ecb99db6e24f759f2d078c3f123bafebb7b09274ec3a368fe7240c1c1d663169

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b6f48def1ad0dc727f479ce8ffec8a6b
SHA1 488a3d7c23f20d7c90d9cd3010d31836d67b4028
SHA256 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec
SHA512 ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe61978c.TMP

MD5 626a545748fee567666491add8ee0733
SHA1 734e59f8c8e8cfcb74a63e07cb68b60c8d305956
SHA256 c7a3e8872201f16a2d1b9af53f4e3824a027186eafd080e89e8c50370123bf09
SHA512 06cf565ad96b0ac8c21e7c5a78b4d899cd3578af669c05eadbe18259365fb7b94b523e2f23df303636f5d87d36ad997e969459cd126334419c771f62f4e50cbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b0d91f2f43fde43dce5dfc98457bf306
SHA1 6a7074332732b5cf1f9929a2922734609bea316f
SHA256 1ebb13f3e5c6ba3cd5ae0a1f17b93c97114824aca6372c1465a07a2dc1e2bee3
SHA512 ff58a5986781263cdb6016331436cb65b713445f99d11499971f7ec62d177f8c6394a87bee2534fbc91ecebee564987afb9c086b8497403397ad6d4f94221e2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbcf85ad6e866c3d675bfe94932ec0c2
SHA1 b349c40befa10e00631c8170b79c2b340f4cf728
SHA256 1ec5b3e0657de0f34a1ddd65e2387801a3c9fdca6b4fa3c8f1fd59bebdc7ba17
SHA512 7e310d83e35f44c6a5fbb6c5e67968ebb1898aeaabf6023fb50248cb945bb94ff6351f949dda7d334136c036c711f319e2121effcdecb785312501ddc62aa73b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ed8ef65728c074c6134ed8b42d1ba480
SHA1 e3c2b678978746940e26c098f2577ea1f45e8b78
SHA256 be7b82c580419756b835fab8f69e6c7ff3b9eea3c391681747924d4a6fb94121
SHA512 3fe07e7b08d152be594708bdfb7f45814bd63fc8b71b1237d86093d73269e64942ee0e96adda9e9a919c33fe7dac829054cb1d8159ded828e2d9ee071ddea212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 992697a343212a7fd34c72047557356b
SHA1 8128f94ad6d3e1fbd88d17b7737feb58a54e96e9
SHA256 05fb89fbd62c5c70193fd128816f5c7342ce843ece73823675004caac2077b6e
SHA512 229dafe97c66ebe46ed28543621bedc1e0bd2b10bfd48bd51bdb256e354076457da5d6a268936c1a02f08ba791e1e812fa3fbaa8d0e4f609a676233222e34acd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001b3

MD5 e78f9f9e3c27e7c593b4355a84d7f65a
SHA1 562ce4ba516712d05ed293f34385d18f7138c904
SHA256 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA512 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 431fa6e298168e29be3e4006f32cbe06
SHA1 a1d58f004af1719c77a165a36ab91293e25a44ed
SHA256 6d5e94378e38205cee1bef063f1b15acb014353c756df62f16dfbc39d70a4692
SHA512 dd5699b3022743fa52fda97d1092ffc1a7b854d37a4e08ea22c52d97bb40626d3c7afc6bf23d7387f4670427f29147f4c5c58e089fa48a6adaf03f96900ef4ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 729010f300f4d33522ea4b9d6e9f3869
SHA1 466c4c5c9f73bd2a6fe597ef9b8697550c8cc75d
SHA256 f1056d61fc4d713ebe6ef6474b52a763a2bba1fca83f41b100f76a173fee4483
SHA512 7797c798c39c79d177d8f9e15db219ce6f8ab9a36e82ae580864e47bdd77868a9063260c20ffc83b992af59e23ed0a3d18a0a341b971ec608d6c7b786ea45cc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6143687ede9ed2c315d40785cddb356d
SHA1 58beabe86c0b844a22b171e98b60964fec9ff81e
SHA256 d5f5742328c6c4772f7a38d57fc4dd38838667f585e4a204988bafe566a8a1a5
SHA512 80a408d899d292d38502cf95b460bcc18c3137aea272e82e13034d525443317383b2658b487fa52f32ee7b4e59588a57e3d72ac765dc0829506e3c341314b656

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9f195f4e8cfb71a5ecd191337fe70581
SHA1 7620b1abe2aa840163ce9944726cb2e725846dab
SHA256 5622d2b6cb86e2b59cc6da471034a2931b1bdd57a2ff091868bf623f77f03b28
SHA512 ac7d057bee51cfe34da01a116335c31345cb6f6202eb7a05c2908ab28bea956da709fb96849cbb6c3958ae5667480fd3fb5ec1e12a1c0cf8793e1b3740480420

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c27d7d61a16583c6ec957dc0354c8327
SHA1 bb2bc284d5ccf82d15607fa12d7cc3f30f344619
SHA256 ef27028d23780a27ca0dbfe87291f1a1f66e9af4fbe84ebeed7a5cf0cd244cd6
SHA512 7424d7492046f53c8949cfd108960ed069605f9ffdfab9167d09124b3b45b3bbbf0cf2c10c3b0c3a221437c07101b635372b9e411eadf43ed57edcb768ea83fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 565280254f412f04e411f5f57d8d5c5a
SHA1 8e803311f1dbac9444461b85902c6e349d2b17a2
SHA256 5432bc4f91da2a8362d114adbd9c12e070116ee3cff3c9985a239ac0034fe183
SHA512 5a30dedf01b4f6f35a9cbcf7393223cb836a81df3d0d9c92417c2f5419f2869f8a194db0ada211cebc7efcaa9a82453fdcc71fcfbeed4d3e9349650088e3eddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da55bb2ee146c7fc7fba3140a38ee38e
SHA1 24b016b0c42e87280a7db8dae18aff6aede34676
SHA256 3fc3864eac2d20da7b54739585c380d9d987d05ce913001e8d96c43493f5ffae
SHA512 789731e5e83b1d150e06e441cd4ef0250c8aeee392b70734da40fdc63726bdfd1d8c59d75bff355af2154409b3a49c6eab156d98511f492f707caedb491b36ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\76ef9e5953a1ba4578548bb32235240a9f0e0ca2\index.txt

MD5 65f87134722b8236e4ede6229eccdb02
SHA1 82264a078a8bc460a5ed538926546e76dd32b822
SHA256 86d726c1fafdb2ab1ddbc68c1a28b3396174a67b1da15237abf07e01ece699f1
SHA512 a69fa6930faff5491c4dc01f1cd9f0a26c4402e6d42d7ed959c245f0535065f1e5592887acb9cad66d27712c31e3cc45802622c18973eeacb5f914aa56fa3084

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\76ef9e5953a1ba4578548bb32235240a9f0e0ca2\index.txt

MD5 e6c179f634c5c19080fd402304d30989
SHA1 2dede3a532f3a1bb4ca34da2d5ff8e91888960a8
SHA256 f8bdbcc343f7d3efb4c023c78142bceff409f79a2f9b5f2fe03fe3db4071b26d
SHA512 ad63725ffa97ee11c4140adebd84367ffcc6630623031c12c10ba710a5253ffa69c5f4b6493727b8ded60775011bbd9e2d514ea41340fa77bc717083dab9c885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\76ef9e5953a1ba4578548bb32235240a9f0e0ca2\index.txt~RFe632725.TMP

MD5 1449af398e4eefd9baaead0e6454433e
SHA1 c6df7996f2b14efa5accb40aec4536e32522b4cf
SHA256 73158e771a25f16d6b45f85240d4ee9616fb0c2b7878173d2d56d01be53ec5be
SHA512 9125287ce163d145cb3da46e29ff0ea396ef556a9de0176c26bb2a669fe66bafff8f6ab5583ec47d0583818d79a1c158cc38c4284ef08b922688e52199b44b79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ba16cc158bc7db6a8c32b53d6b08dc8
SHA1 5db2b5c6077a6d54739ffdfb32b2e142215c9942
SHA256 dafe052f98a4ea92fa3ba85cd14c589e3dd129747734316c6d13ee136bcf8d89
SHA512 ca82310ee24898498552e4efc290dc3549658add11308af9cc82874844be370ad6f18fe968350e1d36871600c3bd75ca5fd60dba55fd3ba52f0933660d16960f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5ad874c05c4eaff37bf82be91d8ac815
SHA1 53ae2800032e9d5d46bb3c576a9a36bb3c169782
SHA256 86b9495ce5f28b841df6915ae4c50de1ccc13e5b21f31e944dac048ad5e50ecb
SHA512 ec382e22c7304f2eda60ca767ae1f4644a355a557c6c0690b20f6be38a74bafb93b43df007da8c9906d846dc02730f65afbb52dcc6b03a25e117c6e4822734ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6998c3ed220d994d1156bab6bb8c819a
SHA1 12e6b5fbbae2920506ea2bdebd27842c55da5a0a
SHA256 8899886b857cafbfe7fa71b4c66df7b38597d43a059217a0c2b25336878324c6
SHA512 c37172bcb07c5def7edbadc409fc98d913ec09f92dee01b87d9c68529ae6b033b89c33d154f16e8aab5726d9f8183e13ba1101e79192048bff4c5a09d6967f9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb2e715683543fe1f17dc562325997ce
SHA1 310d79ba634bbfd52a033e865ff1a3ccb082efb0
SHA256 00a72aae0f3845201931379161a530db20cc869e4cf053e947a1d97f120ca8aa
SHA512 b9500efdff54190bb1eb8c2e927dd16ba1f16e78a52e76a1a97b5dba2e74c2b8bc1cf330ab2d95506b9f1fcdf90396ee10b6802050796a6f9e7ba05ce833ca21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ee52ceff36a7592bc744ae1eb1c79cd9
SHA1 aea15ed32b64bac0dacbc94ea72c4178ad27457d
SHA256 3daa54962972377247f0aa15305c70edb17e7dbd6696a7dde6c9fe6867ce72f8
SHA512 076266b7a2445ecb494a9519f58eb021a1221d25421da2f0a668d1781e33edb6c51edf3b650b4de4d4f2b06235f40c2915e549170df5aef739de2a6d3dc9061b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f1a0ab59f00fd4d5908fac92d909aca
SHA1 991cc7ecb20b4722a699ef77e266f4765c5f89ad
SHA256 d80bb60979b9d759e7f4b76952b097f6c2d2462aa3577c0c6a96543eefc616a6
SHA512 ee309d56a46aae935cdb135ab73966b17b1ed66d12067b8e1baef12cd22437630fc6c6aeba35ccca3dddb6202d6d23d67dbb3f090ea4cd8c02bb4a2a82deb8c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 237f692b3662da58807db1be7ec92d8e
SHA1 2ed8cb21e363d2d49562ca154f739820847764ee
SHA256 ed74212adc5caa2c2cd10cd38c701c2c64ecc8d6cfc8134bfa3abacd23240bf6
SHA512 7530355e72cb9be5ee4453640b705e8f2db9fb1c7b3a6132796ffdbba243dc1062c4065e42433ebf808d9d243e95eeb64a4865546575dcde7b6fce0e91591a0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2a72ef67d2b70efb46ece650501fe6e3
SHA1 afd692c2b008f2a960e1c67b40391969cbe0f671
SHA256 de8c14fe34b138d00d7f4212bb26f79db8ab9e4cd0745039b63d4ecde004910f
SHA512 8bacb4e2af2748fddfc74180f61c57e2cb583e910816f8a02110d967fcf30ffe9d2c73f2635f86ecf706e2b89f96cc1bf560eec5083e3ae233b473d8d489436d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\80b8ff53-71d1-4358-951f-a7cd907fe880.tmp

MD5 979190314f450e42927ba45e1a88a32d
SHA1 ac6564b3a3d90d2fff467358d9c3465607bd2b75
SHA256 c852c6e90898556019668ccc6a4e3e07dc25ae24bec6217b79bb2175809ecc34
SHA512 d9420596e712599b0f818d5d3e8e1a56c7af113818acade1ee2762cf76e5b65a0604176f4934cba7688fcee64f0a273c911bc2fda62ea0fee58b1c7fda249fae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 21b4ced462eea0c564d488b765b83882
SHA1 f66a2488c01354a9f603ae5253dc03be729cc7c3
SHA256 c9acc16f8f2a2f5afe00c2f67825339992977a45e751126dab04308173f204a5
SHA512 7aea14342005a79b55e9ad0ce6cca91a9dd5c13cbca64d3449544dd0aedddb68b0861ef40188b5f0b337f42f547940cfe731bd0b7b38f78cab754925baa62b51

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 503541bd32a9f80eecbf7a5156970163
SHA1 ccbb0b5b6c9aecdacf3d3ecd6e1c11e38c140d8e
SHA256 7a4c2c0ab4e5abd57c796238c214eb22136fb347bca8c08a94ef78386cd493ea
SHA512 a0a9a705d49416ebebe94535b1095ca4a0c178fcaedf6edb6c8d271690240901791e9571f5fe6de22142495cf11d15a9b824ceb29d3679aa0fb0f456983aaa60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 339bf10fe817d79d3cd83b1a8f395554
SHA1 17d54fd82230894b00a835f3f4a5059e29092503
SHA256 027b0384ba8ba2f511601598c22d1ece168224d49b3649bbbdec8ac127bb0657
SHA512 2acd27d6743cf6b7e5c88761980d30a46073d606107225c810dd6e1558d364fb856394406b03dfb8715f9bcde1a57df7c650d3eab43c36f98cf7bcb7c32e9192

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae3be6c34e5bb0a5368e6c69553f9f6f
SHA1 45d1a9afb03fb3a7580812ca0ef972ef36ef479f
SHA256 548fe23eb6829495d0d8eb4e3ad3afe918df6f836a0bd91b7112793b471f9cc0
SHA512 dc735a6de61cf36833a1f5a81b71bec794cdd341ebf69d559c2dbed20c378c0566cfc3a46dfa40a42323707f051557b2573858c0b2c0791bcd6ef2c8ba606e40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55061e6b1a7b2d348e7c1757a1aab7ca
SHA1 295f0483ec085b136cf72b07d4737dae10ab5edb
SHA256 9915962c7d5e3df7656966b31d4a46b33d096d16bf95f2d9e583a313d90f5cda
SHA512 25aa1082c6ff4a9eef3fddac542dc1fc6f142fd6ef40c6f50d1b7daf930fedcfc872d0d7ff03ae6862b2878de8bd87596cb8b3931f058171005b365feaaeae8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 923e5ce831a8dae2d311bd2ab90387af
SHA1 115d75fac6dfe30ae502e43d773aa649069468d7
SHA256 a20f01094cfcaae125b9ff18e56ed6d51153fcff684aef505cecd6afb7aa338e
SHA512 c6df88d56125ec374066a956ead82df7533a10d5ae105bd65acaa1920d6fa1864d4ff323772e1b81649a911f4d3c3acd0f11278d73f038a048c24e277a2a6db5

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Installer\setup.exe

MD5 2db3410f16bfb551b063112f170cfe92
SHA1 4ac32b5efaed17e0aab5146774e0a90dd912b0ff
SHA256 34a13e267b18b462cfb5c2b13c822d2b7d06b631f0e3257585382a10ef379c72
SHA512 e499fd5fca2c9dfca23b11a651a647678d814f7e64cfafd8ce0e3a88621655f7d75eca8fdaa6d1fd248f6549f544ea91411bb7544420a662891fc2cb231bf23a

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 e024641cc1bbcd3727a50615af5ea930
SHA1 f1e9ce3450c9a8731e544746f656ec9b666c5612
SHA256 a7eb7b98587d87f5d40089a2291caa65c3febac679dd883d8a0fced9e2c69ae7
SHA512 abd4d95fc75dec1a3cbc5baae25bca82f2fb5446c18af40b6421e6c4d7b65a21b6c4720df87232dfe9a87adf3ee6eb911af074fd701704ee0a5980d581e7499d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 16a515cb3696695a986d8e78bdf7714b
SHA1 f4bf0af1ee659be1bb448b3f84e623df91a209b0
SHA256 6701981537ffa88f9530875425d76d145d5bdc3af4d44a38c22cc39b956c5a3d
SHA512 552deebac3aa06d78793e5762aed5fcb4c961f0a33425b7f5fc1576bab9f3809f4a964b444387bac18b1ece3a974bfe59c4e338320a8ce1e338dad04aca7f65d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b0f5bd9044fbaabecb4c7c7eaadd15b
SHA1 de55f12e3ac540d51277ab7b15ea0a2d9bee28c3
SHA256 41a46726712cf8352626255529971e26b43a1f9a46f857274fc98d4f5d4a4c3b
SHA512 9cd8ad8ad86b628892e4722e5e85f715db1b6e7f5a8f441a8048b2d7d83dfef3a5e5beb881d2a2639f9756862c81bc97ef6264a4845f83352dfbcd883aee3800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a7ceef375ccf8a5204b02192abf05c18
SHA1 6228b27357987c78c6ec80e579a250c9ce182d57
SHA256 79c8bc441f9561c9a24457a2756e78f4779e37f1fc4d4a108e262e08417ff3fc
SHA512 1c73fc9150f630b97513112ec3f5c86a24eed6d62466d0819338397acd62581b847043f97fde3b19bf04d72c9ec0f1c0fab8cb78623566c611d823061046b3ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa15e743407bdc9263c257b89642524e
SHA1 fe7315471a894f942d908b9a97bb6ab939b43c4c
SHA256 0573d339c1b45c0c7c3c8a12e9efd68fb41c81535566c1c97421572db951b423
SHA512 2b1d21982e10194748072fa965cd93fd97a5ac72793c6fc7ffa314c9a758de5a74bfc7180c1ef9d2e820815a1230ac29e32e686dbdd5c1f605f575003b40e446

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55e79c40fdb59b2da1c22f7cd08c2de3
SHA1 ebd100ce368063675e96729e9e15cdee4029b2cf
SHA256 a76adb02efb01d8ad0ef4fafdcff0ab567212f5e8e0804e2c5cb9f190e7b578d
SHA512 6cdd9a9152803f02dc5c6219f7597368f5a09d1e386f25509876ff7c8a0fec33766b0af1bf0df613cc3d3fba4ac14798fa1a517fbe117472efc1b2b2d5c99032

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b697711ec05fb149c40f191d09318edb
SHA1 d966099beb867d5aa2cbdf711fa47be0d848d054
SHA256 e8fef1910de7e6af3240fdc2c72f2cbc8108184bd150f1815296f97258e6c024
SHA512 7b833719d39fc210318673f9f47c4882a746f06f5b08ccce87522ec768599be5a2e531a74b121a335f6862796c575c64b2c342430fce278de6f7064f186d59f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1235ae59317311c0ae1d0626143e5bb2
SHA1 cf8d5623fff665ff8128d61e73a7a93ab12ebd60
SHA256 951d558c18d4f1febee0ab6efc748f89ffcd25e5193ff1baa33fc43d113fb287
SHA512 e590a368c1171f9f1b50dace434b545c77402a39cfe1903d6e7cc0f83e7380d50117061f1145ca55429a41df9f56ac2c8594137d5f273222099820e9be3355fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d827ac347e4ae48a2efc4d58daa51fc5
SHA1 68fdabf79eb3ce5abaf1cc6620f551ec5119a9d5
SHA256 794d517e25aa3ea2a0315b016722a83afb7961d9a96105491fa1848865824181
SHA512 292c254412043bb0a49e8776ee6187815c9a20a1f5e0b6c1fbd7ab9af15bcae88ced14dbb2952b99fa643fb879d1f3dbfbe0cf1982e8c9cab833e4d35f7cd255

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f86d1b4c38e002bd0b9be6204faa0890
SHA1 5e0749946b4d257cb0d57237587740b7f9ff4aed
SHA256 502062bf3ac38a3ac1101fe2104cc38b93613c50af5cc270a3cf301dd2a1244e
SHA512 643360e90844ef9620cedbf02ef90639d9616c111b015cc307407e13cb2e0173552ca7eb2b01f5ae52eef4ebe18093b3abb014445c692553541ac769a27eddaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e3f6c91b6803f6ef5542c9bab07706cb
SHA1 cb9e3856406608b2e03c147f32d10f935cd1cc74
SHA256 8286f03fa774227e7bf86a68d7e27bc49c25e668341bac76aee7c1cad5e8c69b
SHA512 257a725bd4efad8af70680a9bd17cc6f207b78ab82716e86ac75215ac61958bc38ed9e0ea6326ac7e850503ef7295696acc121e45c8f21a954ecdafb9eeb5af5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 02919ca430c860a7913c49d90bfbf5f8
SHA1 1bafff08bdade7ee739307a130f13d0195f5a6b0
SHA256 20071f6e4d9f38ffc27aebd9f1f180da6130101ff3a3ca457f2736d2e83492cb
SHA512 6c2cfa8a13d1d827e5ed000e12ac501dd158ca28a5ced2b30ff6c2e9554c7d6660dff338e9f7148114a22efdea7799588cf2f1b4aa51b1a334a467e6ec445c4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2789cae50ca27042b89a305a94ed45eb
SHA1 070917f161516b96614301c69887489e39a99749
SHA256 00f5ceaa828e2ba90a89e9191b78d857c62bf396b5dc1045f97c249b712dda04
SHA512 7e2d36d4a9123c708b62ad48c48ad401eb14af9d4c8c940f13462f8a89a53b8d82992fa7d998bd82825a5c19d8c2b608025548751f8f458e9f947b9a5291a894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 397ef62f687cff5b867d915efdf768a2
SHA1 ad9e260fe9bbe6a9914c1059d2dbc43fc0df59af
SHA256 a95748adc14594caae92bcdfd9cab86cf01ae5909c4588ce409ad8999ef5f3f6
SHA512 e5c181cf63f5c26b4dea621b9abf80a271704afbeb714baf167a6c58f9b44b16db9387c163755b259d50925f544b80592e7e3ea67d694f2608d1f45f27e24624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0760f05e00cfd0ce099d308859bb38ea
SHA1 6b62f14ecc110e3af35db5985a571933ad46507c
SHA256 373992a9d194ada662faebeeb1403d3b3d69f4aa7c8ccbeddf9b52fbf12dc937
SHA512 c7492b05b83d1b05b992dd142948bee2d3bec8e9a49d7b9dd0b18e3e22890006c40ec737f3814f8d2f3b6fcaf3123d83139354152cdc27203ca391baa5342e4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 83ef0e8bf8b5d28fbf96f587282c13ca
SHA1 d748f57852ba7426574379ed0eeb0d50ebbdf5d4
SHA256 85cd28d717aae69a890dae33e4b6409a040c1c4975e6d41e0556485df51c2123
SHA512 a02e40587d1e74f2e64f1dbd201c0a1918b62bd55962a7efa3dbdea318ea974b0fac3d7abb187f953b830d350542a76065a4bc5bd5d7f493eb6260a251160d98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aae706d6ad599fb818c98df9616d162f
SHA1 ad7ecace49da1c65008b1d4486d1db606a8d20b1
SHA256 60cfcef204452703e2f5ccaf66ab8cf5f4ea9b0fdc2e06dff0f1f20b7abd0e14
SHA512 63bca387b6a4908475ac75e6d159efcb4a1e37ac60126720c39aa68c3784d38f464baac49c8bbee1f5beee70c8e6fe6f92e482eeb16a84c94bfa4ed54e284bbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 92b425b1418f730258eea1172177888b
SHA1 61fd85e947470e3354a82677ae5335fb2d2df865
SHA256 9c5f17f0d4b488302f10d4a555f045181b5cbe3dd6a1eb75429bac44f581f2b2
SHA512 f04b3a8105af51a393ba02b2344c00afa1c0ee9d5cd1e8b3404c02cceff2f58c2d6d6911632cb507ef6f1502843c9e671ce5c86358587ccb31bd5aed9ee8e744

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c573facfa1f636c3087eb0ae1bb6338
SHA1 d1ff0e804dd3585ce1baa3a617debb5f8c0d81ba
SHA256 e065f837af8b7f7ac7bcb3b44e6e6b117f8f782b2418d9d6fdbf98dc57a0965d
SHA512 c3ef0b1fd491b00b6585b54935a8cfa56608caa2d18b3d15b2bcce38a24ee319accedfc9d91c3ee02c883a9aac97dd2708d7dd459a26d7d1f8e77abe6742a8d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a4a286c5bc34b6d09c91fc4389e992b9
SHA1 cce74cfa61bff1b160c2f090d41cf11834859f88
SHA256 6ae2726ab2d30e79f2035b126bc6fb5af6de5e3463239423076ad0f4e6338816
SHA512 8a2e87518bc0adca2c8bbe3636b655bfe1a18f5780a4e734ee739310986fd33ebba803c0a0b0189a76c5b2fa5c1102e42b9b2ed2e8b17da0cd1d0f67d72bb9a8