Analysis Overview
SHA256
5eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
Threat Level: Known bad
The file RobloxPlayerInstaller.exe was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Suspicious use of NtCreateProcessExOtherParentProcess
Modifies WinLogon for persistence
Troldesh, Shade, Encoder.858
Modifies visiblity of hidden/system files in Explorer
Modifies visibility of file extensions in Explorer
Windows security bypass
Modifies RDP port number used by Windows
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Sets service image path in registry
Drops file in Drivers directory
Disables RegEdit via registry modification
Event Triggered Execution: Image File Execution Options Injection
Executes dropped EXE
UPX packed file
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Impair Defenses: Safe Mode Boot
Reads user/profile data of web browsers
Checks computer location settings
Windows security modification
Checks BIOS information in registry
Installs/modifies Browser Helper Object
Checks whether UAC is enabled
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks system information in the registry
Suspicious use of NtCreateThreadExHideFromDebugger
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Program crash
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Kills process with taskkill
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Gathers network information
Uses Task Scheduler COM API
Views/modifies file attributes
Uses Volume Shadow Copy service COM API
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Modifies system certificate store
Suspicious behavior: LoadsDriver
Modifies Internet Explorer start page
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Script User-Agent
Suspicious use of UnmapMainImage
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
System policy modification
Suspicious use of SetWindowsHookEx
Checks processor information in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-29 23:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 23:24
Reported
2024-06-29 23:54
Platform
win10-20240404-en
Max time kernel
1794s
Max time network
1589s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\BuilderSans-Bold.otf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\NotoSansMyanmarUI-Regular.ttf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\studs.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\Ice.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Roboto-Bold.ttf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\ViewSelector\Basic.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TagEditor\Close.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_bn-IN.dll | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Radial\TopRight.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\gr-game-border-60x60.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdateSetup.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{312BDC8E-D3A2-45A2-8638-847F69F780D6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\is.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\lo.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\ka.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Trust Protection Lists\Sigma\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Trust Protection Lists\Mu\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\localizationTargetSpanish.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DevConsole\Info.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\RoactStudioWidgets\icon_tick.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Trust Protection Lists\Mu\CompatExceptions | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\water\normal_22.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\ButtonLS.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\LegacyRbxGui\Gold.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on [email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\kn.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\sl.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Trust Protection Lists\Mu\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\glow.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\MenuBar\icon_home.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\rocket_icon.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\metadata | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\th.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\advancedMove.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\search-v2.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_id.dll | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\ko.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\fr-CA.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\menuDownArrow.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\xboxX.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Help\GenericController.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\Controls\DesignSystem\ButtonSelect.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\LegacyRbxGui\Granite .png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\MenuBar\icon_leaderboard.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_sr-Cyrl-RS.dll | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeviceEmulator\emulator.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Emotes\Small\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Menu\hamburger3D.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\Auth\reversevignette.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ur.dll | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Trust Protection Lists\Sigma\Analytics | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\ne.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\VisualElements\LogoBeta.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1088f3c8e4a44cc7\\RobloxPlayerBeta.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkRDM0Y1OEUtNzg2QS00RkNDLUJBREQtMEExQkQ3NjBGRjhEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCNDg3MjZGRi1CNkVGLTRDNEMtQURCOC00NDgwNzY2MEJGNTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTU4MDQwMzUwIiBpbnN0YWxsX3RpbWVfbXM9IjUwOCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{FDC3F58E-786A-4FCC-BADD-0A1BD760FF8D}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkRDM0Y1OEUtNzg2QS00RkNDLUJBREQtMEExQkQ3NjBGRjhEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyRUYxRTE4Ny01NzUzLTRBRTgtOEFDOS04MDNFNTE0OTdDMkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTYxOTAwNDU3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{312BDC8E-D3A2-45A2-8638-847F69F780D6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{312BDC8E-D3A2-45A2-8638-847F69F780D6}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{D41F47ED-F54C-4389-9E5E-67FEC9B3093B}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDQxRjQ3RUQtRjU0Qy00Mzg5LTlFNUUtNjdGRUM5QjMwOTNCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszMDZBRUEyQS0wMTExLTQwMkQtQTEwRS0zMzRBN0YwRkVGNTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjkyOTAwMzkyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjkyOTUwNDMwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTU4NDYwMzAyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMDMwODg2MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1sOEt1JTJiQVBmS2ozdVZFSTVwRzJoaU1nMU8lMmZGNE5Xb2x0ZmNwbiUyZjZmZGpUYWZSN1RJT2RwOEROeUhiRWFNWWlKNnFvMjNLeFpoN1JoakViUk56JTJmNnJnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzNDM3NiIgdG90YWw9IjE2MzQzNzYiIGRvd25sb2FkX3RpbWVfbXM9IjI2NDkwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTU4NDcwMzE5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTYzNTkwMzMxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU7042.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{D41F47ED-F54C-4389-9E5E-67FEC9B3093B}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EE602881-986D-4ABF-AAD3-8C9EF86B6E1F}\EDGEMITMP_C37B2.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff793e0aa40,0x7ff793e0aa4c,0x7ff793e0aa58
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2256" "1212" "1188" "1208" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDQxRjQ3RUQtRjU0Qy00Mzg5LTlFNUUtNjdGRUM5QjMwOTNCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTdDNjY3OEQtQzE0Ni00QjdDLThCNTQtRTFDRDJGRDAyNjZDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk3MDM3MjYiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMzgxMDEwMzQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzkzMjI4MzUtMTJEQy00Rjg2LTlGMDItOUU4NzJBMDE2NTY2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QUY2MTQ5QjgtNDM0OS00NjY2LTg1NDktNUE4MzlCRkM3M0JGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDt0eGdVQkhvbzZBUVNBL2Z5RTQ4c3lFWHF4MkorL3FzcWxHV3hpNHVmSFlrPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iODYiIGluc3RhbGxkYXRldGltZT0iMTcxMjIzMzcwOCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU2NzA2NTg0Njc3MzI0MCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQzMjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1Njc0NTQ3NjUxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzkzMjI4MzUtMTJEQy00Rjg2LTlGMDItOUU4NzJBMDE2NTY2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFRDQ2OTA1Mi05QTI5LTQxM0YtOTBBQy0yQTY5MjlEN0M1REF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODcuNDEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzODQiIGNvaG9ydD0icnJmQDAuNDUiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzODkiIHBpbmdfZnJlc2huZXNzPSJ7MEE2MjIxRDYtNjQ0NC00MkY4LUIwQTMtMjFCQzhDNTg4NkE1fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0IiBjb2hvcnQ9InJyZkAwLjgxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7QTUwQTM3RDMtOTdEQS00OUM1LTg5MjgtRjJERDY3REQzMUJEfSIvPjwvYXBwPjwvcmVxdWVzdD4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:49761 | tcp | |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| N/A | 127.0.0.1:49765 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| GB | 18.165.242.53:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:49768 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 23.63.101.153:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 53.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| NL | 23.63.101.153:443 | setup.rbxcdn.com | tcp |
| NL | 23.63.101.153:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 143.191.67.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:50474 | tcp | |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.7.47.135:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.47.7.20.in-addr.arpa | udp |
Files
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 4fa63f4ccb9b1fca93ab82e51c6d4750 |
| SHA1 | 1f26018c15ed5e14140ed44c28cf52a7b892fc86 |
| SHA256 | 685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb |
| SHA512 | a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
| MD5 | b022682dd39d113f2d5a65a172dbd28f |
| SHA1 | aa874df3d3d0a9539c53a8a0c96c4c119bae2c52 |
| SHA256 | 47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3 |
| SHA512 | d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525 |
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_kn.dll
| MD5 | 60dfe673999d07f1a52716c57ba425a8 |
| SHA1 | 019ce650320f90914e83010f77347351ec9958ab |
| SHA256 | ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af |
| SHA512 | 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ms.dll
| MD5 | 51230a1b9ab0dad791e583b7ee57afe4 |
| SHA1 | 957ba3e5d9b2df16ea3e099aab5b7e74d2055e46 |
| SHA256 | a47fc6a9a75875e75f3415f068c357dd499e533849381b875272d5994c163670 |
| SHA512 | 5a3d754cefa1ab28748cb38021b5cbebd93fe513da0f4a7cbae98c0938acb10cdda939171d0842b09e97cb4c73f19272be665f767642ba1c5b25c709b5417edb |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_mr.dll
| MD5 | 468a420700d239a0cd90b95896b0d6da |
| SHA1 | ce57e3abf57c7ae13e99546b2a5e19dec03cb9b7 |
| SHA256 | 24b304bd40f8e63848f8d2a1ca6ac8bc032b7a700161efad61ad445787650c87 |
| SHA512 | 604c4cc8132c520da70c4870514610364648ec6446afa47128ac3aa8a9157932705da93e8ed4e33d56f5191d611b26b76aeba1514e9dff1a13dd32693cfddb8b |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ml.dll
| MD5 | 7e90d4306c5768dfd1160ad9e2168a19 |
| SHA1 | 4f7b17843ad226d51cfb0090235b55a29b5a674a |
| SHA256 | 8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c |
| SHA512 | f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_mk.dll
| MD5 | 064035858a1df697913f06c972461901 |
| SHA1 | b6be99ae8e55207949076955389bc8fec81937fd |
| SHA256 | 4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6 |
| SHA512 | 9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_mi.dll
| MD5 | 1866ddadd9397dbf01c82c73496b6bff |
| SHA1 | b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b |
| SHA256 | 9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17 |
| SHA512 | 76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_lv.dll
| MD5 | 30849a9c16061b9a46a66e8e7d42ff81 |
| SHA1 | 2d0e86535d964acce8912c6bef3cc12346b22a6c |
| SHA256 | b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9 |
| SHA512 | 298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_lt.dll
| MD5 | 7071c732cf3e4b3144cf07c49d8eb44f |
| SHA1 | 3800bf304b44d9d27ac26bed6ccc899669dc3b4f |
| SHA256 | 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6 |
| SHA512 | be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_lo.dll
| MD5 | 864edbc77831a64a3e3ab972291233bb |
| SHA1 | fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe |
| SHA256 | aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51 |
| SHA512 | 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_lb.dll
| MD5 | 269e84b82973e7b9ee03a5b2ef475e4d |
| SHA1 | 4021af3bfde8c52040ad4f9390eb29ae2a69104b |
| SHA256 | c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07 |
| SHA512 | db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_kok.dll
| MD5 | ca3465347e57624ee2a5dd2299d4f4cd |
| SHA1 | 551a151a8d49489c90400e18c34633aa2c2b8a4b |
| SHA256 | 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0 |
| SHA512 | a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ko.dll
| MD5 | cf91a1f111762d2bc01f8a002bd9544d |
| SHA1 | db2603af55b08538a41c51fc0676bc0ed041d284 |
| SHA256 | baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75 |
| SHA512 | 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_km.dll
| MD5 | 2ea1200fdfb4fcc368cea7d0cdc32bc2 |
| SHA1 | 4acb60908e6e974c9fa0f19be94cb295494ee989 |
| SHA256 | 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3 |
| SHA512 | e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_kk.dll
| MD5 | bcb1c5f3ef6c633e35603eade528c0f2 |
| SHA1 | 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e |
| SHA256 | fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1 |
| SHA512 | ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ka.dll
| MD5 | 3bc0d9dd2119a72a1dc705d794dc6507 |
| SHA1 | 5c3947e9783b90805d4d3a305dd2d0f2b2e03461 |
| SHA256 | 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb |
| SHA512 | 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ja.dll
| MD5 | b507a146eb5de3b02271106218223b93 |
| SHA1 | 0f1faddb06d775bcabbe8c7d83840505e094b8d6 |
| SHA256 | 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed |
| SHA512 | 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_iw.dll
| MD5 | 45e971cdc476b8ea951613dbd96e8943 |
| SHA1 | 8d87b4edfce31dfa4eebdcc319268e81c1e01356 |
| SHA256 | fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d |
| SHA512 | f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_it.dll
| MD5 | 497ca0a8950ae5c8c31c46eb91819f58 |
| SHA1 | 01e7e61c04de64d2df73322c22208a87d6331fc8 |
| SHA256 | abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7 |
| SHA512 | 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_is.dll
| MD5 | 5664c7a059ceb096d4cdaae6e2b96b8f |
| SHA1 | bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec |
| SHA256 | a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e |
| SHA512 | 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_id.dll
| MD5 | 03d4c35b188204f62fc1c46320e80802 |
| SHA1 | 07efb737c8b072f71b3892b807df8c895b20868c |
| SHA256 | 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95 |
| SHA512 | 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_hu.dll
| MD5 | f4976c580ba37fc9079693ebf5234fea |
| SHA1 | 7326d2aa8f6109084728323d44a7fb975fc1ed3f |
| SHA256 | b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791 |
| SHA512 | e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_hr.dll
| MD5 | 0b475965c311203bf3a592be2f5d5e00 |
| SHA1 | b5ff1957c0903a93737666dee0920b1043ddaf70 |
| SHA256 | 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0 |
| SHA512 | bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_hi.dll
| MD5 | 34cbaeb5ec7984362a3dabe5c14a08ec |
| SHA1 | d88ec7ac1997b7355e81226444ec4740b69670d7 |
| SHA256 | 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9 |
| SHA512 | 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_gu.dll
| MD5 | f9646357cf6ce93d7ba9cfb3fa362928 |
| SHA1 | a072cc350ea8ea6d8a01af335691057132b04025 |
| SHA256 | 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150 |
| SHA512 | 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_gl.dll
| MD5 | 84a1cea9a31be831155aa1e12518e446 |
| SHA1 | 670f4edd4dc8df97af8925f56241375757afb3da |
| SHA256 | e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57 |
| SHA512 | 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EUEABF.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 5545e5be97dbd1f12f2b78e33706b234 |
| SHA1 | 51cfc23ccb2d5e9e8c170da7b37c7de99a071de9 |
| SHA256 | 1bef1a46fb6fb5203ded8778b0a0527c24973acb422f8dca377e8d864f6fee5e |
| SHA512 | e408f1116cb8f0f07d4490e2ec3aa43a16fed9200345b4b81217eafceb92b405fb015f3756183d33c00d7c4211f16fb6da1e7da389d65a0d36f92254aa9fc6c3 |
memory/2256-287-0x00000000009C0000-0x00000000009F5000-memory.dmp
memory/2256-288-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-290-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/4000-289-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-294-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/2256-297-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-299-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-303-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-307-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-313-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-317-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-321-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-325-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-329-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-333-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-337-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-341-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-345-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-349-0x0000000072800000-0x0000000072A10000-memory.dmp
memory/1684-353-0x0000000072800000-0x0000000072A10000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
| MD5 | a9ad77a4111f44c157a1a37bb29fd2b9 |
| SHA1 | f1348bcbc950532ac2b48b18acd91533f3ac0be2 |
| SHA256 | 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889 |
| SHA512 | 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 5bbb61534753c991973384339b447b35 |
| SHA1 | 4d8b7c27cb8d0206c691249a688f8d8cd531aa39 |
| SHA256 | 741025f81d1d6a80083831a46fad92b245316a3254a72988ee0f1c31339b2b18 |
| SHA512 | 3166773b4274adeab3e957a4b637524cbe40caf589dfbe379651565a8bbcec40d712a30ced051d2247d39073b3a957047aa75930d710338c8a3083186010f2be |
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
| MD5 | 7c44a5cba89f38d967b1f4e11225da0f |
| SHA1 | 44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd |
| SHA256 | a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706 |
| SHA512 | 25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-29 23:24
Reported
2024-06-29 23:54
Platform
win7-20240221-en
Max time kernel
1561s
Max time network
1573s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\scroll-middle.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\PlayerList\UnFriend.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\am.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\EDGEMITMP_CF83D.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\Slate.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick1Horizontal.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_sk.dll | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_2010583743\109.0.1518.140\identity_proxy\stable.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\EDGEMITMP_CF83D.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\eventMarker_border.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\icon_warning.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\R15Migrator\Icon_SummaryTab.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\psuser.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E032C28D-E192-4B11-BD53-61BE7542DDC8}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\img_key_selected_inner.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\ButtonA.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\new-message-indicator.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\msedgeupdateres_da.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E032C28D-E192-4B11-BD53-61BE7542DDC8}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sky\cloudDetail.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\Translations\UIBloxLocalization.csv | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\Zekton.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\transformTwentyTwoDegrees.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\icon_picker_disable.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\import_select_image.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\ButtonR1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\TopBar\Round.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\images.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\NetworkPause\no [email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Sigma\Other | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\EDGEMITMP_CF83D.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AlignTool\AlignTool.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\CompositorDebugger\clip.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\GameSettings\Warning.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\ca-Es-VALENCIA.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\EDGEMITMP_CF83D.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\grid.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\PS5\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ug.dll | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Chat\ChatDown.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\AvatarExperience\CircleCutoutLargeNoBorder.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarToolsShared\RoundedBackgroundLeft.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\plugin_temp.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Radial\EmptyBottomLeft.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\player.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\msedgeupdateres_ta.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E032C28D-E192-4B11-BD53-61BE7542DDC8}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\heads\headD.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\SmoothPlastic.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MenuBar\icon_menu.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\water\normal_14.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AudioDiscovery\ok.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecisionTime = f071d6857ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D75FC59A-6236-4B08-8390-60468DF3EDBE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecisionTime = 90bdbb737ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D75FC59A-6236-4B08-8390-60468DF3EDBE}\WpadDecision = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D75FC59A-6236-4B08-8390-60468DF3EDBE}\6a-4f-8d-4b-10-6b | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D75FC59A-6236-4B08-8390-60468DF3EDBE}\WpadDecisionTime = a08917be7ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecisionTime = e0bc057b7ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecisionTime = c04db2a87ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D75FC59A-6236-4B08-8390-60468DF3EDBE}\WpadDecisionReason = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecisionTime = b06fb68d7ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecision = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6a-4f-8d-4b-10-6b\WpadDecisionTime = 004167937ccada01 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTIxNkE4OTAtNkFCNS00NjdBLTk4RkQtMEVCRUEyMTMwQzIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3RkFFRDE2Qi02NjlBLTQ4NjAtQjQ4NS05NzQ0MjI1QTE1OEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjI3NTMwNDgwMDAiIGluc3RhbGxfdGltZV9tcz0iNjEzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{5216A890-6AB5-467A-98FD-0EBEA2130C23}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTIxNkE4OTAtNkFCNS00NjdBLTk4RkQtMEVCRUEyMTMwQzIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNDJEN0QxRC0xQTc1LTQ4QjItQjM1NC0zRjg2MzkwNTdBMTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyNzU1MDk4MDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\system32\taskeng.exe
taskeng.exe {60EBADA2-34DE-4419-825F-AB0BAD29C628} S-1-5-18:NT AUTHORITY\System:Service:
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\MicrosoftEdge_X64_109.0.1518.140.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\EDGEMITMP_CF83D.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\EDGEMITMP_CF83D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59149390-9AC7-47A0-A127-62EC5C4B98EC}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTIxNkE4OTAtNkFCNS00NjdBLTk4RkQtMEVCRUEyMTMwQzIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQTBBRTQ5OC03RUQ1LTQ3NUYtOTkxMi1FQTgyNjgzRDI0NEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIzMTYxNjE4MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzE2MTczODAwMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5NTA5NzgwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzBjNDA4NGYzLTFiZWQtNDI0Ni1iOGVkLTIwNmNjYmU2MGUzYz9QMT0xNzIwMzA4NDA2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVudVV3dXF1WkVTMEJ3NEdGT2s2dUE0c1VTek5TUmtIeSUyZjQ3SHNDOHFodjN5ZW5CJTJmakcybFpXRSUyZk84R3A4YTlKRmF4c1kzOWRxc3BvVzBUaE1xNTJ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBkb3dubG9hZF90aW1lX21zPSIyNzcxNzIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTUxMjg4MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTk2MzE0ODAwMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA0MTMzODAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjU2MDkiIGRvd25sb2FkX3RpbWVfbXM9IjI3ODk0MiIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI3ODEzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E032C28D-E192-4B11-BD53-61BE7542DDC8}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E032C28D-E192-4B11-BD53-61BE7542DDC8}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{940BD8A6-D625-403D-B74C-7864C99A2E90}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTQwQkQ4QTYtRDYyNS00MDNELUI3NEMtNzg2NEM5OUEyRTkwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBMjYzNTA2Ri00RTU0LTQ2OEQtQUE2My0zQkFBODc1NEY5MDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwNjkxMDgwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA2OTEyODAwMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTU3MTA0MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMDMwODcwMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Ebm5lT0dnYnNMdXpnZGxOVmRLdWpYM2YxYXI4SndHNXZhbnE4WnhvUVRkNm9RNkV3RnFod3lTbno3SkZiMU1UN0tDSVVKYWJoakYwREwlMmZOMXNscCUyZlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjM0Mzc2IiB0b3RhbD0iMTYzNDM3NiIgZG93bmxvYWRfdGltZV9tcz0iNDg2ODkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU1NzI2MDAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTYyNDA4MDAwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU17D5.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{940BD8A6-D625-403D-B74C-7864C99A2E90}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTQwQkQ4QTYtRDYyNS00MDNELUI3NEMtNzg2NEM5OUEyRTkwfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MDlDMUVCQjktMENEQi00OEVCLUEzRjMtNEM4Qzg1NUYzNzc1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk3MDM1NjIiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5NzgxNDgwMDAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Windows\system32\taskeng.exe
taskeng.exe {C6F79318-414D-4DF5-8FB3-60CFA26CD6C8} S-1-5-18:NT AUTHORITY\System:Service:
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUM5RDE2ODktMzEyMS00NUFGLUE3NUMtMjM5RkZGQjdDQTY3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MkYzOUZCMDctMTk1My00NjRCLUE1MDMtRTA0Qjk5NDdDODVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTI5IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MDg1MjI5MDEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMjg5MjAyMTI5NDY2OTY3NjgiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxNzE3MyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0NTE0ODgwMDAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUM5RDE2ODktMzEyMS00NUFGLUE3NUMtMjM5RkZGQjdDQTY3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5OEY3MzY1Ny1EMjk4LTQ4RTYtOTdDQi05MDZENTdCMDNDMTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODcuNDEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzODQiIGNvaG9ydD0icnJmQDAuNjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzODkiIHBpbmdfZnJlc2huZXNzPSJ7N0E0OUE0ODAtRURGRS00OThCLUJFMUQtN0JFQjc2M0FFMzQ3fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMDkuMC4xNTE4LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjM4NCIgY29ob3J0PSJycmZAMC43NSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0IyMDc0NDlGLTgyNUYtNEJFMC04NkEzLTA1MjE2Q0VCQjZEOH0iLz48L2FwcD48L3JlcXVlc3Q-
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:49191 | tcp | |
| N/A | 127.0.0.1:49195 | tcp | |
| N/A | 127.0.0.1:49198 | tcp | |
| N/A | 127.0.0.1:49201 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 13.224.245.123:443 | setup.rbxcdn.com | tcp |
| GB | 13.224.245.123:443 | setup.rbxcdn.com | tcp |
| GB | 13.224.245.123:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 2.20.12.95:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:51535 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
Files
\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 4fa63f4ccb9b1fca93ab82e51c6d4750 |
| SHA1 | 1f26018c15ed5e14140ed44c28cf52a7b892fc86 |
| SHA256 | 685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb |
| SHA512 | a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab |
\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_gl.dll
| MD5 | 84a1cea9a31be831155aa1e12518e446 |
| SHA1 | 670f4edd4dc8df97af8925f56241375757afb3da |
| SHA256 | e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57 |
| SHA512 | 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_gu.dll
| MD5 | f9646357cf6ce93d7ba9cfb3fa362928 |
| SHA1 | a072cc350ea8ea6d8a01af335691057132b04025 |
| SHA256 | 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150 |
| SHA512 | 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_hi.dll
| MD5 | 34cbaeb5ec7984362a3dabe5c14a08ec |
| SHA1 | d88ec7ac1997b7355e81226444ec4740b69670d7 |
| SHA256 | 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9 |
| SHA512 | 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_hr.dll
| MD5 | 0b475965c311203bf3a592be2f5d5e00 |
| SHA1 | b5ff1957c0903a93737666dee0920b1043ddaf70 |
| SHA256 | 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0 |
| SHA512 | bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_hu.dll
| MD5 | f4976c580ba37fc9079693ebf5234fea |
| SHA1 | 7326d2aa8f6109084728323d44a7fb975fc1ed3f |
| SHA256 | b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791 |
| SHA512 | e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_id.dll
| MD5 | 03d4c35b188204f62fc1c46320e80802 |
| SHA1 | 07efb737c8b072f71b3892b807df8c895b20868c |
| SHA256 | 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95 |
| SHA512 | 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_is.dll
| MD5 | 5664c7a059ceb096d4cdaae6e2b96b8f |
| SHA1 | bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec |
| SHA256 | a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e |
| SHA512 | 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_it.dll
| MD5 | 497ca0a8950ae5c8c31c46eb91819f58 |
| SHA1 | 01e7e61c04de64d2df73322c22208a87d6331fc8 |
| SHA256 | abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7 |
| SHA512 | 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_iw.dll
| MD5 | 45e971cdc476b8ea951613dbd96e8943 |
| SHA1 | 8d87b4edfce31dfa4eebdcc319268e81c1e01356 |
| SHA256 | fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d |
| SHA512 | f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ja.dll
| MD5 | b507a146eb5de3b02271106218223b93 |
| SHA1 | 0f1faddb06d775bcabbe8c7d83840505e094b8d6 |
| SHA256 | 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed |
| SHA512 | 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ka.dll
| MD5 | 3bc0d9dd2119a72a1dc705d794dc6507 |
| SHA1 | 5c3947e9783b90805d4d3a305dd2d0f2b2e03461 |
| SHA256 | 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb |
| SHA512 | 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_kk.dll
| MD5 | bcb1c5f3ef6c633e35603eade528c0f2 |
| SHA1 | 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e |
| SHA256 | fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1 |
| SHA512 | ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_km.dll
| MD5 | 2ea1200fdfb4fcc368cea7d0cdc32bc2 |
| SHA1 | 4acb60908e6e974c9fa0f19be94cb295494ee989 |
| SHA256 | 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3 |
| SHA512 | e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_kn.dll
| MD5 | 60dfe673999d07f1a52716c57ba425a8 |
| SHA1 | 019ce650320f90914e83010f77347351ec9958ab |
| SHA256 | ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af |
| SHA512 | 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_ko.dll
| MD5 | cf91a1f111762d2bc01f8a002bd9544d |
| SHA1 | db2603af55b08538a41c51fc0676bc0ed041d284 |
| SHA256 | baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75 |
| SHA512 | 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_kok.dll
| MD5 | ca3465347e57624ee2a5dd2299d4f4cd |
| SHA1 | 551a151a8d49489c90400e18c34633aa2c2b8a4b |
| SHA256 | 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0 |
| SHA512 | a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_lb.dll
| MD5 | 269e84b82973e7b9ee03a5b2ef475e4d |
| SHA1 | 4021af3bfde8c52040ad4f9390eb29ae2a69104b |
| SHA256 | c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07 |
| SHA512 | db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_lo.dll
| MD5 | 864edbc77831a64a3e3ab972291233bb |
| SHA1 | fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe |
| SHA256 | aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51 |
| SHA512 | 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89 |
C:\Program Files (x86)\Microsoft\Temp\EU4357.tmp\msedgeupdateres_lt.dll
| MD5 | 7071c732cf3e4b3144cf07c49d8eb44f |
| SHA1 | 3800bf304b44d9d27ac26bed6ccc899669dc3b4f |
| SHA256 | 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6 |
| SHA512 | be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | fe06804c1d9fc9ecb0e8e973d7dcd901 |
| SHA1 | 12cf3f6e8df222d680f23fa5818c77202193354a |
| SHA256 | 69903b5b2568ba6e31c4ce6baf158d6cf917a032048da08e49763570b1b61ad8 |
| SHA512 | 3896a386ae21d6a9243474b6d02a06c0d99fdad7c663e40710956fb7fab5bee72153a6879763aeff23df57a64bb4f07206a8adaa300d110705d3689ad0d23433 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4E37.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4cc905c4913f112e70a944e6cf65c66a |
| SHA1 | 354b288e7fae4c0e8339be922753c694657e38b1 |
| SHA256 | 61f530db94955474eaa2dd6bc48324f236b92f64ed842c02d7c9cd7d17579445 |
| SHA512 | 05091284ab67742bc8588104d6f6a9a95ac9be8c6b8629a99fb1f001031c1733b55a818161af0220a8654fc7038d7a8ac768224d3fd6d6561f0cf582c109a2c0 |
memory/952-707-0x0000000000FB0000-0x0000000000FE5000-memory.dmp
memory/952-708-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2584-709-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/3048-712-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-711-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2524-710-0x00000000743C0000-0x00000000745D0000-memory.dmp
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 79fef91941e3ad756803ba60c9d0df00 |
| SHA1 | 717c34f9eee1d4d04a893d06cfbad22625ea362e |
| SHA256 | f9b88a011199d4103cd64b04188ea8be8a33c4f1d96c860c632247dcafc2cac6 |
| SHA512 | 356d8d6f659d416fd2d78779af951b4a68959ee7083419f0a3140fc4a9cdec621a2b88d61b3672873a3e9e19cd0f3c8b79e7f62d8af7466847b3f1df52084e4d |
memory/2428-1090-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/3048-1092-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2584-1079-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/3048-1334-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1413-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2524-1417-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1418-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1425-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/952-1427-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1429-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1433-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1437-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/952-1439-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1441-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1445-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1449-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/952-1451-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1453-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2428-1457-0x00000000743C0000-0x00000000745D0000-memory.dmp
memory/2524-1460-0x00000000743C0000-0x00000000745D0000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_2010583743\109.0.1518.140\Installer\setup.exe
| MD5 | 3a92a61a6e01c80ecc7d9499abb901b7 |
| SHA1 | d89d05802d937f9c71ced14282b8a19623fca7c8 |
| SHA256 | b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e |
| SHA512 | 3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
| MD5 | a9ad77a4111f44c157a1a37bb29fd2b9 |
| SHA1 | f1348bcbc950532ac2b48b18acd91533f3ac0be2 |
| SHA256 | 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889 |
| SHA512 | 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898 |
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40245c6f3b70644693eb7e7e0d3c56e5 |
| SHA1 | 69ebb05e86f71e390d81bed2d5bfecdf19806822 |
| SHA256 | 7fd83f61f2376e382fec93e6f221d88b830a71bcea0426e4c2e12b8fda82684c |
| SHA512 | c3d67f8b3c319834e3ba15f985cedff5528f1cbc16326c996a29c42e2021e8320cd74a40dedb9ba51a872939ce7160b6205522bcdbb0ddec5673f51e87ad3648 |
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d71a1db9f62e8f4a3c7a13c1d3127b2f |
| SHA1 | f4e172978b4a7009299c824d9c95b07bb9d3cf48 |
| SHA256 | 0408d88a6fd809574d3402187b81478fa44d3a309929d4853782de6a4b96fdb2 |
| SHA512 | 8887052769e3b04ca881ebda3ddc682cc18205e7f31668eea69cd800e4dd0315c4ed048610f3ba112e1eb4ad0893a0e9ab5466882a439fe56fb1038f60ec3d47 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-29 23:24
Reported
2024-06-30 00:09
Platform
win10v2004-20240611-en
Max time kernel
2699s
Max time network
2616s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" | C:\Windows\system32\SystemPropertiesPerformance.exe | N/A |
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | C:\Windows\system32\SystemPropertiesPerformance.exe | N/A |
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2312 created 5408 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\Programs\Downloadly\Downloadly.exe |
| PID 2312 created 5408 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\Programs\Downloadly\Downloadly.exe |
| PID 2312 created 1720 | N/A | C:\Windows\system32\taskmgr.exe | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
| PID 2312 created 1720 | N/A | C:\Windows\system32\taskmgr.exe | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2676 created 3452 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Troldesh, Shade, Encoder.858
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLEREGISTRYTOOLS = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill64-23356.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\WINDOWS\302746537.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-ABO18.tmp\x2s443bc.cs1.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-VAPAB.tmp\MassiveInstaller.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Programs\Downloadly\Downloadly.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-PERQP.tmp\downloadly_installer.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-MMKUR.tmp\MassiveInstaller.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Downloadly = "\"C:\\Users\\Admin\\Programs\\Downloadly\\Downloadly.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-ABO18.tmp\x2s443bc.cs1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Downloadly = "\"C:\\Users\\Admin\\Programs\\Downloadly\\Downloadly.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-PERQP.tmp\downloadly_installer.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" | C:\Users\Admin\Downloads\ColorBug\[email protected] | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected] | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected] | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected] | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_E3375A509D9058F6A8FFB74D3B4E6F77 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f751e88-e802-764f-a9fe-9c4826c503ce}\SET2648.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\mscorlib.ni.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\HNetCfgClient.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{1a8a3a41-9ae5-4c69-819e-e542352c6359}\snapshot.etl | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A6D8662C7600817D67B3C1A03BC53A1B | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRU.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\SRU\SRUDB.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\clr.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\repdrvfs.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\svchost.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7f751e88-e802-764f-a9fe-9c4826c503ce}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_E75EE8691BB6C98073DE103A36CA5DA5 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{7f751e88-e802-764f-a9fe-9c4826c503ce}\SET265A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A6D8662C7600817D67B3C1A03BC53A1B | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_D26F10DDC43AB0324147BC4A84C025B1 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\combase.pdb | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\R15CompositLeftArmBase.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\NotoSansBengaliUI-Regular.ttf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\loading\loadingvignette.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\UpArrowButtonOpen17.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VR\hoverPopupLeft.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ViewSelector\right_hover.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_1x_1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\img_key_indicator_border.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerLight\Unmuted80.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\ic-more-profile.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\ja-jp.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositShirtTemplate.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\PS4\ButtonOptions.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\InspectMenu\ico_inspect.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\restore.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositTShirt.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\9SliceEditor\Dragger2OutlinedRight.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\ArrowDownIconWhite.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Slider-BKG-Left-Cap.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\places\Maquettes.rbxl | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\default_group.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Unmuted20.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\List.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\heads\headA.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\xboxA.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioUIEditor\icon_resize3.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Radial\TopSelected.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\InGameMenu\gradient.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\PerformanceConfigs\rofiler.js | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\ic-more-events.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\GameSettings\DottedBorder.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TagEditor\lineargradient.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\sky\indoor512_up.tex | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarImporter\button_close.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\rigbuilder_blue.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\ScrollBarMiddle.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\mtrl_leafygrass.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\LegacyRbxGui\M1Side.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerDark\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\menu_shadow_bottom.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\package_dark.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundDarkTheme.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\xboxLT.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\CityBackground.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\antivirus-platinum.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File opened for modification | C:\windows\antivirus-platinum.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
| File created | C:\Windows\INF\c_fscfsmetadataserver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fshsm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsreplication.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_netdriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsencryption.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_firmware.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\antivirus-platinum.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\c_scmdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_apo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_swcomponent.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsactivitymonitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_sslaccel.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontentscreener.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\oposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rdcameradriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsinfrastructure.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\302746537.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File created | C:\Windows\INF\c_fssystem.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_volume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_cashdrawer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsundelete.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Malwarebytes\Logs\MBAMSI.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\302746537.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File created | C:\Windows\INF\c_magneticstripereader.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File created | C:\Windows\INF\dc1-controller.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\remoteposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\wsdprint.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsopenfilebackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\302746537.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\MSCOMCTL.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rawsilo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_camera.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\ts_generic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\antivirus-platinum.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File opened for modification | C:\Windows\COMCTL32.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\Downloads\FakeActivation\[email protected] | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\INF\digitalmediadevice.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_diskdrive.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_computeaccelerator.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\c_fssystemrecovery.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsphysicalquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\miradisp.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_extension.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\COMCTL32.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected] | N/A |
| File created | C:\Windows\INF\c_mcx.PNF | C:\Windows\system32\mmc.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Main | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title = "YOUR PC MAY BE INFECTED WITH SPYWARE OR OTHER MALICIOUS ITEMS" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" | \??\c:\windows\antivirus-platinum.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A2D4A69C-14CA-4825-9376-5B4215AF5C5E}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0\FLAGS | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF153224-DA64-41F1-AA87-321B345870FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\ = "IPoliciesControllerV7" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\1\ = "165009" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ImageComboCtl.2" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2650A9C4-A53C-4BEF-B766-7405B4D5562B}\ = "_IArwControllerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6357A98F-CE03-4C67-9410-00907FB21BC7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\ = "ISPControllerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7995CBA9-83E0-4F28-A50B-DFDE85EBCCD1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ImageListCtrl\CLSID\ = "{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAD7766B-F8F3-4944-AFE6-5D667E535709}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD67766C-A28D-44F3-A5D0-962965510B2D}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E423AF9-25D2-451E-8D81-08D44F63D83F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19E8B60E-50A1-4E29-9138-A13421D2BF7D}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8}\ = "IStatusBar" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7DAEEB9-30B6-4AC4-BB74-7763C950D8EC}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B243B0B7-0567-4DA5-B8E4-A4CE22A4F2B6}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\CurVer | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A05281-DB9E-4E02-9680-E4D83CDAA6AB} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9B1790AB-65B0-4F50-812F-7CC86FA94AF7}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\ = "IPoliciesControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID\ = "{BDD1F04B-858B-11D1-B16A-00C0F0283628}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1E6E99C-9728-4244-9570-215B400D226D}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 5c000000010000000400000000040000190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee0203000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Users\Admin\AppData\Local\Temp\Temp1_rkill.zip\rkill64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Users\Admin\AppData\Local\Temp\Temp1_rkill.zip\rkill64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 5c000000010000000400000000040000190000000100000010000000e53d34cecb05c17ee332c749d78c02560f000000010000001000000065fc47520f66383962ec0b7b88a0821d03000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd2509000000010000000c000000300a06082b060105050703080b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e00670020004300410000001400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f0040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa2000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee0203000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af520000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc0f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee0220000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa1400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f00b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e006700200043004100000009000000010000000c000000300a06082b0601050507030803000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd250f000000010000001000000065fc47520f66383962ec0b7b88a0821d190000000100000010000000e53d34cecb05c17ee332c749d78c02562000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 0f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\Notepad.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\SystemPropertiesPerformance.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "67108863" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLETASKMGR = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd40dbab58,0x7ffd40dbab68,0x7ffd40dbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4640 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2432 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4284 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4808 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5800 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5100 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2772 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6052 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2256 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5028 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5192 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3368 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5756 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5688 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6120 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5476 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\Downloads\test1.exe
"C:\Users\Admin\Downloads\test1.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4588 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\Downloads\test2.exe
"C:\Users\Admin\Downloads\test2.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5220 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4908 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\Downloads\fee.exe
"C:\Users\Admin\Downloads\fee.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3736 -ip 3736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 220
C:\Users\Admin\Downloads\fee.exe
"C:\Users\Admin\Downloads\fee.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4832 -ip 4832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 220
C:\Users\Admin\Downloads\fee.exe
"C:\Users\Admin\Downloads\fee.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3128 -ip 3128
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 228
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\fee.exe
"C:\Users\Admin\Downloads\fee.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3048 -ip 3048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
C:\Users\Admin\Downloads\test2.exe
"C:\Users\Admin\Downloads\test2.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6364 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6732 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5772 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4080 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7128 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6740 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6112 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5768 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5772 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7148 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2f8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=6296 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6644 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=3144 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6436 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5784 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6400 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6216 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=1628 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=6776 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=5940 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6336 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6700 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7704 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected]"
C:\WINDOWS\302746537.exe
"C:\WINDOWS\302746537.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F31A.tmp\302746537.bat" "
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s c:\windows\comctl32.ocx
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s c:\windows\mscomctl.ocx
\??\c:\windows\antivirus-platinum.exe
c:\windows\antivirus-platinum.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h c:\windows\antivirus-platinum.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secureservices2010.webs.com/update/update.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15130729996768047237,6705561978994233809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7968 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8164 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe"
C:\Users\Admin\AppData\Local\Temp\is-ABO18.tmp\x2s443bc.cs1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-ABO18.tmp\x2s443bc.cs1.tmp" /SL5="$70328,15784509,779776,C:\Users\Admin\AppData\Local\Temp\Temp1_Downloadly.zip\x2s443bc.cs1.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Downloadly.exe
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
"C:\Users\Admin\Programs\Downloadly\Downloadly.exe" EnablePro
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Users\Admin\AppData\Local\Temp\is-VAPAB.tmp\MassiveInstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VAPAB.tmp\MassiveInstaller.tmp" /SL5="$305FC,10474064,1082880,C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Massive.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im MassiveUI.exe
C:\Users\Admin\Programs\Massive\Massive.exe
"C:\Users\Admin\Programs\Massive\Massive.exe"
C:\Users\Admin\Programs\Massive\crashpad_handler.exe
C:\Users\Admin\Programs\Massive\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Massive\crashdumps --metrics-dir=C:\Users\Admin\AppData\Local\Massive\crashdumps --url=https://o428832.ingest.sentry.io:443/api/5375291/minidump/?sentry_client=sentry.native/0.4.9&sentry_key=5647f16acff64576af0bbfb18033c983 --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\4a926501-d834-4df4-79c6-2528c1689c12.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\4a926501-d834-4df4-79c6-2528c1689c12.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Massive\crashdumps\4a926501-d834-4df4-79c6-2528c1689c12.run\__sentry-breadcrumb2 --initial-client-data=0x3f4,0x3f8,0x3fc,0x3d0,0x404,0x7ff7b4dc2fe0,0x7ff7b4dc2fa0,0x7ff7b4dc2fb0
C:\Users\Admin\AppData\Local\Temp\Update-30ddcfb9-87c9-4354-9440-7c1d8cfd7521\downloadly_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Update-30ddcfb9-87c9-4354-9440-7c1d8cfd7521\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Users\Admin\AppData\Local\Temp\is-PERQP.tmp\downloadly_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PERQP.tmp\downloadly_installer.tmp" /SL5="$904B2,15992205,779776,C:\Users\Admin\AppData\Local\Temp\Update-30ddcfb9-87c9-4354-9440-7c1d8cfd7521\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Users\Admin\AppData\Local\Temp\Update-0a6a5580-cfb9-4e37-ab4c-cd1bfcb6a290\downloadly_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Update-0a6a5580-cfb9-4e37-ab4c-cd1bfcb6a290\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Downloadly.exe
C:\Users\Admin\AppData\Local\Temp\is-6I8QD.tmp\downloadly_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6I8QD.tmp\downloadly_installer.tmp" /SL5="$805EA,15992205,779776,C:\Users\Admin\AppData\Local\Temp\Update-0a6a5580-cfb9-4e37-ab4c-cd1bfcb6a290\downloadly_installer.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /LOG
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
"C:\Users\Admin\Programs\Downloadly\Downloadly.exe"
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe
C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Users\Admin\AppData\Local\Temp\is-MMKUR.tmp\MassiveInstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MMKUR.tmp\MassiveInstaller.tmp" /SL5="$B0516,10516965,1082880,C:\Users\Admin\Programs\Downloadly\MassiveInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /AllowStatusPage=false /ShowUI=false /DIR="C:\Users\Admin\Programs\Massive"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Massive.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im MassiveUI.exe
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c1c5aaadd4184b238f451be77899f005 /t 5292 /p 5408
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6204 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=6160 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8096 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=4912 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=7988 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2800 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7628 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=6488 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]"
C:\Users\Admin\Downloads\ColorBug\[email protected]
"C:\Users\Admin\Downloads\ColorBug\[email protected]"
C:\Users\Admin\Downloads\ColorBug\[email protected]
"C:\Users\Admin\Downloads\ColorBug\[email protected]"
C:\Users\Admin\Downloads\ColorBug\[email protected]
"C:\Users\Admin\Downloads\ColorBug\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=2812 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7736 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6544 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7312 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=7400 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=7364 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7836 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5924 -ip 5924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 1556
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\YouAreAnIdiot\Interop.ShockwaveFlashObjects.dll
C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1620 -ip 1620
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 1444
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FakeActivation\" -ad -an -ai#7zMap17210:90:7zEvent3493
C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b9ada710df8b479faab55c17f1229569 /t 5764 /p 1720
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6892 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7316 --field-trial-handle=1956,i,7257248452873847753,8395482225433070060,131072 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,166930577539597556,733111711061020392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffd3185ab58,0x7ffd3185ab68,0x7ffd3185ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1896,i,11176064820620519278,4103407159002191042,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9840248051243929771,7158779696392259198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\LocalLow\IGDump\X86_00\ig.exe
ig.exe timer 4000 17197048790.ext
C:\Users\Admin\AppData\LocalLow\IGDump\X86_01\ig.exe
ig.exe timer 4000 17197048911.ext
C:\Users\Admin\AppData\LocalLow\IGDump\X86_02\ig.exe
ig.exe timer 4000 17197048972.ext
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15067250819094813619,12290502690886589296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2f8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,9404704437967126677,767033865716024536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13721532887478189502,4662481397877755871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5138530201505912526,10158824105046811353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15924611980746011288,615044031135796430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,18016429520160564213,9978676551547654790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3185ab58,0x7ffd3185ab68,0x7ffd3185ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3288 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4160 --field-trial-handle=1864,i,2658896873836800938,11773243991505724523,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\System32\msdt.exe
"C:\Windows\System32\msdt.exe" -skip TRUE -id NetworkDiagnosticsNetworkAdapter -ep NetworkDiagnosticsPNI
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter AdapterGuid={22040BE5-AE98-46C8-BE33-064AD2FB93D8}
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10102573909839174805,10035778303957895440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter AdapterGuid={22040BE5-AE98-46C8-BE33-064AD2FB93D8}
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,6952012306723923049,16131863466996797512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Windows\system32\ipconfig.exe
"C:\Windows\system32\ipconfig.exe" /all
C:\Windows\system32\ROUTE.EXE
"C:\Windows\system32\ROUTE.EXE" print
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.0.816545360\1952610466" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a57b541-ded9-4694-b846-7f4575d3d0b3} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 1836 29697917458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.1.923307377\1238672101" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aa90ce4-b018-426e-b5da-06a4df66cb23} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 2404 2968ac88d58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.2.1122792916\949140620" -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1380 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {782dc6b3-4403-4ec4-a885-d582f63361ea} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 2988 2969a707258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.3.1759636415\2049187791" -childID 2 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1380 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fcf6578-d07b-4a16-94ea-0f0e82d5e0be} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 4236 2969c74a058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.4.565974716\471862412" -childID 3 -isForBrowser -prefsHandle 5140 -prefMapHandle 5380 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1380 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a51fda7-6ab5-4f5c-800e-264c6e52ce60} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 5452 2969c53f758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.5.1150049267\785835597" -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1380 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6018587b-9dc1-4fb6-8380-73d5f5f09ac0} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 5324 2969f0b8858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7316.6.1728347564\1554847739" -childID 5 -isForBrowser -prefsHandle 5572 -prefMapHandle 5580 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1380 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50d03602-4f66-43ff-a552-61661184a29d} 7316 "\\.\pipe\gecko-crash-server-pipe.7316" 5564 2969f0b6a58 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14924325743917887767,9437410897359569601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2f8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,121943653485421716,12452894039810777837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9839447997624331504,3447320154526671808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9839447997624331504,3447320154526671808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9839447997624331504,3447320154526671808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9839447997624331504,3447320154526671808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9839447997624331504,3447320154526671808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17094647389402055858,14450521455920115540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2348,2378531620946050236,15490711648488138705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 /prefetch:8
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6046007873278845697,9081872647395407359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6955480210478729178,1135758764018818245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xdc,0x100,0x104,0xb0,0x108,0x7ffd3185ab58,0x7ffd3185ab68,0x7ffd3185ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4748 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5204 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5380 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5388 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5664 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5720 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3356 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5384 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5796 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5904 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5648 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3460 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6068 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3376 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6008 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5948 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5340 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6228 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6444 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6560 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6584 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6616 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6640 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6364 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7556 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7580 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7824 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7968 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8120 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8152 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8164 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8408 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8696 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8724 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8996 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9128 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9304 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9736 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7572 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9912 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10052 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10028 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10152 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9828 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10312 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10448 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7996 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10980 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10468 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11180 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11244 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11260 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11280 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11300 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12052 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12088 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11952 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12332 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=12528 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=11956 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12756 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12668 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=13032 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=13056 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=9236 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=9208 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9268 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=13376 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=9176 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7912 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=12996 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=13608 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=10624 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=14012 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=13372 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=7096 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=7048 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7020 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=14168 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=11032 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=10888 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=14200 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=8836 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=9564 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=14648 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=7956 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=6000 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=9032 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11108 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=7328 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_rkill.zip\rkill.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_rkill.zip\rkill.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_rkill.zip\rkill64.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_rkill.zip\rkill.exe
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=3464 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=5904 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp3_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe"
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill64.exe
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=14244 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=5020 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp4_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe"
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill64-22795.exe
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=4316 --field-trial-handle=1852,i,10559763405033883363,9256095542219776942,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16432244120049468851,9564674792609547382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7929632761746047412,12509870158112493417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10655848632726722100,4565871892261054980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Windows\system32\SystemPropertiesPerformance.exe
"C:\Windows\system32\SystemPropertiesPerformance.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16523056724858989838,2875951077365244742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9162642784540644156,79183772895675398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd404a46f8,0x7ffd404a4708,0x7ffd404a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4571631036753155991,7170466978905946607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe"
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill64-23356.exe
C:\Users\Admin\AppData\Local\Temp\Temp2_rkill.zip\rkill.exe
C:\Windows\System32\Notepad.exe
Notepad.exe C:\Users\Admin\Desktop\Rkill.txt
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:55669 | tcp | |
| N/A | 127.0.0.1:55675 | tcp | |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:55682 | tcp | |
| N/A | 127.0.0.1:55686 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.63.101.171:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.63.101.171:443 | setup.rbxcdn.com | tcp |
| NL | 23.63.101.171:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:55946 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 142.250.65.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 227.65.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cyberguardtotal.com | udp |
| US | 162.0.209.33:443 | cyberguardtotal.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 33.209.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | threats.kaspersky.com | udp |
| CA | 66.110.49.84:443 | threats.kaspersky.com | tcp |
| CA | 66.110.49.84:443 | threats.kaspersky.com | tcp |
| CA | 66.110.49.84:443 | threats.kaspersky.com | tcp |
| CA | 66.110.49.84:443 | threats.kaspersky.com | tcp |
| CA | 66.110.49.84:443 | threats.kaspersky.com | tcp |
| CA | 66.110.49.84:443 | threats.kaspersky.com | tcp |
| US | 8.8.8.8:53 | media.kaspersky.com | udp |
| DE | 185.85.15.23:443 | media.kaspersky.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | 84.49.110.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.15.85.185.in-addr.arpa | udp |
| IE | 63.32.235.18:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | media.kasperskycontenthub.com | udp |
| GB | 143.204.176.103:443 | media.kasperskycontenthub.com | tcp |
| GB | 143.204.176.103:443 | media.kasperskycontenthub.com | tcp |
| GB | 143.204.176.103:443 | media.kasperskycontenthub.com | tcp |
| GB | 143.204.176.103:443 | media.kasperskycontenthub.com | tcp |
| GB | 143.204.176.103:443 | media.kasperskycontenthub.com | tcp |
| GB | 143.204.176.103:443 | media.kasperskycontenthub.com | tcp |
| US | 8.8.8.8:53 | kaspersky.demdex.net | udp |
| US | 8.8.8.8:53 | otr.kaspersky.com | udp |
| IE | 18.202.76.11:443 | kaspersky.demdex.net | tcp |
| IE | 66.235.152.156:443 | otr.kaspersky.com | tcp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| IE | 54.194.32.70:443 | cm.everesttech.net | tcp |
| US | 8.8.8.8:53 | consent.cookiebot.com | udp |
| NL | 23.62.61.136:443 | consent.cookiebot.com | tcp |
| US | 8.8.8.8:53 | 18.235.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.76.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.32.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | sgtm.kaspersky.com | udp |
| NL | 23.216.251.160:443 | consentcdn.cookiebot.com | tcp |
| US | 216.239.34.21:443 | sgtm.kaspersky.com | tcp |
| US | 8.8.8.8:53 | 136.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.251.216.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| DE | 185.85.15.23:443 | media.kaspersky.com | udp |
| US | 162.0.209.33:443 | cyberguardtotal.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 142.250.65.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 104.246.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | tcp |
| US | 74.125.192.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c78.gcp.gvt2.com | udp |
| US | 34.1.16.64:443 | e2c78.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 64.16.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.192.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 151.101.65.140:443 | www.reddit.com | tcp |
| US | 151.101.65.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | w3-reporting.reddit.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | o418887.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | external-preview.redd.it | udp |
| US | 34.120.195.249:443 | o418887.ingest.sentry.io | tcp |
| US | 151.101.129.140:443 | external-preview.redd.it | tcp |
| US | 151.101.129.140:443 | external-preview.redd.it | tcp |
| US | 8.8.8.8:53 | styles.redditmedia.com | udp |
| US | 151.101.65.140:443 | styles.redditmedia.com | tcp |
| US | 151.101.65.140:443 | styles.redditmedia.com | tcp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.thumbs.redditmedia.com | udp |
| US | 151.101.1.140:443 | b.thumbs.redditmedia.com | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr2---sn-t0a7lnee.googlevideo.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| CA | 74.125.172.39:443 | rr2---sn-t0a7lnee.googlevideo.com | tcp |
| CA | 74.125.172.39:443 | rr2---sn-t0a7lnee.googlevideo.com | tcp |
| CA | 74.125.172.39:443 | rr2---sn-t0a7lnee.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.172.125.74.in-addr.arpa | udp |
| CA | 74.125.172.39:443 | rr2---sn-t0a7lnee.googlevideo.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| CA | 74.125.172.39:443 | rr2---sn-t0a7lnee.googlevideo.com | tcp |
| CA | 74.125.172.39:443 | rr2---sn-t0a7lnee.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6n6e.googlevideo.com | udp |
| NL | 172.217.132.234:443 | rr5---sn-5hne6n6e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| NL | 172.217.132.234:443 | rr5---sn-5hne6n6e.googlevideo.com | udp |
| US | 8.8.8.8:53 | 234.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hnekn7s.googlevideo.com | udp |
| NL | 74.125.100.42:443 | rr5---sn-5hnekn7s.googlevideo.com | udp |
| NL | 74.125.100.42:443 | rr5---sn-5hnekn7s.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 42.100.125.74.in-addr.arpa | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nsz.googlevideo.com | udp |
| NL | 74.125.100.74:443 | rr5---sn-5hne6nsz.googlevideo.com | udp |
| US | 8.8.8.8:53 | 74.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6n6l.googlevideo.com | udp |
| NL | 74.125.8.169:443 | rr4---sn-5hne6n6l.googlevideo.com | udp |
| NL | 74.125.8.169:443 | rr4---sn-5hne6n6l.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 169.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nzs.googlevideo.com | udp |
| NL | 74.125.8.105:443 | rr4---sn-5hne6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | 105.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnednsz.googlevideo.com | udp |
| NL | 74.125.8.230:443 | rr1---sn-5hnednsz.googlevideo.com | udp |
| NL | 74.125.8.105:443 | rr4---sn-5hne6nzs.googlevideo.com | tcp |
| NL | 74.125.8.105:443 | rr4---sn-5hne6nzs.googlevideo.com | tcp |
| NL | 74.125.8.105:443 | rr4---sn-5hne6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 230.8.125.74.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c12.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| PL | 34.118.72.152:443 | e2c12.gcp.gvt2.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 152.72.118.34.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.231:443 | rr2---sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.231:443 | rr2---sn-5hne6nzd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 231.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hnednsz.googlevideo.com | udp |
| NL | 74.125.8.234:443 | rr5---sn-5hnednsz.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6n6l.googlevideo.com | udp |
| NL | 74.125.8.170:443 | rr5---sn-5hne6n6l.googlevideo.com | udp |
| US | 8.8.8.8:53 | 234.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | go.enderman.ch | udp |
| US | 172.67.144.187:443 | go.enderman.ch | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 187.144.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 104.21.46.176:443 | malwarewatch.org | tcp |
| US | 104.21.46.176:443 | malwarewatch.org | tcp |
| US | 104.21.46.176:443 | malwarewatch.org | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 203.247.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | e2c67.gcp.gvt2.com | udp |
| DE | 34.32.10.90:443 | e2c67.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 90.10.32.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| US | 192.178.50.67:443 | beacons2.gvt2.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.50.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secureservices2010.webs.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | secureservices2010.webs.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 192.178.50.67:443 | beacons2.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| N/A | 127.0.0.1:59208 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.joinmassive.com | udp |
| GB | 108.156.46.33:443 | api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 33.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.joinmassive.com | udp |
| GB | 18.164.68.120:443 | downloads.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 120.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.computewall.com | udp |
| US | 172.67.68.80:443 | cdn.computewall.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 80.68.67.172.in-addr.arpa | udp |
| NL | 194.109.206.212:443 | tcp | |
| GB | 172.217.169.67:443 | c.pki.goog | udp |
| US | 8.8.8.8:53 | e2c46.gcp.gvt2.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 108.156.46.33:443 | api.joinmassive.com | tcp |
| BR | 35.215.235.162:443 | e2c46.gcp.gvt2.com | tcp |
| BR | 35.215.235.162:443 | e2c46.gcp.gvt2.com | tcp |
| GB | 108.156.46.33:443 | api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | o428832.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | 162.235.215.35.in-addr.arpa | udp |
| US | 34.120.195.249:443 | o428832.ingest.sentry.io | tcp |
| GB | 108.156.46.33:443 | api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.segment.io | udp |
| US | 54.203.25.147:443 | api.segment.io | tcp |
| US | 8.8.8.8:53 | 147.25.203.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-api.joinmassive.com | udp |
| US | 34.237.178.202:443 | private-api.joinmassive.com | tcp |
| US | 8.8.8.8:53 | 202.178.237.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 172.217.169.67:443 | c.pki.goog | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| GB | 172.217.169.67:443 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 143.244.38.136:443 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 23.21.88.231:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 231.88.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 35.162.126.211:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 211.126.162.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 3.232.121.120:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 120.121.232.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.46.156.108.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 3.232.121.120:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 3.232.121.120:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.38:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 38.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 3.232.121.120:443 | ark.mwbsys.com | tcp |
| US | 128.31.0.39:9101 | tcp | |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| US | 3.232.121.120:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 3.209.127.22:443 | holocron.mwbsys.com | tcp |
| US | 3.209.127.22:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 22.127.209.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 3.209.127.22:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 34.233.75.20:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 20.75.233.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 3.209.127.22:443 | holocron.mwbsys.com | tcp |
| US | 54.227.166.121:443 | holocron.mwbsys.com | tcp |
| US | 54.227.166.121:443 | holocron.mwbsys.com | tcp |
| US | 54.227.166.121:443 | holocron.mwbsys.com | tcp |
| US | 54.227.166.121:443 | holocron.mwbsys.com | tcp |
| US | 54.227.166.121:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 121.166.227.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.87.158:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 158.87.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 32.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 172.64.149.23:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| ES | 23.60.219.84:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| US | 2.20.12.71:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 84.219.60.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| US | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 52.242.123.52.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | blitz.mb-cosmos.com | udp |
| US | 3.228.198.112:443 | blitz.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 112.198.228.3.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | 32.242.123.52.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 18.236.1.67:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 67.1.236.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.87.158:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 151.101.194.133:80 | motherboard.vice.com | tcp |
| US | 151.101.194.133:80 | motherboard.vice.com | tcp |
| US | 151.101.194.133:443 | motherboard.vice.com | tcp |
| US | 8.8.8.8:53 | 28.190.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vice-web-statics-cdn.vice.com | udp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| US | 151.101.2.133:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 151.101.2.133:443 | vice-web-statics-cdn.vice.com | tcp |
| GB | 13.224.222.58:443 | htlbid.com | tcp |
| US | 8.8.8.8:53 | native.sharethrough.com | udp |
| US | 8.8.8.8:53 | sourcepoint.mgr.consensu.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | oembed.vice.com | udp |
| US | 8.8.8.8:53 | images.vice.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | video-images.vice.com | udp |
| GB | 18.244.114.95:443 | native.sharethrough.com | tcp |
| US | 35.163.137.94:443 | api2.amplitude.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vice-sundry-assets-cdn.vice.com | udp |
| US | 8.8.8.8:53 | vice-dev-web-statics-cdn.vice.com | udp |
| US | 8.8.8.8:53 | www.npttech.com | udp |
| US | 104.21.66.34:443 | www.npttech.com | tcp |
| GB | 18.244.179.121:443 | cdn.privacy-mgmt.com | tcp |
| US | 8.8.8.8:53 | sdk.snapkit.com | udp |
| US | 8.8.8.8:53 | trinitymedia.ai | udp |
| GB | 108.138.233.113:443 | sdk.snapkit.com | tcp |
| GB | 18.244.179.121:443 | cdn.privacy-mgmt.com | tcp |
| US | 54.88.20.68:443 | trinitymedia.ai | tcp |
| US | 8.8.8.8:53 | segment-data.zqtk.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | launchpad-wrapper.privacymanager.io | udp |
| US | 8.8.8.8:53 | silo50.p7cloud.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | static.anonymised.io | udp |
| US | 8.8.8.8:53 | scdn.cxense.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 34.107.217.107:443 | static.anonymised.io | tcp |
| FR | 172.234.63.227:443 | segment-data.zqtk.net | tcp |
| FR | 172.234.63.227:443 | segment-data.zqtk.net | tcp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| GB | 54.192.137.35:443 | silo50.p7cloud.net | tcp |
| US | 8.8.8.8:53 | 94.137.163.35.in-addr.arpa | udp |
| BE | 104.68.95.245:443 | scdn.cxense.com | tcp |
| US | 8.8.8.8:53 | 34.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.20.88.54.in-addr.arpa | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 54.192.137.125:443 | launchpad-wrapper.privacymanager.io | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | tag.aticdn.net | udp |
| US | 35.190.43.134:443 | api.snapkit.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 18.165.201.81:443 | tag.aticdn.net | tcp |
| US | 34.107.217.107:443 | static.anonymised.io | udp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| GB | 99.84.9.37:443 | live.primis.tech | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| GB | 108.156.46.37:443 | launchpad.privacymanager.io | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 143.244.38.136:443 | vd.trinitymedia.ai | tcp |
| GB | 18.245.187.41:443 | rules.quantcount.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 35.190.43.134:443 | api.snapkit.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| GB | 13.224.245.127:443 | yield-manager.browsiprod.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 107.217.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.95.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.63.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.43.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | api.cxense.com | udp |
| DE | 167.235.124.23:443 | api.cxense.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 23.124.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.107.17.2.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.240.138.18:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 18.138.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 18.236.1.67:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.187.174.61:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 61.174.187.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:55010 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.222.33.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:55018 | tcp | |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.87.158:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 18.236.1.67:443 | telemetry.malwarebytes.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 18.236.1.67:443 | telemetry.malwarebytes.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.bleepingcomputer.com | udp |
| US | 104.20.184.56:443 | www.bleepingcomputer.com | tcp |
| US | 104.20.184.56:443 | www.bleepingcomputer.com | tcp |
| US | 8.8.8.8:53 | www.bleepstatic.com | udp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 104.18.20.206:443 | a.pub.network | tcp |
| US | 104.18.20.206:443 | a.pub.network | udp |
| US | 8.8.8.8:53 | ecdn.firstimpression.io | udp |
| US | 8.8.8.8:53 | ecdn.analysis.fi | udp |
| GB | 18.244.179.8:443 | ecdn.firstimpression.io | tcp |
| GB | 13.224.222.73:443 | ecdn.analysis.fi | tcp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 8.8.8.8:53 | api.floors.dev | udp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 8.8.8.8:53 | bleepingcomputer.disqus.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 199.232.196.134:443 | bleepingcomputer.disqus.com | tcp |
| GB | 18.244.114.17:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| GB | 2.21.189.145:443 | widgets.outbrain.com | tcp |
| US | 8.8.8.8:53 | 56.184.20.104.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 6.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 8.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.152.111.34.in-addr.arpa | udp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 8.8.8.8:53 | 112.128.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.152.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.114.244.18.in-addr.arpa | udp |
| US | 104.26.12.6:443 | www.bleepstatic.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| GB | 18.244.114.17:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 151.101.0.134:443 | disqus.com | tcp |
| GB | 18.244.140.76:443 | c.disquscdn.com | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 8.8.8.8:53 | cdn.firstimpression.io | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 18.244.179.8:443 | cdn.firstimpression.io | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 18.244.140.76:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | tag.escalated.io | udp |
| IE | 34.254.134.115:443 | tag.escalated.io | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 3.126.117.52:443 | api.cmp.inmobi.com | tcp |
| DE | 3.126.117.52:443 | api.cmp.inmobi.com | tcp |
| IE | 34.254.134.115:443 | tag.escalated.io | tcp |
| US | 151.101.0.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.134.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.117.126.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | a.disquscdn.com | udp |
| US | 199.232.194.49:443 | a.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 49.194.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | glitter.services.disqus.com | udp |
| GB | 18.154.84.16:443 | sb.scorecardresearch.com | tcp |
| US | 199.232.192.64:443 | glitter.services.disqus.com | tcp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | freestar-io.videoplayerhub.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | tcp |
| US | 104.26.8.50:443 | freestar-io.videoplayerhub.com | tcp |
| US | 8.8.8.8:53 | ejp.rlcdn.com | udp |
| US | 8.8.8.8:53 | live.rezync.com | udp |
| US | 8.8.8.8:53 | obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | io.narrative.io | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 35.244.174.68:443 | ejp.rlcdn.com | tcp |
| IE | 52.50.29.241:443 | io.narrative.io | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| GB | 108.138.217.104:443 | live.rezync.com | tcp |
| DE | 57.129.18.121:443 | wt.rqtrk.eu | tcp |
| IE | 54.194.61.247:443 | obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | pb-rtd.ccgateway.net | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | s.ntv.io | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 35.89.160.156:443 | pb-rtd.ccgateway.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | pb-ing.ccgateway.net | udp |
| IE | 52.50.29.241:443 | io.narrative.io | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| GB | 2.22.135.241:443 | s.ntv.io | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | udp |
| IE | 52.50.29.241:443 | io.narrative.io | tcp |
| DE | 3.125.70.222:443 | ps.eyeota.net | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 52.84.90.86:443 | config.aps.amazon-adsystem.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | s2s.t13.io | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 8.8.8.8:53 | c.pub.network | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 16.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.29.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.61.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.135.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.160.89.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.154.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.140.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| GB | 18.245.187.38:443 | rules.quantcount.com | tcp |
| IE | 34.254.52.227:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| DE | 18.158.213.12:443 | match.sharethrough.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| IE | 54.72.66.109:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | 9e2487305e1f77a8d597770842973e18.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| GB | 172.217.169.65:443 | 9e2487305e1f77a8d597770842973e18.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 52.43.69.47:443 | ids.ad.gt | tcp |
| US | 52.43.69.47:443 | ids.ad.gt | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| IE | 108.129.61.179:443 | ad.360yield.com | tcp |
| US | 52.43.69.47:443 | ids.ad.gt | tcp |
| US | 52.43.69.47:443 | ids.ad.gt | tcp |
| US | 52.43.69.47:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 52.43.69.47:443 | ids.ad.gt | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.52.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.213.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.66.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.69.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.61.129.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 34.160.128.112:443 | api.floors.dev | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | hb.trustedstack.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| GB | 2.21.188.27:443 | c21lg-d.media.net | tcp |
| BE | 23.14.90.106:443 | hb.trustedstack.com | tcp |
| NL | 63.215.202.140:443 | medianet-match.dotomi.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 2.21.188.27:443 | c21lg-d.media.net | tcp |
| ES | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 34.107.140.113:443 | s2s.t13.io | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | inv-nets.admixer.net | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| IE | 34.252.197.139:443 | match.prod.bidr.io | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| IE | 34.250.228.35:443 | pr-bh.ybp.yahoo.com | tcp |
| DE | 116.202.167.133:443 | inv-nets.admixer.net | tcp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | openx2-match.dotomi.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 63.215.202.172:443 | openx2-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.223.60.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.197.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.228.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.167.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| GB | 108.156.39.69:443 | s.ad.smaato.net | tcp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | 172.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.33.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| IE | 52.18.136.6:443 | rtb.gumgum.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | odr.mookie1.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 34.160.236.64:443 | odr.mookie1.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 151.101.66.49:443 | sync-tm.everesttech.net | tcp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.18.20.58:443 | ms-cookie-sync.presage.io | tcp |
| US | 8.8.8.8:53 | sync.inmobi.com | udp |
| US | 8.8.8.8:53 | amazon-tam-match.dotomi.com | udp |
| US | 8.8.8.8:53 | sync-amz.ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| US | 20.253.0.30:443 | sync.inmobi.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| IE | 52.30.120.118:443 | sync-amz.ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 34.252.197.139:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | cs-tam.yellowblue.io | udp |
| FR | 178.32.197.53:443 | ssbsync.smartadserver.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 104.22.51.98:443 | mwzeom.zeotap.com | tcp |
| IE | 34.243.83.209:443 | cs-tam.yellowblue.io | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 64.158.223.140:443 | amazon-tam-match.dotomi.com | tcp |
| NL | 64.158.223.140:443 | amazon-tam-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | protected-by.clarium.io | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| IE | 99.80.138.95:443 | protected-by.clarium.io | tcp |
| US | 8.8.8.8:53 | beacon-ams3.rubiconproject.com | udp |
| IE | 99.80.138.95:443 | protected-by.clarium.io | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| GB | 18.245.187.110:443 | live.primis.tech | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| IE | 52.19.230.196:443 | ice.360yield.com | tcp |
| NL | 69.173.156.134:443 | beacon-ams3.rubiconproject.com | tcp |
| IE | 52.213.181.147:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 69.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.136.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.236.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.20.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.120.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.253.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.3lift.com | udp |
| US | 8.8.8.8:53 | ts.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 53.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.241.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.83.243.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.138.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.230.19.52.in-addr.arpa | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | widget.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| GB | 18.245.187.52:443 | ib.3lift.com | tcp |
| GB | 18.245.218.86:443 | ts.amazon-adsystem.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | casale-match.dotomi.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| IE | 34.249.182.165:443 | pm.w55c.net | tcp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| GB | 18.245.187.52:443 | ib.3lift.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync-t1.taboola.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | r.casalemedia.com | udp |
| US | 8.8.8.8:53 | matching.ivitrack.com | udp |
| US | 8.8.8.8:53 | exchange.mediavine.com | udp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 34.117.157.22:443 | matching.ivitrack.com | tcp |
| US | 8.8.8.8:53 | criteo-sync.teads.tv | udp |
| NL | 141.226.228.48:443 | sync-t1.taboola.com | tcp |
| DE | 3.78.6.232:443 | exchange.mediavine.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | ad.yieldlab.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 50.31.142.63:443 | sync.outbrain.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| BE | 23.55.97.75:443 | criteo-sync.teads.tv | tcp |
| IE | 52.51.71.34:443 | dpm.demdex.net | tcp |
| GB | 2.21.188.116:443 | ad.yieldlab.net | tcp |
| US | 44.215.243.136:443 | criteo-partners.tremorhub.com | tcp |
| IE | 52.51.71.34:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | sync-criteo.ads.yieldmo.com | udp |
| DK | 37.157.2.228:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| US | 8.8.8.8:53 | e1.emxdgt.com | udp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| DE | 3.127.168.76:443 | e1.emxdgt.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 52.72.140.222:443 | sync.ipredictive.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 147.181.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.182.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.157.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.6.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.71.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.243.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.168.127.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.140.72.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.150.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | pool.admedo.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | sq-tungsten-ts-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cookie-matching.mediarithmics.com | udp |
| US | 8.8.8.8:53 | inmobi-match.dotomi.com | udp |
| BE | 35.210.53.219:443 | pool.admedo.com | tcp |
| IE | 3.254.236.173:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| FR | 54.36.150.185:443 | cookie-matching.mediarithmics.com | tcp |
| NL | 89.207.16.137:443 | inmobi-match.dotomi.com | tcp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 35.214.241.248:443 | ads.creative-serving.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| BE | 35.210.53.219:443 | pool.admedo.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| NL | 35.214.152.46:443 | csync.loopme.me | tcp |
| IE | 54.220.84.21:443 | ads.yieldmo.com | tcp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| IE | 63.33.156.76:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| IE | 54.220.84.21:443 | ads.yieldmo.com | tcp |
| IE | 54.220.84.21:443 | ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | tracker-shr.ortb.net | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 147.135.71.24:443 | tracker-shr.ortb.net | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | idsync.frontend.weborama.fr | udp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | d.adroll.com | udp |
| US | 8.8.8.8:53 | euexchangesync.digitaleast.mobi | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| US | 34.95.81.168:443 | euexchangesync.digitaleast.mobi | tcp |
| IE | 99.81.194.161:443 | d.adroll.com | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.53.210.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.236.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.150.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.152.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.84.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.156.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.131.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.191.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.71.135.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.81.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.194.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | se.semasio.net | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| DK | 77.243.51.122:443 | se.semasio.net | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| FR | 54.38.113.6:443 | pixel.onaudience.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | cms.analytics.yahoo.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| DE | 3.125.70.222:443 | ps.eyeota.net | tcp |
| NL | 35.214.152.46:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| SE | 213.155.156.184:443 | d5p.de17a.com | tcp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| US | 8.8.8.8:53 | 184.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.171.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| FR | 54.38.113.5:443 | pixel-eu.onaudience.com | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ws.rqtrk.eu | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.155.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.113.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | player.vimeo.com | udp |
| US | 34.160.128.112:443 | api.floors.dev | udp |
| US | 162.159.138.60:443 | player.vimeo.com | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | vod-progressive.akamaized.net | udp |
| BE | 2.17.107.162:443 | vod-progressive.akamaized.net | tcp |
| US | 8.8.8.8:53 | 60.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| ZA | 142.251.47.131:443 | csi.gstatic.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| ZA | 142.251.47.131:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 9add5b3ab26bc641c666751300b6e5bc.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 162.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | dsp-ap.eskimi.com | udp |
| US | 52.72.140.222:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| US | 69.166.1.34:443 | sync.go.sonobi.com | tcp |
| FR | 164.132.25.184:443 | sync.smartadserver.com | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | udp |
| IE | 34.252.197.139:443 | match.prod.bidr.io | tcp |
| US | 52.72.140.222:443 | sync.ipredictive.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 54.174.33.90:443 | sync.srv.stackadapt.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 52.72.140.222:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 131.47.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.63.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.bleepingcomputer.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 104.20.184.56:443 | download.bleepingcomputer.com | tcp |
| US | 104.20.184.56:443 | download.bleepingcomputer.com | tcp |
| ZA | 142.251.47.131:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | rtb.adentifi.com | udp |
| US | 8.8.8.8:53 | ad4m.at | udp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 104.26.10.209:443 | ad4m.at | tcp |
| US | 54.85.51.123:443 | rtb.adentifi.com | tcp |
| US | 8.8.8.8:53 | 16.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.10.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aan.amazon.co.uk | udp |
| US | 8.8.8.8:53 | trace.mediago.io | udp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| US | 35.208.249.213:443 | trace.mediago.io | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| US | 8.8.8.8:53 | s2.paa-reporting-advertising.amazon | udp |
| GB | 54.192.137.121:443 | s2.paa-reporting-advertising.amazon | tcp |
| US | 151.101.65.16:443 | m.media-amazon.com | udp |
| US | 151.101.65.16:443 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | udp |
| IE | 3.254.236.173:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| IE | 3.254.236.173:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| GB | 108.156.39.33:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| GB | 108.156.39.33:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| US | 8.8.8.8:53 | 123.51.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.237.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.249.208.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.39.156.108.in-addr.arpa | udp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 8.8.8.8:53 | 196.120.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 52.42.111.52:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 52.111.42.52.in-addr.arpa | udp |
| US | 34.160.128.112:443 | api.floors.dev | udp |
| US | 34.111.152.239:443 | optimise.net | udp |
| NL | 35.214.152.46:443 | csync.loopme.me | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| BE | 23.55.96.24:443 | contextual.media.net | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | cdn.adnxs-simple.com | udp |
| GB | 2.21.188.221:443 | cdn.adnxs-simple.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 221.188.21.2.in-addr.arpa | udp |
| IE | 3.254.236.173:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c35.gcp.gvt2.com | udp |
| IN | 35.207.247.6:443 | e2c35.gcp.gvt2.com | tcp |
| IN | 35.207.247.6:443 | e2c35.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 6.247.207.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| US | 8.8.8.8:53 | 116.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| BE | 23.55.96.24:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | hblg.media.net | udp |
| US | 8.8.8.8:53 | qsearch-a.akamaihd.net | udp |
| NL | 23.63.101.177:443 | qsearch-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| US | 8.8.8.8:53 | related.icananswerthat.com | udp |
| US | 8.8.8.8:53 | media.net | udp |
| US | 8.8.8.8:53 | www.media.net | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| GB | 2.21.188.27:443 | c21lg-d.media.net | udp |
| GB | 18.154.87.195:443 | m.media-amazon.com | udp |
| GB | 18.154.87.195:443 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | sq-tungsten-ts-eu.amazon-adsystem.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| IE | 3.254.239.147:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 147.239.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.87.154.18.in-addr.arpa | udp |
| US | 18.236.1.67:443 | telemetry.malwarebytes.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| GB | 18.154.87.195:443 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | aan.amazon.co.uk | udp |
| GB | 18.154.87.195:443 | m.media-amazon.com | udp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.239.147:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 35.89.160.156:443 | pb-ing.ccgateway.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| IE | 3.254.239.147:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 151.101.129.91:443 | www.softonic.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 23.219.230.135:443 | images.sftcdn.net | tcp |
| US | 23.219.230.135:443 | images.sftcdn.net | tcp |
| US | 23.219.230.135:443 | images.sftcdn.net | tcp |
| US | 23.219.230.135:443 | images.sftcdn.net | tcp |
| US | 23.219.230.135:443 | images.sftcdn.net | tcp |
| US | 23.219.230.135:443 | images.sftcdn.net | tcp |
| GB | 13.224.222.58:443 | sdk.privacy-center.org | tcp |
| US | 151.101.65.91:443 | assets.sftcdn.net | tcp |
| US | 151.101.65.91:443 | assets.sftcdn.net | tcp |
| US | 151.101.65.91:443 | assets.sftcdn.net | tcp |
| US | 151.101.65.91:443 | assets.sftcdn.net | tcp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.230.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 151.101.65.91:443 | assets.sftcdn.net | udp |
| US | 151.101.1.91:443 | assets.sftcdn.net | udp |
| US | 151.101.65.91:443 | assets.sftcdn.net | udp |
| GB | 13.224.222.58:443 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | static.site24x7rum.eu | udp |
| GB | 143.204.68.119:443 | static.site24x7rum.eu | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 157.90.33.121:443 | push-sdk.com | tcp |
| GB | 108.138.233.123:443 | api.privacy-center.org | tcp |
| GB | 108.138.233.123:443 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | 123.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.33.90.157.in-addr.arpa | udp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 72.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 199.232.209.91:443 | softonic.com | udp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.65.91:443 | prs.sftcdn.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| GB | 18.172.152.36:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1ae1a02df558e4aaef11bb9a2732cbf8.safeframe.googlesyndication.com | udp |
| IE | 52.215.98.156:443 | id.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| GB | 172.217.169.65:443 | 1ae1a02df558e4aaef11bb9a2732cbf8.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| IE | 52.210.49.247:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 18.200.0.135:443 | ap.lijit.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.26.3.63:443 | wct.softonic.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | rum.browser-intake-datadoghq.com | udp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 52.84.90.86:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.178:443 | articles-img.sftcdn.net | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | 63.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.152.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.98.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.241.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.0.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.49.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.158.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| DE | 157.90.33.121:443 | uidsync.net | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 185.235.87.36:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.163:443 | gem.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 8proof.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| GB | 172.217.169.91:443 | storage.googleapis.com | tcp |
| GB | 172.217.169.91:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.122.95.52.in-addr.arpa | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| US | 8.8.8.8:53 | 163.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.87.235.185.in-addr.arpa | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 91.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.53.116.52.in-addr.arpa | udp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | ts.amazon-adsystem.com | udp |
| BE | 23.55.96.24:443 | contextual.media.net | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| DE | 167.235.114.248:443 | sync.richaudience.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| GB | 18.245.218.63:443 | ts.amazon-adsystem.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | aan.amazon.co.uk | udp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| US | 8.8.8.8:53 | s2.paa-reporting-advertising.amazon | udp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| GB | 54.192.137.121:443 | s2.paa-reporting-advertising.amazon | tcp |
| BE | 23.14.90.89:443 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | 248.114.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sq-tungsten-ts-eu.amazon-adsystem.com | udp |
| IE | 3.254.239.147:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 108.156.39.71:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 71.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 2.20.12.106:443 | player.aniview.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 89.149.193.101:443 | ssbsync.smartadserver.com | tcp |
| GB | 18.164.68.102:443 | api-2-0.spot.im | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 54.147.95.198:443 | sync.srv.stackadapt.com | tcp |
| IE | 52.49.169.20:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 44.196.209.172:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| IE | 54.72.66.109:443 | jadserve.postrelease.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 154.57.158.116:443 | ads.stickyadstv.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 35.214.152.46:443 | csync.loopme.me | tcp |
| FR | 178.32.210.231:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| DE | 3.127.95.65:443 | match.sharethrough.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 106.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.169.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.95.147.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.209.196.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.95.127.3.in-addr.arpa | udp |
| NL | 89.149.192.74:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| ES | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 74.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamesvid.go2cloud.org | udp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| IE | 52.210.174.128:443 | gamesvid.go2cloud.org | tcp |
| IE | 52.210.174.128:443 | gamesvid.go2cloud.org | tcp |
| US | 8.8.8.8:53 | warthunder.com | udp |
| US | 104.20.82.98:80 | warthunder.com | tcp |
| US | 104.20.82.98:443 | warthunder.com | tcp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.82.20.104.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | anura.io | udp |
| US | 8.8.8.8:53 | uep.gaijin.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| IE | 18.203.112.243:8383 | uep.gaijin.net | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | static.warthunder.com | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.112.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.132.240.87.in-addr.arpa | udp |
| GB | 93.123.11.62:443 | static.warthunder.com | tcp |
| US | 8.8.8.8:53 | static.warthunder.ru | udp |
| RU | 185.40.155.13:443 | static.warthunder.ru | tcp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| IE | 34.252.40.201:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | consent.cookiefirst.com | udp |
| GB | 143.244.38.136:443 | consent.cookiefirst.com | tcp |
| GB | 143.244.38.136:443 | consent.cookiefirst.com | tcp |
| GB | 143.244.38.136:443 | consent.cookiefirst.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| US | 8.8.8.8:53 | 62.11.123.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.40.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.cookiefirst.com | udp |
| US | 8.8.8.8:53 | citydsp.com | udp |
| US | 8.8.8.8:53 | statad.ru | udp |
| NL | 95.211.33.59:443 | citydsp.com | tcp |
| RU | 5.189.239.94:443 | statad.ru | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | retagro.com | udp |
| NL | 85.17.170.54:443 | retagro.com | tcp |
| US | 8.8.8.8:53 | x.cnt.my | udp |
| DE | 138.201.230.88:443 | x.cnt.my | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 138.201.230.88:443 | x.cnt.my | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.33.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.239.189.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.170.17.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.anura.io | udp |
| GB | 18.134.171.185:443 | script.anura.io | tcp |
| US | 8.8.8.8:53 | stun.anura.io | udp |
| US | 8.8.8.8:53 | ads.anura.io | udp |
| DE | 18.158.229.59:443 | stun.anura.io | udp |
| GB | 108.138.233.36:443 | ads.anura.io | tcp |
| US | 8.8.8.8:53 | 185.171.134.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.229.158.18.in-addr.arpa | udp |
| GB | 18.134.171.185:443 | script.anura.io | tcp |
| US | 8.8.8.8:53 | warthunder.ru | udp |
| US | 104.20.229.52:443 | warthunder.ru | tcp |
| US | 8.8.8.8:53 | 36.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.229.20.104.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | staticfiles.warthunder.com | udp |
| GB | 18.165.242.108:443 | staticfiles.warthunder.com | tcp |
| GB | 18.165.242.108:443 | staticfiles.warthunder.com | tcp |
| GB | 18.165.242.108:443 | staticfiles.warthunder.com | tcp |
| GB | 18.165.242.108:443 | staticfiles.warthunder.com | tcp |
| US | 8.8.8.8:53 | 108.242.165.18.in-addr.arpa | udp |
| US | 3.233.158.32:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.87.158:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 35.155.253.134:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | crl.globalsign.net | udp |
| US | 104.18.21.226:80 | crl.globalsign.net | tcp |
| US | 8.8.8.8:53 | 134.253.155.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.globalsign.com | udp |
| US | 104.18.21.226:80 | crl.globalsign.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 18.236.1.67:443 | telemetry.malwarebytes.com | tcp |
Files
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 4fa63f4ccb9b1fca93ab82e51c6d4750 |
| SHA1 | 1f26018c15ed5e14140ed44c28cf52a7b892fc86 |
| SHA256 | 685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb |
| SHA512 | a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
| MD5 | b022682dd39d113f2d5a65a172dbd28f |
| SHA1 | aa874df3d3d0a9539c53a8a0c96c4c119bae2c52 |
| SHA256 | 47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3 |
| SHA512 | d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525 |
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.dll
| MD5 | 6dfc619af29b1bce46cc55f2f1dd82e4 |
| SHA1 | e39ccb51a7e456df074f505193f7371046a51c29 |
| SHA256 | 72e88ee5395bc66d252042e2fa975a39cff8c3ed2152ba661aacf6b997ba755d |
| SHA512 | 379e38a57b17cc417e949ff4ead79980d0b6829f33774d5b0e7a2e36c9247686b12a3c0915123f68e891310a594672ade26d247946213919b7ab972ec6eae495 |
memory/2112-72-0x00007FFD5E7D0000-0x00007FFD5E7E0000-memory.dmp
memory/2112-75-0x00007FFD5E930000-0x00007FFD5E960000-memory.dmp
memory/2112-74-0x00007FFD5E8E0000-0x00007FFD5E8F0000-memory.dmp
memory/2112-73-0x00007FFD5E8E0000-0x00007FFD5E8F0000-memory.dmp
memory/2112-78-0x00007FFD5E930000-0x00007FFD5E960000-memory.dmp
memory/2112-71-0x00007FFD5E7D0000-0x00007FFD5E7E0000-memory.dmp
memory/2112-80-0x00007FFD5E9C0000-0x00007FFD5E9C5000-memory.dmp
memory/2112-79-0x00007FFD5E930000-0x00007FFD5E960000-memory.dmp
memory/2112-89-0x00007FFD5D020000-0x00007FFD5D030000-memory.dmp
memory/2112-97-0x00007FFD5C340000-0x00007FFD5C370000-memory.dmp
memory/2112-123-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-122-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-121-0x00007FFD5C570000-0x00007FFD5C596000-memory.dmp
memory/2112-120-0x00007FFD5C570000-0x00007FFD5C596000-memory.dmp
memory/2112-119-0x00007FFD5C570000-0x00007FFD5C596000-memory.dmp
memory/2112-118-0x00007FFD5C570000-0x00007FFD5C596000-memory.dmp
memory/2112-117-0x00007FFD5C570000-0x00007FFD5C596000-memory.dmp
memory/2112-116-0x00007FFD5C540000-0x00007FFD5C550000-memory.dmp
memory/2112-115-0x00007FFD5C540000-0x00007FFD5C550000-memory.dmp
memory/2112-114-0x00007FFD5C440000-0x00007FFD5C450000-memory.dmp
memory/2112-124-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-128-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-133-0x00007FFD5BF80000-0x00007FFD5BFA2000-memory.dmp
memory/2112-134-0x00007FFD5E7C0000-0x00007FFD5E7C1000-memory.dmp
memory/2112-132-0x00007FFD5BF80000-0x00007FFD5BFA2000-memory.dmp
memory/2112-131-0x00007FFD5BF80000-0x00007FFD5BFA2000-memory.dmp
memory/2112-130-0x00007FFD5BF80000-0x00007FFD5BFA2000-memory.dmp
memory/2112-129-0x00007FFD5BF80000-0x00007FFD5BFA2000-memory.dmp
memory/2112-127-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-126-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-125-0x00007FFD5C790000-0x00007FFD5C7B7000-memory.dmp
memory/2112-113-0x00007FFD5C440000-0x00007FFD5C450000-memory.dmp
memory/2112-112-0x00007FFD5D140000-0x00007FFD5D14B000-memory.dmp
memory/2112-111-0x00007FFD5D140000-0x00007FFD5D14B000-memory.dmp
memory/2112-110-0x00007FFD5D140000-0x00007FFD5D14B000-memory.dmp
memory/2112-109-0x00007FFD5D140000-0x00007FFD5D14B000-memory.dmp
memory/2112-108-0x00007FFD5D140000-0x00007FFD5D14B000-memory.dmp
memory/2112-107-0x00007FFD5D120000-0x00007FFD5D130000-memory.dmp
memory/2112-106-0x00007FFD5D120000-0x00007FFD5D130000-memory.dmp
memory/2112-105-0x00007FFD5E0A0000-0x00007FFD5E0AE000-memory.dmp
memory/2112-104-0x00007FFD5E0A0000-0x00007FFD5E0AE000-memory.dmp
memory/2112-103-0x00007FFD5E0A0000-0x00007FFD5E0AE000-memory.dmp
memory/2112-102-0x00007FFD5E0A0000-0x00007FFD5E0AE000-memory.dmp
memory/2112-101-0x00007FFD5E0A0000-0x00007FFD5E0AE000-memory.dmp
memory/2112-100-0x00007FFD5DFF0000-0x00007FFD5E000000-memory.dmp
memory/2112-99-0x00007FFD5DFF0000-0x00007FFD5E000000-memory.dmp
memory/2112-96-0x00007FFD5C340000-0x00007FFD5C370000-memory.dmp
memory/2112-95-0x00007FFD5C340000-0x00007FFD5C370000-memory.dmp
memory/2112-94-0x00007FFD5C340000-0x00007FFD5C370000-memory.dmp
memory/2112-93-0x00007FFD5C1D0000-0x00007FFD5C1E0000-memory.dmp
memory/2112-91-0x00007FFD5C0C0000-0x00007FFD5C0D0000-memory.dmp
memory/2112-88-0x00007FFD5D020000-0x00007FFD5D030000-memory.dmp
memory/2112-87-0x00007FFD5D020000-0x00007FFD5D030000-memory.dmp
memory/2112-86-0x00007FFD5D020000-0x00007FFD5D030000-memory.dmp
memory/2112-85-0x00007FFD5D020000-0x00007FFD5D030000-memory.dmp
memory/2112-84-0x00007FFD5D000000-0x00007FFD5D010000-memory.dmp
memory/2112-83-0x00007FFD5D000000-0x00007FFD5D010000-memory.dmp
memory/2112-82-0x00007FFD5CF70000-0x00007FFD5CF80000-memory.dmp
memory/2112-81-0x00007FFD5CF70000-0x00007FFD5CF80000-memory.dmp
memory/2112-98-0x00007FFD5C340000-0x00007FFD5C370000-memory.dmp
memory/2112-92-0x00007FFD5C1D0000-0x00007FFD5C1E0000-memory.dmp
memory/2112-90-0x00007FFD5C0C0000-0x00007FFD5C0D0000-memory.dmp
memory/2112-77-0x00007FFD5E930000-0x00007FFD5E960000-memory.dmp
memory/2112-76-0x00007FFD5E930000-0x00007FFD5E960000-memory.dmp
\??\pipe\crashpad_2528_FSOZUMQAVMQBWRJF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 35459a645a190ae97a4756221ead0a6d |
| SHA1 | cc933345042a8acdbcbbd51f04dbbb2388158b12 |
| SHA256 | ad5f3a0bdb8da2d8c3414d9237e5b5c7e93fbaa850980a93f0dc5f18c265ac9d |
| SHA512 | 4a502709b60ad758a18f12af4a911cd1b92be7bf32d7add67dfccdd21072ce6843e0e10c50dc7db1b018b0781b5082282a6b11712e429d0f9b26b9b30311247e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52120cb28447d2c6324d4c2d50631b24 |
| SHA1 | 466b95c750db75f4e746e39fe9256747257a2181 |
| SHA256 | 1ecaecfd63e1d01ab3dd961bc6ebb4c804d80e29e21269fd7c090629564ca375 |
| SHA512 | 2afe16ecd1e778b9f27485c5536d32b3af75e1d45f0cc3f1e2bdeb8c2bf4a22189ae5700008cbcbb603a5f14a82358f7e7c284aa646ee8e02112ff2c8c6c8e29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 872c134ba33bcc40d910163bf9760ce8 |
| SHA1 | cc5c13468d3abd499e589afa03947bb11bbeb4ab |
| SHA256 | 0c9ee43e8251911d3ebaf4365f9c7b388de1f0d0fb4cfaa61afbfb6affcdbda5 |
| SHA512 | d71feaf44d8d7cf8ce2d0513bb0b467921cdfb4b61632e70145919456d7d678e8bb0435040c6f69aeae3e32baef12b4373dd787cb40ecf5bcc31ba5fc32d396a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 72a518d3f94a3514dc250a14d22c6547 |
| SHA1 | b126e95b4094e1cfe165ee6550b8b6b17cbf8683 |
| SHA256 | 83f4683570d351089a3ad1771730dda289b9d3cb6347b81b41508bda23657209 |
| SHA512 | 21de436b3fbbe5b94e25371d124663a293e8660d07813e83655e868003190d28f8c4320e5be457832173644b19b627581e13e30dc6ab9d32fd76f19f7f2bb232 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bff2c7455e0035ed810de18d1615c512 |
| SHA1 | c906cd6ad53987737a6c4d29a3f7e8ac7d958174 |
| SHA256 | c258b978ec847528a79ccaee7c677d97f32a423ca562bdc785fde15bbef1b65b |
| SHA512 | e54b8115ef11e8de8555c58c1e4a902c7a754baeb88f6dd4fa435af6859de1b87bd75dd405054cacbb9063ebcb9dbb35e5a860171b7271ec05e505cf7e6a0145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5c474ace41493854852dd81f420a5bdf |
| SHA1 | 5553013ff4589d66665f6b2e634629f43df28f0d |
| SHA256 | df68e8b82e2bd71d9640dda4e06ab710680db1f546cb49147f90ca433478043b |
| SHA512 | ad8f0f53cded09ab3c5893cdcc3f011646810ba87625c646364ac05cdac766337ece768f52259f21bff6ecd066d25f0aebdbdd2bedec5334c1323d286669dcfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e047066cf1f11a4b6c466cff814702d4 |
| SHA1 | ea62d6e50ff6b0fcd23fe76a67b29d60058a6c1e |
| SHA256 | 54f2fd0a266c0d9bbec8200c6e65b45ac4e980f2bfb132c6ab10a0b053bba121 |
| SHA512 | 40365900b99fc251faad159feb09d4992688e069fa18fa1d52bf33a8c46d623254b5140c82ffcdc7a55037bf41c6ce1b8cf589e04a71cbc70146ac9257772446 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca57b50b83a2b474366a3115611191b5 |
| SHA1 | 788ec46224cf2c4b9a044c33e2db2a22832be802 |
| SHA256 | 9612501e1a146359e75d79ab09ef8113bb3f7f86fd11b8872712b62a04db6240 |
| SHA512 | 29bcca0784c61dd67db1e34c744b9729776c696274cc14998f430cb611e547b57ad78919aeafa02476f3018bce228c1193cdb51938c636321dfee172a0bf293c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4fffb2f1a0e91d6cff7c6d573ba9686 |
| SHA1 | c2c74ca5adcddebb31e79a215774f49a905b286c |
| SHA256 | ba9c8ad3ae65cc6817ee9618ceeab1d97f105fcbe2ff7173721eacee7212fcf6 |
| SHA512 | 1c1fa61398b7adea89b4c5f16b9702dad76fa09859502b0b68321f8b37099e5b911183c7247bf2c1838086bba4f204a886ebf5c5d4deb826a0d92b795e5c27c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b1f9090ddd921f0953a4656202172b3 |
| SHA1 | 0cc39ee53f8883c71740e40288d581865d65d1e8 |
| SHA256 | 806020d3dfbb0eb303e4cd9fa314bc4d6c685b07ffdedbe4456820b9469e9db5 |
| SHA512 | 843767f0a17974dd009d84ced80b02cab6a83d147a66d7d442da0fae2517890c1164f2de377cfd74cb087735fd949f5af491960161bcf19fe682bf106f1d40a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 530f7da720d54bfb2b44ee9654e33035 |
| SHA1 | 10ba23ce086eccf8bd537d70a7e6753bbe76038b |
| SHA256 | 4f745a1787a4989a2bd1b8c9044071630b1460f453a705fb036304f0e94d3137 |
| SHA512 | 025a4237ae1ce0c26a333b58feb4f3063ea80b3e1f4d34d0a1aa129681f1963467216b57cacfbe342497ab83cf1a71a4f100f42bd1fb0052ea75b4fb79e96746 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1d8be38c4d6d933068d8898b96eee06 |
| SHA1 | 28565a65f6661c48a0e26b7af0ee6223522cbd97 |
| SHA256 | 38e3a91bcf24742c15911c4409ff3533e8049b59572312fb4abccaa11bd526fd |
| SHA512 | 9dc959fb0591862c5b8c805e95adf97c42ca6089449f7b52e01afdfd7d5faf23f979cfb9a6c0e81a9f1b9ba26251b70dd1154eabf37e4ee30c40b354ea2c5081 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 121b625f5bf7bcf052f931d16245cfaf |
| SHA1 | fe833b29d58c64e2991ae306b0af5a85bf00b378 |
| SHA256 | 8d7b4d41f90002cbc37d9e1c44ebfbf8dad1a9624c357668b0564caee75405cc |
| SHA512 | f170faee2113373f688f3d3b666196102134471f2d76382b18dd0b63dcdc1dab6fa1ec715e0594115e14e3eccd624d0df210d0b24e9cc3ea0a5c4f32497b68c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 91152d4ab7e6890f8af48639c13b2e37 |
| SHA1 | 4a457f20585d40d178f4f4e1cb84f48bc3918a9a |
| SHA256 | 1228d2f64c4a40a3152cf141ca110b698fca800ffed1adc3a58424b88f37ca18 |
| SHA512 | b6b884abba7e4625517b04c3f408b461f913f77b7466e524ee249fb7e211db4e9b01e8314c655590d14c74d2e6031fc1ed5c23728083229cdec0a64b9dc3e75c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b214c1beb686d45a2deff06becbd1bc5 |
| SHA1 | 3101f94799aebb6310c19d4bc7098f99c6d30879 |
| SHA256 | 8c5d5f4ddb068193855d0d867a299e4de2f503a6847c8f350fec1b0209ca9131 |
| SHA512 | 29dd18ea7faca0d66e8a4b7347ba1fcfa2955a624253c0338b008f3e15364b6761d8751fba36bb13c9952c40c33239842823bd3891cae8c5bbb9fd3a12cfea95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e078f10da228573b34397dbd05a42773 |
| SHA1 | 72c16427e94c3712ff87a74b0213b772c4833484 |
| SHA256 | dc0bbbeb894aa29c1bbcd9f232c6e4cee210e3386720f0c0340bd99639b6220c |
| SHA512 | 3d645060f30cfebc43006016b77733953850d367750f729d64df98dbc056a048b4584a8e322e4e6b28eef13f2b8a71160e29e2df1459089840cccf2cc6b983bd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 4e51343baab9e00f296387626c4ad77b |
| SHA1 | e7b8bd6d83031f171b726882124e803addcef9a4 |
| SHA256 | 1fb5a634317eb4b51224b33cc306ed284993e2563214ef05c98a1f7daf59f7f9 |
| SHA512 | 9ffce6c68e8d6ce99a4b2e82e816d12ee4022b0a713a7abfdbafecc9a113e34ae0728e43f61726d688b844a28eab49dedb082fc20f20575653aefc4694c86269 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 1f298b3bf381eff2094fdaaac8755fe0 |
| SHA1 | 2e255449b27729b2b71b97fe3f802997bbb0f444 |
| SHA256 | b4eb4943d1152a6d20679b8cc9796a3f75fb076cf8382bc0d6b450a3123014e5 |
| SHA512 | a33175524ee6ecc6950e1ad0d238548566acdd5555be9d4f3a07f6f4f00b582ace05b1a7a06d009a86379a250e53e7bdcb0b648751204217049b4ccd451118d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc29f2167bbddd0211af98e9de031cae |
| SHA1 | b8618ad7ec4a2033f939315c61bcf7f6fafbe8e3 |
| SHA256 | 6bc6e045d91f219e28692d0ad7978b04952560d56d085d26f454e243060f0fd7 |
| SHA512 | 532b1d6cb636cb5280715e220c1349d8ffac097b3f43789d93bc55b86e6525552d7294d9b06e56154ddb546db89439551d7e2fcc7b1be2e2118a18fb5f06f1be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 73c98011d98feee304d47aec15bdb5d5 |
| SHA1 | 3e69934b6825373d000bc41eca094e2421b5b979 |
| SHA256 | 27c4c25da78e5324266050d3e77348a92bc67c909fcfec38ebb26f147117a79d |
| SHA512 | 9e8a697feec38c3e926575bacfdbe33b23fce4c484896a3ede42704bc03da24448e38c6a4e923e55cd6e683d91a1bcb372164182adffd784933c8661429779b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b20b3.TMP
| MD5 | 519b72411b41e76087200c420ed417b7 |
| SHA1 | c72dd35d9ce01e630a3b6a3bf5e79582e7f817b5 |
| SHA256 | 64e4145e6ffe3cdf858c196a4545a8097d8f4d767f6cdc88563d17e4ddb86ee6 |
| SHA512 | cd6bcddf0b4cbda099f649541f0a7f4eb3f0547d49c75c0facd013f6d453a6529bea52e3a99bff830e7f5973e54983ee9fe5a45083c5eabd5aa2fe215ce70ada |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e4fa49d9f3b763e4e370bb8d8e593bee |
| SHA1 | 65bb5fcff15465559d31d642381deb08047da1c6 |
| SHA256 | 823e2342cbba49bdd6e1c3f99ccc5f7c2ec53f1b418bea4f8aed859a9fb2ef42 |
| SHA512 | 8efc0378ae147dea228a0709cf9d34ad3e7487680c373f1d80b5ff4dfe0326d9883975f52ee49f47c6d90a9e30cf7a5649fc593a6a9556f30ba0ee3bab90e58b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 588c860074c18e7be2dc37e3ad9a2438 |
| SHA1 | fd27a8002c6d91468dd734a3f2a3e8f0fcd9db6d |
| SHA256 | e4604a1b05a69a293e03e4809ca55233cec105f60a023f482843b3cb3db03684 |
| SHA512 | 5783b44646d0e3bc6f4b86ce4882df39f229a0ed1989822bf5295f968e8ee84eb1b569bc72eac507e5beed5d3ab6863f8a41ee4f44243d99bcf426ec17dfaa01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4c50196408e8889574e43eac71c2439a |
| SHA1 | 1ce15405aa82096b791cf6fc29e8aedf7c3ba439 |
| SHA256 | 3011b7301bc08572a4ebcd9b2e5b9feda9cc2350b26df93ba2f7adb52bb1f26b |
| SHA512 | 552c6c873a2644bcd4583e7058de5bad172e515c027a68da8845782dd1014338f47d570e425dd7214aa239369573c57f55aee24403d602f0ccfafce64d568c22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f90af403888e4136433bb82ad66c5516 |
| SHA1 | 9f8f16680fe0f08b28c2904083bfa02c6bb04445 |
| SHA256 | acfedc5a6cf8f65370dcb37bbbe462b1c8f68b6ef50fb288f45650871addb85b |
| SHA512 | abbfcaee68a2096385a96a395c9c29d7bb3a826a9197efde37b37a23052a9490d0a5ce9126149f5c975b726e00e7131b720277d8b4946f1e765478b348694493 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 2280e0e4c8efa0f5fc1c10980425f5cf |
| SHA1 | 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23 |
| SHA256 | b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74 |
| SHA512 | b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 4bdb35f3f515f0cf3044e6a9684843b1 |
| SHA1 | 12c960465daf100b06c58c271420a6be3dc508ae |
| SHA256 | b835bd77e17447a2dacfce2645a5e812733fe5a777a5e45d9daa56d28675cbef |
| SHA512 | 9fa600b87843759b632c2d384596109cf1fb149a5ab38524cf43cab5833cb25c355479aee90d60462764200108cde5ec71f0988504c97ad09e25975cac65bfe5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | b9295fe93f7bb58d97cc858e302878a9 |
| SHA1 | 34c6b1246cad4841aa1522cbd41146f9a547e8c5 |
| SHA256 | c0233c9b273aae7df532a992e710aaec409455b4b413b89a25854e9fb215c36c |
| SHA512 | 4c44ddbd35807653a60e2718dbd2ea85f09d7107b270045bcc2484e2a0ba977fbbb5739236ce7edb71d584c8f68df31fa3bdd03229eeace60c19662469adafc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9df2a8b80c65f8d69701e51b7117845c |
| SHA1 | 95616ac53ac7f260352b5c8559178bc46a1e9f45 |
| SHA256 | 9b62e69cf27fb6db533773faeb886a21ca63fb3516c29782437d9968530fa17a |
| SHA512 | d52333648c7477a537a091b6d08971cd675be2cda5d9fbc19a7ff2f9b4ab3a4babe32680d14a8316a7a79e3cfde8edce7ab105032b5b992c1cf22bd47f9564cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e902fac59ac405477642196bb6e09e5 |
| SHA1 | 5c4538e1ef7fa49f75f920c448a7c72d4bc7f8ed |
| SHA256 | 3d41d096e6273e9bdbbd7c12fd33e74f4a246cf9abf49c2f8f0fb38cd18bf87b |
| SHA512 | 4f7f90b8d77773f38a7d459952fb5772af2745ef1295474da4375b77948433e308f2fd4d1cb8fbfbe345d1eb5c950898f7cc81a34542a8deb6558711789acd26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e1cad01eaadafa76b6a0c67b793bb0f |
| SHA1 | f721e965288a2361e5971a2f149f2da11d6206f4 |
| SHA256 | c2a92e872d2d6ec76593b1c7b3783e071360e71bd771341ea53085d9542711ea |
| SHA512 | 70f09dd9b0fa8b8b14d6566b2085a0d3d11d245edf51ee488941d4320526909238040b538691cb9f63786ee12966aceb1bc70dc99d657acda09f237a66b3d164 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dd1ca4635879b44a02a264ebe4875263 |
| SHA1 | b90483e36620629d4def048907d1df38028c519a |
| SHA256 | 4482916521fa66a28e8891649db8aa95ee823eb02d5d60e758443a52d3a03c88 |
| SHA512 | 14ce4cd59d85fca290ddad8e6c770e7e24927593dfa912587d5b0c8477796ba68d2d4ff788dfa734389f5a0d7448e8a2e0ce6328414561f9d237cfc35631320d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | 4bc7fdb1eed64d29f27a427feea007b5 |
| SHA1 | 62b5f0e1731484517796e3d512c5529d0af2666b |
| SHA256 | 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6 |
| SHA512 | 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 9446510042bf99532b01766c30fc2c89 |
| SHA1 | 670bf1cb1199501ac3c2af52ca072c6e18ab59c1 |
| SHA256 | aad677ed5c4458689811b5e0c3532827a9fcf6602e99baa7fd62b1a7fa900732 |
| SHA512 | 84c45125cb56f56ef84808fa9db47f7ae7618cc4a75824c22ff075bbdabc6f10bc195703e4c0a1c7eadaa9db492ad2c280e724ed4e3f50c8357f69c16df39266 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | 13f446147732f876569f9fc1e51edebc |
| SHA1 | 2f501d73c7696fd0912d120f3e32e3d0a8201dc3 |
| SHA256 | adb22846e44c4f979f3e1e220960be5154408c28247750ea05070764ec24bb6e |
| SHA512 | a53bd04cb44412581e8e5c859da03a837f0ea33cc7a6ca65605e7eb8eefa62b085a92ccdc25979f0c4abdf246949c8966f1ecef22af1980c22a4c380429840fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ce25bde2-86e6-400b-ae38-f24cb33716ef.tmp
| MD5 | 578f18a629b3c3d76c42f6a8fb75feb9 |
| SHA1 | a5a0e30b72b3667fa912246d917298b9163cd4ac |
| SHA256 | 6cc3c759521312be42ff60f7406a0100636b50881050f3b2ea9cd07877ce2386 |
| SHA512 | d0549368c3a9f5879aed01ed00272d67a386a4f786b3b2eb8f90ad582387345b5185bfe4776cb2571395dd1ee27e7be6fb36cb275e85aff08a99c698e6db606f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb387de483d75cf53a5fdedfdf6375e0 |
| SHA1 | d4732e5485f8ad1e335883939ba04b3918e6d931 |
| SHA256 | 5b9ef55a3ade288c17f9d88a33a000daffee78bba42484992bd66bf962ba0aa2 |
| SHA512 | 3420fe90554db77fddf8600b7d2d321f373d367c1ada0efcafa7fc0e1603014e9e4fd44f15ebc33de6608108ebfa999366e08dcffd1999329860bb329fc7b8b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9421b4607f4ded59ffa0d80c1e70fefa |
| SHA1 | 7a9c307cc1015e4e5a28ea170b44c6d2af602aaa |
| SHA256 | d3ac843aee62c5c4da3a5bea91781b8f14acb992c361e68cead567cdb3a0c1a4 |
| SHA512 | 58ae972fdaeb204fa5536a6eb8c4a274f318eb60ad6bc1d85d339b69886c20d9eaf88d4d038d0b9513752283145d076ff95aebf7d38125f5675f9a282fc3c53b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | f9d7c9aef654e1e17a11be30db91ca01 |
| SHA1 | 33b723c11219afca1a29848fd8d704f30f7393c0 |
| SHA256 | 33c33ea60091eb455c214a4db497629538bd6fa9501948469982513da0277e87 |
| SHA512 | fde2b9fa466bb082b0359902282f90688c61bbd0f364c1e60bcb923b7c7397e7b3f6c64fdef14fa1a54787c12dda9724688e86526e579954c30efef782a6e8aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 669b1563b95fce26d9ddc3c7e9bdc538 |
| SHA1 | 275e4ae2606a0da908003b77ea06b24ea8b66214 |
| SHA256 | d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667 |
| SHA512 | 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 628ba8d31375849e0943894669cd033c |
| SHA1 | 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1 |
| SHA256 | 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6 |
| SHA512 | d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | bd020e9040ce5d0e8fde2c6fe3ff32b9 |
| SHA1 | 1fc3668cfb1103b9dae1c8f6b74ae0b14186da39 |
| SHA256 | 4d79de6a8a36100cc1181fc7d01b0aba71be35ec6f5119e30effabfc4945c945 |
| SHA512 | 70c9ca94e8ea5d257cf2c7b211b5fde7eec6b0cd51e688c3e4553b5ed02e90a6911d0df5cf37f105b9df708da7f5aa3b0129990587957d98d9b8da0b0e27dd45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | 7011d04c03675c1a8781e462d44fa631 |
| SHA1 | c5ed8051f347633da24268b2d8d234de8b81540f |
| SHA256 | 7f4e6f1c365783b8d95f86371e4ca0a1c76fd35140f4bc7c128a83477c1aa121 |
| SHA512 | 10ff7595bfa0a51741ba6f51e4f5f03dd3d50361afb0b257bafd548b879952c8204cd549657372af74623775d987fa3584d45fc3da0087e35915667a250d49d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a50aad6057e22c49_0
| MD5 | fe9c2dcf85bbac7eb499394c01a96045 |
| SHA1 | 7778a181d4ffa47bea7fd73d4acd12d06cf0484a |
| SHA256 | 9d8c93f273286dbe023a560bc48bb6c3cdc685d9e815682511b50b1e0fd996fd |
| SHA512 | 1e7d0753465ef13dd1d2cc0a7a704b70d27241a3f58824df2a9dbb8a6d0bdbfb3f65551681572da06cb4d9912ec9ec7448d3b11354ab07baaf6ee96b355b6dec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\174093a098ca2309_0
| MD5 | b9ff7552f652924c7291469feb9c8fa3 |
| SHA1 | 36b6d9fb775ef240d6ef558dfadb27b9e2d07bca |
| SHA256 | 5f2bdcb494a487f170f6e2fa7639f10bc51432dafcda324473f05bbc43ba41b2 |
| SHA512 | 1a94186287b11aef8db893d84814749a585fd120e405004426f566a3dcafd1a6b53dba7bed71de4a0bbb9ecdd823b3cc593dcf31d90185dcfa6470e3264d30f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09f4462215482980_0
| MD5 | d892f1aed815cfeea3f89627560893e4 |
| SHA1 | 55cf41388997e487f43fde80d740a4ac8e0a5537 |
| SHA256 | 6ec174812a891428c9e214064820ac150a6eb82ef58652f12c60b49377b92bc4 |
| SHA512 | 213a9e955a53cbc2333dc24215b1eb318d24bfff5713e8d3d7b46703464bfc3b21b2e46aec5148604ec05af4d93c3135891ce47d22fd0e764d3f085d75676830 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4f28add35fe51c4c_0
| MD5 | 183abadbf0b37304c3031010caf56f68 |
| SHA1 | 1728b83f9ee729ec3a187142cc95f3b6504af972 |
| SHA256 | fbfd8c2ad89122bde53b45ecaba5caaebb9e57afe6bde4b1ac42cf9cbea9a73d |
| SHA512 | c07ab5893bd8908d91ba647831598d2efef267de66e06ac091be6b3c07757b0ea8bf30aa83a65269c67b53c72ef82303e3139c64ee056a81c8788d59a48b6866 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2b76d7967c518e37_0
| MD5 | 806e79d8a056d57e0ab3492e94609622 |
| SHA1 | 6781a4fbf790566af33ee70e249e1d112dc0a3ef |
| SHA256 | eb087f440f7facded15e50289edc8f75764d64b02c71606d16c39b39023a27e1 |
| SHA512 | 3bcb71a189eb0275d333809cfeb6e21286ceb8a2a34b2675b4c0ac0d94b79bfcd431166e7a9d0df021031992324e1c0d20327b9a878fbc99affc88c31b4698f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c637970bda5d03af_0
| MD5 | 04819dc6cded67ba308826c1a3b56fb4 |
| SHA1 | fbdebc2644586e2fda75a9de2adf30e79e0509f2 |
| SHA256 | 6d5c7c243867b6583ba196ba7fb38694d1fa49a69d90f24e8108be64e19152d7 |
| SHA512 | ef10eaabf4e9cb15e58fac9885e53efd5f996fa0ec21d2ba2bff735cc26b268771035c692e57e3faa6104aaadf5e0c6894b7e66e4b6d84b2af7e85b8aea2e507 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\372463e8c7120bef_0
| MD5 | 0e4b0a7cac104039bca71b9de615cc46 |
| SHA1 | 336bb8f0d9fdca9bedeef83f5fbc5a5228bae966 |
| SHA256 | ccd2a43e2b4a2d4b369ff064373ff2e97ac70f044c1f28b8b07565e1f825a968 |
| SHA512 | a6b9e2237432db297ce3b45199a6106c083416dff208071bbb2576f05b4ef8835d9c86ac8989e622e3d65a47617e19f00b73a2348a11bb023c51dfe7b350136d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5f8ad7366468e018_0
| MD5 | 97c36b6d4d1be2b3adc57e420cfec815 |
| SHA1 | 05434d9ed23bdf2f8c76b6cf8d5b973e69a2bc11 |
| SHA256 | b67f42d5417836a8f9dddde1ab1f0496157f310ca8a4bf2d97548de5d0dfaf16 |
| SHA512 | 899c621f01e7bf2780fa81744404e73eef9fa7d1ebc9b1a8756b28e38223802d382160d1119ad9f4252f8da483eace0e590c443773818d3f98923e1393ccea60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aaa8107def98c430_0
| MD5 | f13ec7034eae9dcc207757d1a75b32dc |
| SHA1 | 59c6fcd93f3a23f8bd9905f93462b8901d50420e |
| SHA256 | d56283de2495964b4c13aae924613f3d40efd8cb7d5df9595945e9866d4d7d54 |
| SHA512 | 4929f07c7563dafe2211e587a2490d354c3d1e431cb147a2d2f92036863c8e0df6c003e621303290a1f901195803cd806051b0181bccc0b9310c1f4d8b5b24f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd9104cced1b007a_0
| MD5 | 29ba74dab9fce857ebb78db7e07dcde0 |
| SHA1 | 6aa760671a3b9cf302c9a4c50607ee649840de0a |
| SHA256 | f38f298081f71078f534af3208652e1971ab456312b54a11db06881691302383 |
| SHA512 | bd5a0ace47af9819e5f69b8ec1e5a437f51321d6b528e3266c384b54292f38ce101e153db10877779d77003bc17d8971ac55ab063c60638eff025f8c353b82f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a5cd0af6b633a71_0
| MD5 | 57db9ae35fb2c55598375630403697c8 |
| SHA1 | a1093f24bd6cf945695daf7e7d9496bb09446c10 |
| SHA256 | b3f3d564a649fc76c382f25ade1156b71815c6371cae85d7dc2551637ffc4a22 |
| SHA512 | 356b319fd3ac24c486975fcfa21bda6893e7d513425a04d278992aba246bf977049c9328b92fa2e3766b0002583d60504c8313a45ae9e766ab9ad0782b77c0fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3f305119e054ab54_0
| MD5 | 8d7b8fe9643be7954e370d16b68d7a4e |
| SHA1 | a6e047c03b6056668b629ffe69c5431336dde213 |
| SHA256 | 002c6df716e826942ca0b74e74cf8f8302da20e95042d3ad6fbba0c6f566bbe1 |
| SHA512 | b5ae34611e784f0e69b9a1c5dd65ab7772f720289e9499c78007140a20baf84c180fc7fb11f6d077fd2f5730c9dc0620fb056cd90db75f307e375b59b32d1723 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\118a680837e379ce_0
| MD5 | 9a68769be36408713420b770de773b41 |
| SHA1 | c769d1c65b8b29bfecca2f6ad159cee73c2a3391 |
| SHA256 | 18fe9d0f3cb155ea1aa921b54b534125802c5c20f3c4bf6f9eef40283cda8001 |
| SHA512 | 4690c1c93431e17ac502bc2c3374e98f7c795ea7201311e10f05f6154e10cf35c5a591789c826c7e7880e8c3e500e6c430cdf8bd20b04c8556ea79364f751036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be68bc274cf0fd90_0
| MD5 | b1cf28f60017313dc31674d8731ffa8f |
| SHA1 | 6423aa31c40bba70ae830584075b33aa58cdbb7c |
| SHA256 | e890925b907082e40258950170b7fe7019eab40bb08c70809a9df7611378ae17 |
| SHA512 | 99051786b62f2e0b4b523ca2b0439a1ba11a278d2118c0e5f7750761f621eee2702fd58a76fce03e8af482f18b6e381289a91efa62549001ec1e760822532da6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1b4a14d8ed229b8b_0
| MD5 | 6cca940fc0c545c68d3825cfbed452c2 |
| SHA1 | 1f6c6d5a7224f2e4eb26d43c59c81ef4a99a73c8 |
| SHA256 | 9c225574359283399acabce85ff4d19abff8185e8bf8fd8bceda2da0c355b077 |
| SHA512 | 580514abd3a5b8ec37eff49d32c47512c784051ee6e962a558bdee0df1addbf966fe25ae93aa09784701de1e0131613fbf5a71288767e82b2f8fc95f7e2a5a57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0fd5b0b126a0e456_0
| MD5 | 3e0ce636a2966a3f59d2181597d885f6 |
| SHA1 | 17a4201a02ac647dc3d8973f3e927c0de05b2fc0 |
| SHA256 | c8e7a194059ae1a8d751d56096d17b90904fbbee983544c10203b3c080b4bf3c |
| SHA512 | 6e9302c4c6067643d95bec5095ecb0cb2e19e18a8a82972e2c43616482cf611e8a0c6b8cb2c95685ee9dc9a1ffd53c9ff67619d3add95caa58071f738fcf91ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d4bf558058ee46c_0
| MD5 | f2655ae9505b28c761738652c22371c0 |
| SHA1 | b00b1bcc818c1f115dadde27a158ef146c7096dc |
| SHA256 | 09926dce5cee2537d3c2dbe9a5f0ed54deb3f84fb8c69d5478ada8c2dd733a8c |
| SHA512 | b264d60618b4b8c4b38a3861287d6928cdb8b6f20bcaead36987872c3ae3cebb0ed076230670743f856bfbc54a0aed335b4ed72964101724d05c82f328958a3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 0e52c094a93d5bcd8875cce575d7da9a |
| SHA1 | de9ecbf399f77a497c96c1a4b3509153ad9751a2 |
| SHA256 | abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce |
| SHA512 | b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 78a2b2e7217eda4930599d5ec885730a |
| SHA1 | c9d9cda06c37263533f5c4988777b5a2554e134f |
| SHA256 | 244e110b5babfcd43d2eaa50c0fe5d5491dacbd1303c7b8719837637ca85757c |
| SHA512 | d0cc3583905d43187e82671dabf7c4ae53316e2c4bea462fc0d9d9bc7a5b47632fcc49898598d89aff03328c9d135379e4d4dc9f44d46c9fa1504e844bd7b338 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3baed86ac27e1ba029d4699573cd10ba |
| SHA1 | b8012a2ac9d69bb091e55ad5613c3a2d769e1941 |
| SHA256 | b76f625595138ff659ef87d207db55edad1372ed589a55ad6f7d9c0e1e768439 |
| SHA512 | 05a5a071186fb0795104e0ae8268b2abe6e8ba49166bf8672d81a0011c998d3b0a526cc635883522d8302302842a121a78cd7bc82e278ac51b3faba048d9048c |
C:\Users\Admin\Downloads\test1.exe
| MD5 | 8a41b0e8e30d2edaf6f0d635719482b6 |
| SHA1 | 1c7464b6a952f2019c91bce72918d1a551a87703 |
| SHA256 | 1172da2bea0dc9c04aff2fff7ef43009a7de01a479e8a2be57ad626a6a1a5cf5 |
| SHA512 | 9f9263c45380bfbe906076618ea8f0c0874b3e6e6c114fedb45d9d42e78336d098a7952cdd910d84179855a085554a124cdc254cfad1be69c582393482b92e2f |
memory/4928-1516-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7adb25f407b2e7c56843935454fab34e |
| SHA1 | c50a650a1cacd68c51d6f0a0759a4e07b1338165 |
| SHA256 | d4341a9357c15118740d432c3712b7f479d5d474e750c333d4ad71f1aeffd8d9 |
| SHA512 | cf5befc40c05c5bb24fc8100999a63ac982e20be2392266152915471539295272cab0bb1df9161f5c55a7281bcc02c9885eb420c137d8514bf650664705c31f5 |
memory/4928-1527-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 218b975aeb89ae8ec9538ce38a3cbdf7 |
| SHA1 | 70a04e38d7192cc3d47af71f8a23c3e474537ae7 |
| SHA256 | 952b9d9adc54ae6c5185e77b645d6f7fcad774d1b19c32a15197826bda09c2d8 |
| SHA512 | 1503dcfc92887e77d310bfedfa14e55f8e0dee69a08a9c7c186fa5fdd688fc7c0beac3d0024256dd9892bdce044d8cfce05fd83f1bab5f9bc37b7acffaebe03a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5533f5cc5e75e623a7f19db15ea3eb5 |
| SHA1 | 3ab9e42899bd52f35b97237c03c4f61846ad855e |
| SHA256 | 8d58841c4de7f310e17842d8bc9c711fe259b845d2592b8c08a93b4ff8ea7a64 |
| SHA512 | b46013df1e93f834f46b56f1883a6e40ebe7eadf21b6930d5b229a566ca9c19cc45dead42b0b9776fc53f16c82c5189c0fc742d63fec3b6a60c7774c46dad985 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 618ab213eec22defb3dc04a683f85257 |
| SHA1 | b80642731c0b76c564159a03f57b645594aa44d7 |
| SHA256 | 223f47d153c0ac0f70dba3f3a94b0c7e5b4104aca9495d9f320aab68d411dcca |
| SHA512 | 1f78a6b6046b7ca2b74aa0b6769f8ce84ac2180e062ce2f25ace8bded24f32b1c74b9d31e43305ab7885e6d6c464d5a27995ceb368558db9f241cf3a2c596e01 |
C:\Users\Admin\Downloads\test2.exe
| MD5 | 7bcc89a15d575deafd22288432159007 |
| SHA1 | 9fd2bd95370fad9166d99effe30b45123075800d |
| SHA256 | 7f726e375826986acff1365b9e2b25d488d692e5ad0dc8ed64c287bb8a921980 |
| SHA512 | 55ce82efd16edc8f0b1b4eddf9f58a399588c4ceff10f5299bd032b85321f1fcdee68a43f30e5f0f445931948bde1fd7ffdcc548ee9f89d133aafd95eccd11ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8995152c8ef30c1410f78dd1cc4de5c6 |
| SHA1 | e90561c3f9ad0670f56a2cc0b373a324578301a6 |
| SHA256 | c59690463f91568e7a91f35ad1c3976ab1865ed01047f15a8f30f2b5a8943e52 |
| SHA512 | 705f89a8e3518bd0f2b64dd4aa8b80658fc42c458b2e8cd616c3c4eab9f6cf753780482ad556fca78680a26bb6a0bb0bfdf4ebc24bebfa788f61ec7d654264f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 402f6c3b01543c4c7d2b3f9d65cf87f8 |
| SHA1 | 126366ae5dac8244c31cce65d7ed3587772af5f3 |
| SHA256 | 0390e6a495fa172d4c15f8ad046dc165647385688761cd3cedc15bb7bf8b8bf6 |
| SHA512 | 99c8bf61e572c6fda21de30dcf4e11231b055f203ea21263a4f3fb47dc17a71aaa34bad4cc6c53737ae882166425ea79903f6cc494f4983d766a3c4564c3a49a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a65b9d1202335a5bff0b11aabf9da590 |
| SHA1 | 93062fcd80069854dc4acf5b336778c2a7ea2e1e |
| SHA256 | 552b0563b6bb81164a09025779064c8e36aa7b8ab1d0a59e9ada6bffffd969a5 |
| SHA512 | 4e0d26fe5ba9ebaa207067b1325a3c651ed715dd069bed6bb4df3dd1af375614ac452992476d5ed7c77a2850d45eaeef8089296ef23cb2598b45f3d95eba6374 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a5e598a2b08c3f4_0
| MD5 | 772b144edf52473c031e43864241e0cf |
| SHA1 | 426abd5ed3c861f1a671688fe9a8692812185d8b |
| SHA256 | c00a7db66eb7cdd11100a9f69a4590e0698a984896b044a830f1918d2ef0ac17 |
| SHA512 | c5f065a9a65f26136f4c8ba06bf0a6fd1cce1fab27e47efc46dc4323054bf0a5db34798692aa8a96ca0b4cec59ae8cca8fa3cc837047369147ac277f33451fa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2e10230eaeb8d91_0
| MD5 | e9332eeefc46e9ad7293c44ac7d9dc28 |
| SHA1 | 1deb2e23e3244688303a099ae6a50e16169a2f12 |
| SHA256 | 3763c10291adce8ea00496d3bf282d828819a8c58884fc501a5a5c46208c933e |
| SHA512 | a986dccfcbaafad564070ad4b30221b208dab69b6d23e0bb330e36fd36cf518c69cc308be364b928820310e704396d159b2e2ef42705313154516915dd7a4668 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41068a89bd9094e5_0
| MD5 | affb8946cdaf724a83c4ce301e1b817f |
| SHA1 | 2c3be0b7bb4643e2463a3b02f07b27f00960bb83 |
| SHA256 | c8b71bfbaf870bb7e01d3f72663fd9f6503249d34501dd892ca98a5fbb737705 |
| SHA512 | 4c0c60886580f48311b7e3506c59d0f7c6dd678f61b9cd1509cc0c777ad601a721faaca4ebb126190b30094af570cd2720cd05ffc0210a4180b33d2d7c3e21bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7e4bb31de3eeddc295c3f95eae6a5b78 |
| SHA1 | 18f0a4cb305ec1c83b98a60fccc2b56e6903cefb |
| SHA256 | 2d7a6041e4579072388b4ab16a85edcdff6773413c6bb95ed9f62d94d8d58284 |
| SHA512 | 6530e2b5c47fa8f8d5ce764257aa2e8f9689a1b4a663cb1de7af82f53074a0f8ae49072a294a719e27da11b4ae1be11c7f69bf087efb07c46dd7c87846ca445b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c353b1b55e7430b1b25d33f7c49c5674 |
| SHA1 | 250a32b9c381ad2e1152ff519360a1258467326d |
| SHA256 | e4de2ef9d8d02fa7e4c92eca3c9c8da6a02575462d8837728c75bb6bfdd4e938 |
| SHA512 | c777f92bba7a7fd65f5ae359318cb8754adc6d956a76bfd77648f449af960ecd391213fc78f4c9db19af65272c33e9fb38505014b88fdbf4af11aa79b1eca267 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d
| MD5 | 0790b02620095d8603073a3ad5597885 |
| SHA1 | 6d18ea2b7004b66dd8820cb2583dfdb025662c7b |
| SHA256 | 75f4fcf7226600765c7389e4c022bdba4eef8f108d114dde706ed16c867aeedc |
| SHA512 | 4bb54a127c1356828a3f5d76bba34a1f7d062e76d1376521ffa85b312769e334bfbac415693e33bbfcd2cff5c4c5b414741bcddd465a4e812934e192791f4c66 |
C:\Users\Admin\Downloads\Unconfirmed 978935.crdownload
| MD5 | e3809e75b9f830c7804cdcbaf8507a1a |
| SHA1 | afc179511d087e5055c69a6c373e79234dd138ce |
| SHA256 | 380ea258a29be380d5b2fd36bccb4fdb1dbcb80d79118ed974ca6f96e0dd8395 |
| SHA512 | 62ab1c28395b77c099bba70d8fe642c866bf21c3e0b4b8996aea0f087b7d6aeff281406f75ac662e129e347e342ccf31756b4c6c9fedf331009cbfe385308157 |
memory/3736-1861-0x0000000000400000-0x000000000043D000-memory.dmp
memory/3736-1863-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2749a0ec46b1d11e1f260ae239d08f38 |
| SHA1 | 06b51be1273bc71f36e87c1f4fd04e007312d224 |
| SHA256 | df250d6e04d2ecc1429e94e08c8961642b3f152488a0f8cfb92ff42c84ca5fd9 |
| SHA512 | e4501d891e57e6882d93f035b0686c8c588b5b99afb53eebc4df699da379bafc581b26699aab472d86d09c72ca368fee7f4c72c116c1e9232a3a14bd66b2f457 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e8a54e0998abc75de12ebc396bbc7457 |
| SHA1 | a3c9eec049970f9a727873c1d93e07e487b3444a |
| SHA256 | a59b369fcb9ca5e2c744d1eef9ee58f35ea0294df386a083420628d2c9d956fd |
| SHA512 | b16126fe4025f33308fa3c4f0c265f43361c55801528f070305e85ee45ecb3a452612f3e8ab98f985422c91b0149fbd1b4f51d7bdd0b10b19268ff530c2886d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0568abe4d3c4ded0f2a4f60693191bf0 |
| SHA1 | 5a5f10e1f87c106bdedfb26ef74c14642bf27253 |
| SHA256 | 849d9a6a790a7c2fa9ca49fdf9f016c2af7eb3833334a1b8d4c53ae153233d77 |
| SHA512 | f2e404c4e10474ea9bcb50153d1ed6d91a391f4991a28e5dfa612d61e9c549d2d89f7862d6916bbecef5cc77220f7d4647ee7e7eaf583189be3295770bace01f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b5d95ba1079f4cbdbb4ff700473269d9 |
| SHA1 | 7421085bd72c4d7e9a3ce6f6228395bff4941fb8 |
| SHA256 | 95d4be3c03419f6e3cc7b565f599f315bc158ba4e89c64fee2c7072e6d0416ad |
| SHA512 | abe28f884ff52f6ca70d07b94340dd1fbc2c6002abbd8db20f3f7e0b23fdbb5ab76e04f39f276cc7b8ea8048659e1f34bd8a33e44e5bb1fae5bd3a1830e564b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 632a7065a1e63d5db546c9d741dde3e6 |
| SHA1 | 4332ebe63b2092eed13c92b019a7d772c977f048 |
| SHA256 | e1ceabb230ae95e14b37b17e6c0a05b3ed0b38101f5f808684af464968f29829 |
| SHA512 | 4cba3e1142059ff04a9ce31fea0b6a5bbd8d50535ed100d472e41bfbb3cb9c493f8184558b577f43b3d22154eab05b858cd2efc0c7bba7c0ead2e2d8015b8a74 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 3dc5020dd7d3e90c7a975fbb930c85b5 |
| SHA1 | 7416fa8a0cce8c4ac800d70a93204693cb096a52 |
| SHA256 | 3eeb97edd44b7cd31b9d91125675a3068c3ca27787feaf7f5c55c4ed55e7bbe2 |
| SHA512 | 95bbfe1234aa530d78e06f7e19c18630a6c0d281be01345335d570f5a5382c4ce845ebe0f448b7558dc0aa37e4a3e12257a2f391e5a522ee42b054f782d322f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f63b2dcf918f4446_0
| MD5 | 5fd9de8997087923d8ca8ee629f2cf64 |
| SHA1 | 5d8f1873b091a96deca4dae59826f6ff1500db1c |
| SHA256 | be7cb602e7cebcc373c5bbd31f7578ca8ce893e85d695038496b90bef4ad6e51 |
| SHA512 | a338a8cd7937ea27799b5769e30c74d41d611bfffd6f4ade2f9ef4be30edf89bcff60e4ffe96901ac74bbf988c7f1216424e26b120d0a145a775aa3c533d1d79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\66bcc6f042af58b8_0
| MD5 | 6736923ca2c288a1ada33cde1bdfb305 |
| SHA1 | 78808c15f26615c26cb3921620d98c4f3b1bbb5d |
| SHA256 | 453208147a382bd60cad18b3a3e7745f81132d4af323ce17f45814070efb2f5e |
| SHA512 | 4d08b485c692fa24e1507fade1883dcee851ca04cbe05e39ba4efb6ee803cda9bdd797cd938e6f605ebfa804632ab0591b262f1c0258a9f60c60a40cd9b773b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb42caf0956fd2ab_0
| MD5 | 6aea948c8031161cfd4d8ac8cd444877 |
| SHA1 | 71d95fa5a6f9fcdf31dcf7b38f450261f614905c |
| SHA256 | cae48c5f0bb8a0e7e4f46fa2711e5875fb65907abe9229af0e869a14f5433496 |
| SHA512 | 418247d62e9af1f35505bd8a447fda09c47875dc9988be52176197284689d6663c2cab51db7593927f2123b8f11c8b7934a084446d00947a46715baf547fd2ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec0f84f95215d943_0
| MD5 | d1b8a4914e397e0b2bace4ca8ede685c |
| SHA1 | 2a1f985ba05c89e3edfed416a2d447599ff951ae |
| SHA256 | bd3749644ef8b79ce41d48c9d0f6c23160e4ef77a24e7532be248bb4f64c69f4 |
| SHA512 | ca8ca9dc6488adae1d41badf7ed5993b9488023860854774e478140206075f15ffa7dadb99f59d86e7d4716f7a7a4dd5160ba56da07bc82e38828382b30cc135 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4a81d8e00a5c0a9_0
| MD5 | 04f4b87d56f8df1c80171f37435e0738 |
| SHA1 | 70c2dd8c6e829501d4530b01996ac85a79559ffc |
| SHA256 | 68b21b6994e2acc2190778e413bbf347f38ae6a8fb9a8fec010917592712979f |
| SHA512 | dd893256c009510431465cb2e7d31c34b85f1a70d820665958544af47acb0389400ec6a1a3499436c5622c4a8a54af526b9ef55f921142b7a3a3ba0888fdcbf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d571593d7f93f31_0
| MD5 | 4921a193e5fdb9f6f98ce8dca267b4f6 |
| SHA1 | 9ec58f898a288d1e48efb4bdc73890f41f3a68d9 |
| SHA256 | 64ec404ca3d9fe01a3cd5e252c957134f9a663a536fbf3dc4931414a4e90f45e |
| SHA512 | 82d58c6f4cc0668c3dd504764f0e563fb6e3cb9e7ee17018011f2c49dccd64d9a15d0aa51142e340041a44c7c9317a9c663dfc479f0778107d703033204b7e0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a067c42b64722a57_0
| MD5 | 07c8cb23a1247c96a338cc3148d6ebd7 |
| SHA1 | 2a59ad71148e88cb08073e4d01e026c50998b0a2 |
| SHA256 | 0ccfeef99f6c9521b1ad7612237a7ad740b6a54429d68d10de747d79b13e065f |
| SHA512 | 4c48e52e3a94f5f81c3fd58f0c5066db7243a70154559d035631b4e95413254d4fc3b08591f0227b60e73fba491144fa0cc198ddbe717675ada89d625b9c17cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4fb2318a249e0b2c_0
| MD5 | d9e9bcf47d01cf0a3ce339955804c11c |
| SHA1 | 86931dec6a274f461ca3fef7511063c11a5a6c6d |
| SHA256 | 129dbb04e107bf7d8f60165e7f09e89fe80d6289a5021a884c079f66275ba9fe |
| SHA512 | deca0a20c571a2e43a1f399183c29d23ff36e067badd9e9c12833e2cc6795ebc683e872f9d356968019bf69438c969dce2789836db7954d779bc97980650fd1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 85e94f2b0e3dccebe2b1bd67b52ebbbf |
| SHA1 | 709e82b1d63276298c21672a058631a477552104 |
| SHA256 | ea95751dbe7847820ad30209137367b4bac03f620c17b09e0db891fdde8cc142 |
| SHA512 | 25bc0ec7bde124db052ae9f422f22aa21adb07584592f9dd5830662f9dacb9c5dd5fd3701d235e92fc98d82916807241f9b9a6f2f571ed6149805074f018cf5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9417fb3930c6e3d299e5f107d3cafc90 |
| SHA1 | d09e4485ac08d58886f122e7067ea20d9607ee8e |
| SHA256 | 98a930721acd75d2bd6b7cf8f938d54ce2eb16ae3eae23fd388680e5bf2d4a1b |
| SHA512 | 358eda241fcc18e9465c02ca748464dc62d003a08e61304a256cc2f5b3b61a8db550af72223bf0cfb58860fcfc47aba4d983d83c4709107e135da2e8780e6cd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a867c70e106a221ef52f42d873efbd7 |
| SHA1 | 2a55798edd2e97776a7bb1b362fb2294858f861e |
| SHA256 | e441bf03b63dc2b19d41f9dcedb67e49ff646ab6e91db0118c1400f5af20c680 |
| SHA512 | e70592f96d9a2023b0f3615e5f2ea53884180f2297edb1bef1b20b067bba945191acf8fc1fcbed2825ada5e4d86c5c43d112ce19652afddf0dc1d1a271080f6b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 34be00e137bf9e940a4765ce00a83f55 |
| SHA1 | ba601e62082b258f60e19491c77052d4154aaad5 |
| SHA256 | 277baf1740aca463115883ec5486b58bfdaf88fb44b8c345e73ea36f83e4d3aa |
| SHA512 | 811df5d4f9bcd8168d31a2a33a651f598cfb597966eca54ec6369ed2bd2f1db1b5c94153b12a0b749b6bcf5c57b9ec69f0120289f0585d372965db3f42352174 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b629f7d7f71053d7f01017401f63d89 |
| SHA1 | 54a7e93f6615a02e94e4c69932eba90fa91e5767 |
| SHA256 | 98a0c8349992482b87301a38c85de41bfb009b5de27b66c3adea9b6419ed0476 |
| SHA512 | 59eb234691f4ad041c20e9555ccf9c41033136ec4993cd4553c30a1fb776f513c1292d185eb62c7f069cd91f905f4053d9aebbdbbead8b27986031bdbb6ef96f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c8a02a6f-26be-4beb-acaa-81ac53cc4568.tmp
| MD5 | 20d5f0894edce94c5c5409bf96a26e6a |
| SHA1 | eea59b0111647074f1f68e2c0a70a9bdcdb5dee3 |
| SHA256 | f43180ef51380c22f210f3268ca0de9b813a4a79264ef85e35388c96eb36a45f |
| SHA512 | 161d2965d9d06fd417b291c7cea733e1e155acc9522ea2d8753d5b6395d746a6433db467681f26d1432f65c2472ece1c3626c2a10240c3b9f4be68fe0e6a8cc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5dd8c1d178f06c97aaec837203d7778d |
| SHA1 | b1c7234bf14e7e0bac78ebf7ba6d183c23adc263 |
| SHA256 | a17663ceb43c8e287965e9506c117be74e4b9e5b1394fe591caed3d6b69af3d2 |
| SHA512 | 2d2ebd9199555a59e7670f4130c1ddf3b8821efaabb7a3ffc93ac7e8bdb79e9d8076b9ccaec67728e6cfce868caf79536f4d8401016b8a77338e492020310282 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d30f8c267ff3f51271ca27c7c5a30b63 |
| SHA1 | 2c0b3efb916427efedfd2770a57544f8916ed10e |
| SHA256 | eccd64b2afe076c61473628f31b60f150f71aa447c9ceb39ff9db374fc7409df |
| SHA512 | dc57cc382b057028721027fcec28b983bea7c757ecb6ea0ead3c6b7030a9c7902ecc63f1f9eb5529bf0561770a419e947553ae1076c4ee47698b8eb7a223412f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 349389b3e4c371291b4ecc4bd87b6ec1 |
| SHA1 | 44a7fd4373c7b4c135a41bae4ef464ec05614f12 |
| SHA256 | e07e26627a7ecdeef6b4add9f516d6629f7e2c71fbe195d037638ab058684354 |
| SHA512 | f09e69ae632990bd09ef79856bf26b51864b1ef8449079f7253d2d8243226198d79f4ec7da745d668fc73feb1325bd80a6751345c138caec11a37b1395c3697a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3b8a9fc9-4112-4818-8ade-f42a56f778e6.tmp
| MD5 | f8207ca09de3e022e5a5a4699b9055ac |
| SHA1 | 16de2e01843e6d3be365f24dfe753d0bcaaffbe5 |
| SHA256 | 3f354bd0e16e6c736843ed567e38808964bbc1e3ff9fd3180fd36b41fba1e02c |
| SHA512 | 654688396ff0e418a82e7fb41a098250e4fe86e9760abe1c522fe3fd541811d900842d00ca871ab847bba645716811e29207e6ae2382d42c1f9f2e5cf47ab86c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c8860e4facbf7be5f394f04b36bcf450 |
| SHA1 | fcb7a0eef8808a72f76a93c2fa927aabaea5e6d6 |
| SHA256 | 78e2045ddcde0e4a91f4678d9a0a16ad4cbe68674e827e7df080d98ed67df353 |
| SHA512 | de5b51c9f34e6bc9659ae673fcd89ee6311f3863c8556451b7fb692ebee83d8fb4e5449920537510db68077207572a398a2dd907567d3470c73b8318b7a994e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b01ef5891819fbd8f978405707816ede |
| SHA1 | 6541ec401819899f90991b8f2987a6e4931eff1e |
| SHA256 | a20b039af96be543354ee50bad9f5974056c5bd74b429f7d0076c7b7363c0997 |
| SHA512 | 7b3fa326f35ebf5f7d9ca034662f2a1ef698b664ac9230cf762f620384c4ed476b07bd521dfeffe2607421522b6fdd5700fae170182abd88f2f88258421d02f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9b13e461d97859a858e803a7a2726086 |
| SHA1 | fad5b70a04202e679a3016475816e301c79b187c |
| SHA256 | 22e4b9055b849445e47d73eb2677e520972114f3cc05a8a0236093501918ba5e |
| SHA512 | 3bc5789f55fefb51657937673b01384448fc7eeac392ca94a1c8f4c4dd8e81269678dab62e4c881d84d929d4c246dee4c5ce0a5ea203ec1672e237a3e4434a4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c100afb242dc0002a2dcf13e2b5fef12 |
| SHA1 | d3d874e35042d62f2838eb4e4ab9566865b8ec2c |
| SHA256 | 46a677e715b6939c7c0e2d79550d922895f3a8592210d28fb926151ade0ce055 |
| SHA512 | 9ceafad5ec1006714ac89fb120473a651f1fdab94b175d02b3a63e6f869a12bde57e980e47138e7ee54ad09e81d38ed790a22e5ab9dfc3c12aaa1722fcb93a73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ad934c03acbadbd41ebc06472983507b |
| SHA1 | 2c77708daf717ef054e1c4bad4f0a0afc0e6bd4f |
| SHA256 | 7a2f0e66f23199ad5c620ae60938cd451ba25907fb937cb1ccb615c5d2c62cdd |
| SHA512 | 9e6f05f655c7c8f49d425e6c25bc443d1028ac313ccaaae0886a4bc63ef8863e81d94ea587ae459b206caaa69f5b9336358143453532c5a7b98231a5eb27c679 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fbd5af02789a77a531efa7a04de0b55b |
| SHA1 | e5b1c49760f87171d3e00b6dff8ff7a4ab8e5c35 |
| SHA256 | ef4ad9581be6c324dd272c01b8423e584e355939292d07c6762c83a549437775 |
| SHA512 | d47d2df595ba7a8db3882882555fc83a2824c8821ec3e6c2272311f6fceba1b5fd8b9fa283b6439fe5b3627a354a4e43fb1c6a01e89a80a362473c8e73be9f99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f07119ada8f87725ec4e7f0f1cfac20 |
| SHA1 | 921f20365497ad9e6d812ac2472d2d2f8f5c7ab7 |
| SHA256 | d93a92a06c11b2612bbdcc5ca9805a7f6ab264f05d602207bfbe903510af0432 |
| SHA512 | d2d8e4e51077d3eef4e737e1516ec4ad872765247bf607955b06f896d427297013e1e24117c3cfe38f9d356f232d15c8ce2af99a6b91c714e583e4410fa0b01a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 1d5f57b36984d3bc13513937212f7c85 |
| SHA1 | 6962d480bc6216080b90505c9f25c8a3ed4c8df0 |
| SHA256 | 7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30 |
| SHA512 | dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | cfd2fdfedddc08d2932df2d665e36745 |
| SHA1 | b3ddd2ea3ff672a4f0babe49ed656b33800e79d0 |
| SHA256 | 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536 |
| SHA512 | 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 3696bf211038b6d7e1c8139affd66a74 |
| SHA1 | 10a515f955bed32bb84581a91d26ca5e79f73857 |
| SHA256 | 5a7875e47b920979763f21056b5b8ccb38972dd053601944a18f4d6527e780d8 |
| SHA512 | dd0baf5bd15ddd0dfb7581e5060f6c57d74fb7863ac75f4bc169d0b20ed3850275b256104433d4bad3b654e2e9eaabcf70688b3d6a24d07b42d0f93d8258f826 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5a467189-5506-48c6-9ec1-674cd38e8646.tmp
| MD5 | d48b6618c47bfdeac303251baad2034c |
| SHA1 | c5879d6a01ae790001c0f37a13afbf2931fe95d5 |
| SHA256 | dff4786d3fa4a0a60ac9490e433d03869f361b73a8ac074f789516af37481615 |
| SHA512 | 6b549eda9f2a430ad655a913e365835d4a9998ce3fe185996c27be35921adec8f707b54d633df395c23060d08d62a7838074e769298f751b8e9f892914f1bed8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 937aacf6c608dd2626e73ad1347805cf |
| SHA1 | 436c6e78e16f2476742efe0039b332f3663ae0f9 |
| SHA256 | d79d2d0d17a6a93e2c8c94d1683ee5ee4fb0d7460dcc7c3630956b34d70dc317 |
| SHA512 | a7c8fcb2f7df24d9cffb0bf68a3f13085b58e132d294fbb9af8dd8cc6b3b8e15671319c55891a1edf308ce8a066b90b395259e69bcf174027ceb53efa693d4d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 42d097b0d03c7b6db31dc7636211f4f3 |
| SHA1 | b26e0dd74bf412b569afbc667ca1aaa2dda97736 |
| SHA256 | 6db74bfe6678e23456de2aa9a03e97771c161ae4e9bccd4c75d51b0eb5f1affa |
| SHA512 | 13dc32d94174325fe97c86c514c8d1a6d8a5c1aa4abdb89967af843de88ed1b6fc7e6d02c856e481f07a9009ea74a652d8629f0d7c4f40852ec38a3ca68a7041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3f4229834218463d973163e141b7c16a |
| SHA1 | 3fd315b9b654e668fc16ec7872d2d29c03c38791 |
| SHA256 | 7a4f064a4ce9a618d6a191a014af04f18b931e073a3b59238961b9829264960c |
| SHA512 | 0cfbc1d57b4a8f95511b88dc410bfbecf35e5e105ea423b9f7379c1174db0dc3e0101da195218891f8d127bafdfd942c9bdacf849917b6083c77b8a0a6b6df0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | aaf9a8a43f1f6239f46c71afae23e026 |
| SHA1 | 4275658a22fa3fac73439eac1d4f24c677734641 |
| SHA256 | e9849fc42188ec6598a04795c5006408632058de427031d235e3aeed242b5044 |
| SHA512 | 1b88c385c56aa7057703cdbff6107c9615cae2068712581b1ca15f5c2975f3d54b7fd42f5b3a0d2b0f96c37d04eca0bd9c4fe43cc8168c64eb41d579fb6a03c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f5608.TMP
| MD5 | 2f08c62a35e996b1260a0ead6cd54459 |
| SHA1 | 48059c8de1bb1a156014af343c9a34a35b371441 |
| SHA256 | b1e042d2ad1a3cb5803964da6ed4048d3eeaee4e725e754f3a566a3c85022d41 |
| SHA512 | 07683f3eca4d4bb517c919b3ab6ca15ebabf82b3c05ed099a6bd457d0d8d4c3df1f39afa1da09f2730f6c496c414ab8de2d63d9f8d599f8a20247fbb9d48ea59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0fc33e07af19645f61a33774353db42b |
| SHA1 | e9c5358dcf007f4c993c32cbd81f1374b0b68789 |
| SHA256 | 39cc14421d5271f770fe2ea29dbe9208a925f911cc0e5e4b00cbc175d8d77a47 |
| SHA512 | 683bc126350068fcdad3f869de8cd538224a18c561fc62160b67ba376bd5955f95d24d688a8a7ae5eff602d62c5b7d6de27107fa33a587fef4719b803a2ad353 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2528_847450456\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2528_632317566\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2528_632317566\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2b05aa52-e2d7-4129-9010-efa176c6fa24\index-dir\the-real-index
| MD5 | 47cac99d03c5790f35bc53e57a3988b3 |
| SHA1 | ac0a3f1e7feae34eac6334da1d0ca25b18f14a0b |
| SHA256 | 94b19816a295073dce4a625d1d6f948daa0320b4842e727beb18112ace774330 |
| SHA512 | b87c89e8fb4dee44cf974e70760b24d9cc353466f664adaae207ad1944cb62de2054ba061fd6292909769041124165724ae6cfc66d2fe78a4b5ab6afd7623ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2b05aa52-e2d7-4129-9010-efa176c6fa24\index-dir\the-real-index~RFe5f6579.TMP
| MD5 | 254167e62a91bc554cb8cc9228169d3c |
| SHA1 | a2cb61fe5436f01cf84083856778effdd84cdbaa |
| SHA256 | 70247d327ccc7bea5d3b15a425e36742412286842329de7ec62e9f9f87c09419 |
| SHA512 | a14804174df6b50ca2cfcd60d5356fd6e860f21191cc13a6d13a1b430bebd6efbacea53fa346fb31c757095dff5746706e6ba5441f98d8519112ea53957a868c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d0465563e474c790d8b72310462d26eb |
| SHA1 | a462d34730abc6aefb975a008a7b16dda44a8f58 |
| SHA256 | 2e3787cd765056fb97909f9f5ebcc7232b85ffbf3af4f9c4e44ee1cd18fc475c |
| SHA512 | 38362a569a9f73ae90680189d9be75c71e193d18b64da1f63b4e4be2612101463788a1aeccc2deb192342475423233603ae516fdf6a7195e836efcc938a825ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c46937752055eafa61a9b18813fb25a1 |
| SHA1 | 4d272eafd4302550fde2014d72e4d5a0d8e7cc07 |
| SHA256 | f4ab6445e6e4d5ba10a0560a43ce5431e7ae6e5a7e6d3f1c374c940189dc9802 |
| SHA512 | 91b50f5c74d5dedf762f7f49fa47328186c95c150c1811f691fac372889f8e7c2127a38427acb2de0c828436f864eddf7117509370f716e8ebb3b062a3e34f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c43b73ad6f439d80825e30173c5b25bc |
| SHA1 | 9b9c02108264002193890f7a068b00101f722636 |
| SHA256 | 9d2581ce55bcd6ced7024672c60e89185c3e4693c48d4529b9716a1418a253a2 |
| SHA512 | 6ec80d30b889ff55a539116da2b3e42a22db170d75cabba51e83c7c31be7deab828c5fa5bf676cf7347b504228b57f676541f5751c00ee0605d4befe356a0888 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
| MD5 | d115c0a2800145c06e066875ba331616 |
| SHA1 | b94c5f0d25110782e939d1234141b70e6b238653 |
| SHA256 | 113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e |
| SHA512 | 2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072
| MD5 | 2bddd552038fa6582707fe3e183855ea |
| SHA1 | 7e622e9b8256f94a9051934534f85137a8b9c9f1 |
| SHA256 | 5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7 |
| SHA512 | e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b9f3fdad9bc830006e29c6b838645d2f |
| SHA1 | 01a6f7df982ab4273a3693ff20781a446fcd9e69 |
| SHA256 | 12ce4385666eae934102b259b5dd5232630313a10c7af4a636d2dc51dc0c4a4c |
| SHA512 | 14c1253ec41ffc7cd605ca239997a41313d8b7022b6d49d76f0f8cdcfd7942e64b973c36650a158f1711acf228276dd2ee6b25af9627df2780ea90aa35d68812 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073
| MD5 | a37cb5b2be3ac24f85e18e0f6af90e18 |
| SHA1 | 7888cab4667f8997bee7cfe1357b6d090e5f987b |
| SHA256 | 38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1 |
| SHA512 | f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071
| MD5 | 1af625b5988f4098155457b42c9e7604 |
| SHA1 | f101a2737ad079176c92bc2684f8961b074ad710 |
| SHA256 | 44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014 |
| SHA512 | b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
| MD5 | fe0cb11576905a924b316b72b715c2e3 |
| SHA1 | 31a833346d235602a4fc51b49ef9bf57d9d1409f |
| SHA256 | ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9 |
| SHA512 | 0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72e3d04f03d60882693a9d29e1367b2d |
| SHA1 | b2088e62d4a1cddcc9cc8342352a483926b56b3c |
| SHA256 | 3c940caf79aa2bb44417d58a61d9cca1d0b0709cafbca448d651e799da470fe9 |
| SHA512 | c1898bbdc39118e4fe71c17798ed2334aae8c1d6cb9eaa41e014f7cecf5b59f4c24ff696d5b48004d284b3bcbc7783cf227f872391293d646bc7d3812a39f0a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 10f7e1ffb5dc9abc3276ee0ab77d4119 |
| SHA1 | fad733a66048415dd724a9092d2cb026d5cd73b0 |
| SHA256 | 31c4e3a830c2a123709bdd1db75250f4a83cd22d72b637ae851e70c663e82d28 |
| SHA512 | 5defc2568326c956bb5374115c5648dd060f17f00bd593db4190f42331234511183ff2cd2f27ff5869f716cfdebd748e35ea615f759eaa0bba3400fc036695d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 295c2ca790f2870198d6d2a45697dc3b |
| SHA1 | 4ecf0db1a9d213f3eb075c0beab5e550060bff25 |
| SHA256 | 52ce3150a69510a90c26447f3314f41ac246b8189de3bab8fa3d297e266af966 |
| SHA512 | 92ab4da3f8f0ddaed68122692f61a11f9c04a0df1602f8ea092f61251db8676780c16dda1a65da368a6ee419f47c02e0a5f2ae7e4c47d4901d79459201ea2fde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | faab0087d0947863e81e7a4855978490 |
| SHA1 | 30bd1a6638026f639458f28bebcda731b5ded2d0 |
| SHA256 | ad868aadfedab4af8d8a8d9e64e59a49446b2cedd672df297033d709fcf6bcc1 |
| SHA512 | 010066c31cf60b8e5b45032fc53f6c3079f6f1c177480672009c5962aeca299e9ff6981bfb4ee9a5da24b682403861e989f819bfaf14815df2e8aac3cd381c03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b24740a83439fdb264be1b7efd60ab8a |
| SHA1 | 4749a58ebf91e38c0b70758966db9c72aee988db |
| SHA256 | b0bf8d349b9267483cc42c6df69d4a3a3dbce23b52227c0c7fe873e7905940f8 |
| SHA512 | 23f2c92a17c65227cc9444fd9ba8fca104bdd6fb00c799255013cbf30382a2247493e76fb8d5dee9d862e1ce0c0c72e24533a77c0e9b8bbe1aacfd366d2ffb63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\index-dir\the-real-index~RFe5fbf42.TMP
| MD5 | 91d26bc1d59e9d84cf215daa872b11e7 |
| SHA1 | e3d6e2cf148a4044c35d30cb3fea510e642356db |
| SHA256 | 06d64214e8ba297144d9265d0e40f17ebde5d67a6af83c9fd995ec0d446dec0a |
| SHA512 | 19934d4b92d395c11ca20d77caa72f3f4e1f9a99cac19c0cde20d8b029184cd0d8f934704bfb2c70337ffa47fb9b72bbbef822c47ae47123b5f3b7234833b8a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\index-dir\the-real-index
| MD5 | 998e42590fdd8d8ecb1e573d119f3b8d |
| SHA1 | d9eed5286b66aa9e0f827d1d5bce1d286c2942f5 |
| SHA256 | b2568645cbb96f9c540adf4c94269d0b73e08c25ca3c522f628a5e31a164c8d7 |
| SHA512 | 92e88093b5c6c4f5c3f5f8dbc989902179d546d52eff105c525db9ccd73e7af371b40b34f8c2b44bbd4ca935233d0c10d02d96479d1cb2873ebae59116566120 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2b05aa52-e2d7-4129-9010-efa176c6fa24\index-dir\the-real-index
| MD5 | afe5a4f8fd9e26dc78028e05eb6d8df8 |
| SHA1 | 65875447887a4a154b9c2b17972ae2f6cbd666c2 |
| SHA256 | d02d28f34ecfe468d8cb093a152b1c84999885e0aaed20bf16b13993b1535c23 |
| SHA512 | 49bfe24ae3678395bed75a3e053ee3ebe872e98bb688dace6a469ef7a74dfd131e54d9ebb8687ef7d6129961121a57006f0cd53d20a209a7bbc6ea3471b9b349 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bbe3897b5d9fe2632cc390db708fe98b |
| SHA1 | 06bc6e0d984e743f52aa2e4d151a806aa5855e4d |
| SHA256 | 804da36bc463aeeb8aa9d6f0db3fa8bef09ef09126fd7b106c2ebe7ef6e138c8 |
| SHA512 | f85ff090c79155dbdc3f421d2b6be1da5e77e139c7b709d8f4e29bb85bc06b88db4384c83066b26b837f679cbf1b73b44d88e7eb04fff1e888ac47bb24ed0750 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5dedd930dd2f7b7e462a458ef95bea63 |
| SHA1 | c13474563d7285b80040b5ece696dc3951f9bb8a |
| SHA256 | 903fb92edcbb4ef7d4d1f79b31d274f5d07c63748bcfccdb76341d416ebe1f30 |
| SHA512 | 204db75190cab79b456fe4900a825db32f6ea7d9187d28f3080d77f421699fdc905a1497e92eb0c47e50d166f0209a36709e77932856c7caf635659d3024457c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070
| MD5 | 5abc2d6a81ee083df5c49e83a342037c |
| SHA1 | 1b17bb65749f39ede44e145735252b0d56fc7003 |
| SHA256 | e2cb2ad4bb24d27e3b8e92e5a7839d4e68ff613d7e91e19a2668c7c12739267e |
| SHA512 | 0eceac3e1207bc2e31238db6880ed6f4026e0ae2ef9f102e08b8e6da79a5495c7ce4bb32c4ecc50ed2f2990cfd1610cfa974b1864455c325560d1d070ff48f93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\b9ed6afd3d0638f9_0
| MD5 | a6267f1bc792291dd64b3bad3214f7a1 |
| SHA1 | f649b67d5d87722fdaade7a5a95b8e890c92a69b |
| SHA256 | 5bb7428341f7c3e328d0d933b6a12640bddfc7aa1c85cbb0a92e546754ffed6a |
| SHA512 | 48d0a81fd25b5e1683d87cd8a1b3689d7f35d6180b62972ec0644bdaa3532476a51fb4f22b314a6d6ad895ecd24cd8a081db45cdacfbe25a3be2755e35c21c29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ed1a2c045d493e41f4f90a9fe1ab2db |
| SHA1 | 6523a7eaf24e5ba3a27e87ee453584c41b6ea4d9 |
| SHA256 | 804c51fa295306c56f54de868dce209ae3be0f2ed9ed19f397d4b607e1d77dfa |
| SHA512 | 07463d1f8d01f1f762733185bb42f7d8ea07211853d381b170242e2a9d4d8d86614ab7b004a24f84f49f175027df6bfcd0e2de4aeaab095467420936ff318bd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ae14aa8f9aa0c287911d156ebc4caae |
| SHA1 | ada1e9b64a389720e2d134106ad412f490114c5c |
| SHA256 | 22787028cea3ce58330951cc47276f1935395103da6852a7c8fd226e61e632af |
| SHA512 | c24b136a5cfc1cafb6af6868bd99f4a155454be5065b05620a0c8c6e95a0cc3554f3d894201c1c605becae4072b0b383369ec3583561e42bbea155302b1b0248 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5dc9e7b8c6a3d86aaf1ab555a4943fd2 |
| SHA1 | 8c2cdc6a355f8003fd5cd29f78fbd55a8890229e |
| SHA256 | bd2067dd8b31f02522536fe1337b175e2cb67887f401c5262921f6bb0085a013 |
| SHA512 | cf46be210c987e6d630dde99ade0c558efbdcf8bc45d96716db9e12d25060f025e74ed44132184da24600dfcc3916c4177cbcfbd920dcd15d13b0fae3d7d2435 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a209a20ce18b2856f0601614a062d4f0 |
| SHA1 | 436c8a38683dec08abfbd4d214839de551d50652 |
| SHA256 | 018b2e85dbd82f0a8a14c99252ae58d061c172dc43eab47191364b406ae2f22e |
| SHA512 | 5f94aeee144638f12109c430aa7434efa73d81bb3f479be52348cdcc181b824406e8ccea0953311d9cb9ded24117b926a7bf76ba0e49ef56e56bf50fa22ab0d9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 313fca9cbe0947cefb9b7b1da9d11426 |
| SHA1 | 75020c903a209bd8b2db2374c9938df5edae7183 |
| SHA256 | 9da39b2a6833b763341b571e1a34058c846df30e99b6ce579966ed4a605472b7 |
| SHA512 | 2dbe18476a4b63050a712f88649cf243e0cc689d4ff5453c9e6de39a80cae570a5759549c0b056ba81df5b61a8a5b7d23c8c18d8f0f70afd25e113a059df2b44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf66a9ae75264bf92a68bf9e99991bc6 |
| SHA1 | c2d0245cbbeb32f85b33d2fdcd175385a1bb9508 |
| SHA256 | d48bf6ec09a8144ff95b4187d5e2172f6a6c330c61780e7cbb5b0304c0ea2c17 |
| SHA512 | e2355a1cda95cc0798e6b2b9f38e74d5fcda8df9be4f8a2f48f4684aa59f60695c95cd3d132160bd6e8c275799b7cecb06f4496a08d44e3eeb77939bd483210c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2b05aa52-e2d7-4129-9010-efa176c6fa24\index-dir\the-real-index
| MD5 | e0e1548a25862144183f7121e1a99775 |
| SHA1 | fcbe495a77d5453bc89d8463589630d7b38523d8 |
| SHA256 | bc6759d7ea0c28a475d413847084131f0bf2208edd9cea6b4e432315292b4486 |
| SHA512 | db709db711f815d6ab1e0469d564089064c3e5e51b12583dcd45b61ca1ea56b0f6f79c79f02e409289b1aaa5632e081f383d28461ae8944d3f3b88a61bc49711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 563ea96a3bb95de8601a9bf92ef58be1 |
| SHA1 | 8da181bb36848fa65f2d34d6c67a2dcf24c6421e |
| SHA256 | 7756831be8a1c1fdaf7458ef30f172cc088fff654fd98b7709ce6c249a297937 |
| SHA512 | e7b76d2c0923a4a64bce52d8480ccd36cadb21c6a109d40126e82a7e01cdfbaba7e2f818a229cd93ab5d63d5b3f7b3b1f122057bd487122a5d4ec2adf93f5ad6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2c82a471d703d6b24a974b4132bfba91 |
| SHA1 | 66b6df283704e6e194cc6e542f9650f9ec4754e7 |
| SHA256 | 1acde308e7883c77e9cd38966ef453c21d83ef416a7227632b99e682d1135799 |
| SHA512 | e83834e34fc616397688eaa3657459ad6507ff787b61da698a39208553e0fe08adb75cf9f917ef155fb7e9c6119af47f618c971df599ddd7e917ad003ab26cba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\a816a82b69e5c7ea_1
| MD5 | 2415f6f88c7e62b8fef12f7c7c226596 |
| SHA1 | 3750cc2f56315a4c7e3d2f00d65d327d2e9f9f0f |
| SHA256 | 251044726dfa39c6a480ed7ae38d2f5504048ce9899a92fb04010a70204917d6 |
| SHA512 | 95c4dc038b0b950b2c584ef72a55f16f0bab5aade6a01e201bb5c661740873c8dabd7ae788b33ee29fb4024ea36c3cd5b1667a2dff9de4127ff4347a996bc7df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\a816a82b69e5c7ea_0
| MD5 | 848c04fc006f984863635ced140faaf5 |
| SHA1 | a7659ac7c4ad2bf79dfe1e5750ddb020d2a6a4fd |
| SHA256 | c9ef53f0455299933fc2ec5358f0ede5241546f0bf949ce476c8531654b18863 |
| SHA512 | b8dc70f744f3103dbe2de8a0994901869e803981c3089a0a9ab805fe60f5c08df9dab619b81a91cf0fddb776753962a6a2228d0dc0fd02bcb428b293b7dc2e39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2d4a333ec2abdbde6000f94271a15035 |
| SHA1 | a85347b8f89354dba054b73c79e161f2592b1bf5 |
| SHA256 | 4e6666067a78f3b4c8b21a0b583f7e68c45f9cbe3a295a7889c6da3d8a51eda3 |
| SHA512 | 921c475ec2decdac65430dff5960ee087292148fe4f2cc83f2837edb0b17182a3faa2e0534adee0f68407b6286a40ef9d150b6fc542cdad2fd77e6cb4129c15a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\f0cf1423775477cc_0
| MD5 | 5c73491d38ea22336821fdd7d8012ce2 |
| SHA1 | dd94e905dee8f3a75bfb137bf71673527854c120 |
| SHA256 | 2dabff866c166d36da328d97c73b26bfb8ab0b6da9e14f38ce55f1242f8f77ce |
| SHA512 | a62e757dcbc597d5a7c15f66cd7989300968515ea73f838f87b7cd0a8ee67b25cad0a1637009ed206aac796eff9d15e79a4ede7e5e997b7072a2327f5b33ae4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | 2d0cbcd956062756b83ea9217d94f686 |
| SHA1 | aedc241a33897a78f90830ee9293a7c0fd274e0e |
| SHA256 | 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2 |
| SHA512 | 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c32df02c258961228b5db6dc7be6a01a |
| SHA1 | 5931cd0e8a1c84de171b52a2ab105c42a668eda8 |
| SHA256 | 3c8f3d951564dc53b3c56c8173495072e67cd0f1ea5611d8cecfec573623218d |
| SHA512 | 3a62f98523ebe30b8c68d0ebf207e76f78d10b24730ef973c70ce7fd3f19c625d32aff93566bb00c6012b5506fe17330b959ec34044e1027123414709d4c54e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075
| MD5 | 294b6428492677b51c74b23853264036 |
| SHA1 | 7283d5a7071aa41cb9c37c4c60196c17f0ceabdb |
| SHA256 | c2dc178c9f783e2486b5ffb1b1d7cf9b04893af92ad04b1b7d6be01336dadf4f |
| SHA512 | a4f41f9bebbcaf9273ad671c0af59a258687b5e6583ac6fa62a8d28f8f372ff26096b39aa68e462a566788461228193fa7db671a99fd52c039087dd124839e7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\94b59035f3ad7d99_0
| MD5 | 6a6bbe25b1019a5abc94d22e9c90c69d |
| SHA1 | 4a5d6f2e7869712c165e2daf8dcc99f54641135b |
| SHA256 | aef844febddf64c8b3243f712a214c9d8b582913d669c3d1373354d0db51d29d |
| SHA512 | c6d46dca14fbddcb4b474e346bee8d8add87176dee9b2dc6580a5319172c3a4e7b4da4b37ccb2742cded1b81acd14ac6965e3dfb6a6442f1ffcbafcd013c3b1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c34ef712f36e1e1c_0
| MD5 | 59aa1ee3e944ed3bbbf889de470415c7 |
| SHA1 | a4d80b5cf757d9409dbb46c0db0650900fe8ab42 |
| SHA256 | dab1aab512da66da316ac61f292d5b05787d10ee796ba8a1dc56ca1391e1bcd3 |
| SHA512 | 65557d94e17242208bf610b9c883c04b86cbc00384f832a0b7b92fe6ba0a916cb416cac8feb76c21436958078739dd8c56ed8724fb60f139ff78df74251be01c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70e3e8edea57383e_0
| MD5 | 36cc8e14d1d0ead17dd37d8df069244e |
| SHA1 | fad225f970a1765ae9294d276d281e2ac7dbccde |
| SHA256 | 81d71a1fc5089534277d28f2153518f5f96d4c68d4fe1b742ce8bd7bb4647436 |
| SHA512 | bbf4edb44854dcca649f6742948a1c7daedb772bb0d2a78fc53b9a68a8fee3ff4a872ff58f46f17b786fd03b98c02f5f64eb94c159408edd2245c93fadd217e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9e0d8075aa6aa8c3_0
| MD5 | 5a5bb91643372848dc9a972f3237fe11 |
| SHA1 | 5f1a10b28c372c15677d09880ef84bbad569956f |
| SHA256 | 5011d705243de810cf458d729969bd468985bc7cdcf1ba6177046ef44784b85e |
| SHA512 | f2340a0d9f0daf379eb370c88b5dba9002ef461d6cf037e11699e92931acbc1928ccdd64b383cd768b9333b4e05acea4af05fd366c9c3c3f2ae566380c387346 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\649f37259eb69927_0
| MD5 | 364bbb8fc0c0a327852c20d2a6c34a40 |
| SHA1 | 944055742a6f575ba366fd586c0c748b48b00fad |
| SHA256 | 41d60d274ef8048d0d3c4fbd4a7158eeabc2eacd60bd4b96c653fec13b9c9279 |
| SHA512 | e1af6042b3e0514f7338807756d54bb34ba769b95eb89b3a5367f0380c7853e3024eeef1c5792c17de97e132201c0bb61d604410537e321c05b59c855f6b2c18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\24cdaa6853b2698c_0
| MD5 | 36385d0feb3df63c66eace893059e56e |
| SHA1 | 222e3665336980e1a3a07cb5bfadd86dccdfded6 |
| SHA256 | 86eb0d372a1ac7a1687f8ca08b754fec9f05e5f2f1f5e3d6004836a841623e6b |
| SHA512 | f114f36903d8135d3929c48cb7ab44c108404ac5991b2a8e58365d4d7075a44a6798a801aca3aeaa6c1d20168e1e314e3d2f1b19549bd492aa9809d93a714158 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\40767c6ffa0c49cf_0
| MD5 | d99c65128dcec1dededcf3bd0f1bae52 |
| SHA1 | 82408d179c0068d2a6b87bea8408b5e450d0474e |
| SHA256 | 6924314e249449cdfc994b88b09c90be0a9b0435a6300f68988e75e5183eb9db |
| SHA512 | 0d80e81352a8204a2a981e8817e1a05f80954869cec115f67b481b77eddba77443189f753fb49226f8e893077cb58c677f74ab27d815e03351982f3137dd262d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc2959e97be7ccfd_0
| MD5 | a928bd9ed29454e4665646ba323f77ed |
| SHA1 | b9c953287135970b7c66d74cd6b46dfbc25b1a4b |
| SHA256 | c3745f1727c93adaee9984619436b197e7ac772ff73203a9427718f8eb1e7699 |
| SHA512 | 985f3b979365c00e715eaeefa135d97bc47bb332b59acf31cef57ef5634f4103612005211d2f38d0ac248899669f60f3f2f2f6ce644b72d9caa5a333647948b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae8cee3d41e64301_0
| MD5 | 545b72518917fea399715acd95bb722a |
| SHA1 | 3c1e5698a3a747926c03226474df43dd0610dfa0 |
| SHA256 | a1d4071ac9662225a1d1e69152f06b287ef53fce992f650245ef9b7d53a2df1d |
| SHA512 | d7fb9dfcf06f6ce5175600bcbb6f88803ebf3af5ce98ce36e3fb532f0b07dff96e11397a04fcdddaebf471a8a783b7e6a391f693248b6a3ed94ed3bda20ce1ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\768d0ac0ca872d49_0
| MD5 | 7a6f80d7bd6949eccb151e3a8545a5a3 |
| SHA1 | 121e19f151011e47cb0ea3808bb176a3016d9465 |
| SHA256 | 0bcca208a0bb682a60397933611155932ac9918e1f890606ceaa08af59450c80 |
| SHA512 | 779ce8b3cbf49f5034da79639e0e2d81fdbde288d861a608f4a9423168aac5d13798b5caf4590a04244ec893cf3817b60fa0dd72eed40351165b071317834408 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26dbab8f05a12756_0
| MD5 | 14fc0ee4336a7c37deb1532b1b6e53dd |
| SHA1 | 2e773990cea124b0636df7a1ba2eac7de2e12000 |
| SHA256 | 9ac8bbeec6822e3a3435ee8a688db91eed635073ff287a288395b26b020be5ff |
| SHA512 | 0c2fd1018bde89d2958ae60e317e7a3520ebd2694bbbbdbf6992407642ca9f277b9da8744df217517589426a6c469caf3a06cd17d045d4958d215e13dda68ed2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f6489cc8dc54adf2_0
| MD5 | 54cbea372819cab2e973eab70985e520 |
| SHA1 | 83bd2850c21927ab2e5a8d702ea96a2c6ca932e4 |
| SHA256 | 6a44e1d02656270f5a6352ab97368564fdf7125853bef7f6042186914330767b |
| SHA512 | 6b3dc7bf2e5242e9160a2b5f50c9e1849e329620387f2a3ddc697c21c386a10d4f9ff1f5535ab93eab3c99ba6d1cd54e4a0dcc09ea66d5ae3be5b5a2c715cb39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d953ca0d907d8d4e_0
| MD5 | c1ba4cfdf4fd1dc6399ddad4b4bf543c |
| SHA1 | 171f185b49b3d662664740afb9a7aff8a3e6d3ca |
| SHA256 | 65354914dec87cab282027ccf38eea0ace8a8a2002c7aa68d801c63803ec13cc |
| SHA512 | e4d41329185a931be20c228ba35fb930a99da7634c9790261f3d3910ece4d99775c3cf35ca854278bc4157087d30e4c67fd1636fbf080fcb847c683360342a35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f6c78cf3fac86745_0
| MD5 | 05f5ff340d4794b2d377a665e9b4aa49 |
| SHA1 | dc444e88fa009efef666c3155f067d1af2c440f6 |
| SHA256 | d2ab0349f22b999ff7cdaf474ba516a6497f399a4edfbc0de04d95ee188a2ca3 |
| SHA512 | 983453dd863b364761c28e855686120acf938d88b612f85608ce9e8c6293b8353582b53ac1bd2cf6b9df3cf0fe1e7d490de16b12d35e2074783c0d3b99552fd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86a0bdbc95144b1c_0
| MD5 | 604c4cf17a37808a99d809cb130460f7 |
| SHA1 | f1d7ec9c474bcd0db7a334ec9578d32d190a2e59 |
| SHA256 | 390d7ddbe6efd7860bfdbf35dbea9df60fcff88f6877a3911b8a7cd26d811e1b |
| SHA512 | d5794433011ea2e1159d5c4cfe463b35bee8f68d21a4d7187f6a11e64a94afc2069b25583291eec816bfefcd2af1fc7a4388cd01749a2efd599f35458d119ec4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f12b06a13b311b92_0
| MD5 | 2a69e599194bb1870480bc45de066cf2 |
| SHA1 | 940105729014077b4e4ecd625763d11cdedf66b2 |
| SHA256 | 1236a250f132d945a37533abdc8a4e97d4a587806d87f0534265368b99454822 |
| SHA512 | 08f97b02bcbc5bb6b4c8abe2bc63d0d9d40c0c9dc44fc65d06e92c06a428589df6b6f81a7f954d50f2cd04ce888646385b3dd17cc80bae0d59e1d47002f1bc71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\805c35efa5569e80_0
| MD5 | 3d796e89e9c34b400f444181f9df6f41 |
| SHA1 | 399825a1c72105c3ce4671e73a98ce4f634e91a4 |
| SHA256 | d991e065a5e1e5e2908a47a8146a9b564d5049218ec9977852cfbf1b2902afca |
| SHA512 | 55a6951726123da3f2830b6dcb856f6a067a1f96885814b9bf9a005adc06b0c77d3ed4cefde5894724d154f82f2073333fc92a29f85c05bc9c8bd1d2cda202b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e74b935bdd03c721_0
| MD5 | fc88dc085b4262724467ee167efdf674 |
| SHA1 | 4cc9cd41a3b2b4b7fa4067b00ae4314c07942427 |
| SHA256 | 39e98b4d2a24d6a55077ff7337300f1fad5c2d85dc7de878b6a78db2b1a79608 |
| SHA512 | 68888ca5d0c2d2b8d8f161a9875b2dee41fac64019adb1b6590a87ff58229e7bb1ac5e8d31b8c16d6773239a72c5787b729a00d10f482f26437ad36790969ba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3aa958c786f14702_0
| MD5 | 08cdcc6003fc5a5d9f1bb90e5c07317d |
| SHA1 | 9b6bc4aa6ca166b5d0c3f09a53f32b2614b536c7 |
| SHA256 | 45b8e4230021e8d57683b493af2bd13f6799e892d37ea1c22535664fcae9bbff |
| SHA512 | 46feb71dfaf151c6b56fe09fb270fa5cedf636b0bb790a7fca6f6c266538d1ded808d936132aab84fc0dc4a881faa75ccf837b518f7dd35b799936d70b55bc21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\314a6da9174dc877_0
| MD5 | 9c44caa658d3e45cf84906dbed5b6c8c |
| SHA1 | ca7c2acfba951d6125b756a9fa9733999442183e |
| SHA256 | 92026e479a9f10c6d8b9de91e3b84f166f123fb1d8889a584e319ded6205c9a9 |
| SHA512 | 17fa118c0601c0153375d5f1a044a3737b82b2954caee9624983701a466cbc0805518da0d695b7697a1640a6c85189337e22926d0d21ef05177ff8b039554bdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4989ea80024a51bd_0
| MD5 | 24c4a966d94e1906d9427f165b3c9fc7 |
| SHA1 | aa39562bdcfa2c641b41f79e6b02efb409c93c87 |
| SHA256 | 1125a0592fc917482cd97d6973dac34ea6003ddcb1d57f2854f04b096ff0ff7e |
| SHA512 | 19608b59e8f664ec6619d9983fafaeab6fdbf8b6a307b5fb99c18858347c7712eb75525e1acb2fdec26aeaea83c0c6dc2a9f4a1eaf5977bead80e5d358f062a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37609d620b8038ac_0
| MD5 | 33f0bdecdc68639cad77d8e2f4fd530d |
| SHA1 | 38d2b78d53e36f2b49b2a2eaa08ccf769a4586ca |
| SHA256 | c43c78b86be090b17d47113ec395c12c6a3afb87e1d97001936e6ac27564b5a2 |
| SHA512 | 01c8b5111b8c6f6a794539aebb8a223fc0b2cfa3ade10ab04b2b9d7cd11a49b6799d8d0979b1cc17b63b942030f00a900fafb0adc931dd06b6d282be63ca83e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5f8a510fda97114_0
| MD5 | 2b17609918b9583da1623807624b261f |
| SHA1 | e137d426e6ed4bc7636a30a66314693fbe08fc8e |
| SHA256 | 5e01569ffe1d0c6ee70a9b4e4f9c04bdf5fd60da2d6c832d4615b534f201d4fd |
| SHA512 | a8b6aad6f54802deff49a113a5c766516f10ae4f40ec04794c3da6efb3cd31cbf340a686e17f68613f9a40c8f84af51c7a9a93548204b944546402d352ee2cac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a806f27d066581ec_0
| MD5 | 2cc8c642a4b1220ed7dabdd7752fb5ce |
| SHA1 | e64adf644f5e2ea3b3c014c9f2707af1598c1611 |
| SHA256 | 1737ac41325923149e4949d53297e987ed2cb8503909e529dec3ab8d0ea2c6bf |
| SHA512 | c1ae15de3fa803f22945808847f0655e99baef127c6b946b03837d4e47dec5fc9762f54162a384d4307915e54b2ffbffd0453fd1bf0a59b25f8152dad26067e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b152b3f51c1ab150_0
| MD5 | 9bd5845c26b099e792e8012b6404912d |
| SHA1 | 09fdfe572312a3ff80d6840dd337ca46b8ed2c7c |
| SHA256 | aa9d12d3c4d6026acbdad0ba5d43436ae20bf0797c6f0ce9bc846cba0b1f7550 |
| SHA512 | 581cdef3b53ca30495691adebca4180219069fd1d39dfb1eab61afb3129c92527a61d896e34e950c9d29eb124313bce1c1cf0f23c950d6cb37b05f52238ce57c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3407e3dcd0870f4a_0
| MD5 | b898b2a1e18efccb7bff4b725f6ced1e |
| SHA1 | 2feca0fae4c2b2e16f832c5b480974994c1337cf |
| SHA256 | fe0f45fa90e05c6c3b78adbe47aab52d961f32ef41bf0eeb32e6202d03142251 |
| SHA512 | 7b9a9648d5011cb8bc5df4cc3e8c5cfb5db2ae44c4f732519525bdb9042885125b0f9d78c6cbf1cb40fab558539a730a430e8e6dbb300d82eda9248c088395e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\45d946099acc6255_0
| MD5 | 0aafed39cb956195f33162e08cf59f1a |
| SHA1 | 3c26d29d2ab895d744109d68307a420ac3ad1fbd |
| SHA256 | c271a7f47831ea06c8be162eab9e30639d67a1cd0694e74b2fd99233d222c8b2 |
| SHA512 | ac15c2879c8d56d93ab0c221b75cf6bc7fc14c7a591584f28774277c7de47451703fc766d662506ad592b8be69fe11e76c3d3d105e9f2970c140420b71b9cc61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54196d5272057691_0
| MD5 | 0437beee1f9b265b87cc05e317a1ce70 |
| SHA1 | 13029c4f5d43b393f18b9e8f443b5e06c6487b1a |
| SHA256 | 2501bfaca53d2f9b7e010bccae0c64fa1ef3c23fe04d719751d188441afdc363 |
| SHA512 | 12025b7b304535bf8dfbc8293df0c113c9a1176e22d160b599faeca5b523dc5e17c1c21767ef2b35627463fac2f26d07273a865d01533315936ca495f62e64ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe7b359c88c9fdf9_0
| MD5 | 4b84faaf29ee515bd8509c98b139c51d |
| SHA1 | 010fff1faafe7c70981f3f4d90a445e411843b2f |
| SHA256 | 891262464929db84ed018f71cb2a56c333b93f7dc67615ec965f3a899f48f697 |
| SHA512 | 3cf108c5f58f2a72cdae60c0a89cef908467ba1a993770625ab8ef0ded5510675bc1585d0106194a19bace1749b084ba84bc61031ec002609afc872c260cd85f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eec32983753c5188_0
| MD5 | 122251c0bd93314b3eb7c2f31e596573 |
| SHA1 | 5152be876aa4f10f3b9524966f9acff15da3d9b8 |
| SHA256 | 9742e6f98e5ad06f9b53edc26a83d6296a3f854c35f672fa3c680994aa318df7 |
| SHA512 | 271a4a5f94113a562dea4a641fb4867ceab42f17bfb728e011ad1dfcb042e2eda25754c3fdcc99934c00410e59064e2347b268c671ff72533eae76ac09492da9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1419be765a8d2f01_0
| MD5 | d53caf428ef1a4de178289af0c941294 |
| SHA1 | 2706118583678050f7f7663403b70807b10eac7a |
| SHA256 | 89682cb5b7cadb83fdfeae20dbee0d52c8a3f311b810b5f2ede7de8960aa0847 |
| SHA512 | 8d024817c9eaff56b2160de318347675bf6ab80343f36fd6ec65687e896192055a69aa27145f783d0db7e0e2e7495558cc49e31e697fbe6507996aa82e1f9489 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2fb6ea7a9af17fa_0
| MD5 | 547efa1191e346adcd742e3aba371fa9 |
| SHA1 | 963a337b0781d13c87fb0cffcd7e8d0ba74a61f6 |
| SHA256 | d5763d75deded737e72d2ef4beebc3e426397c918a76fac50304f6764890d950 |
| SHA512 | bb656b31de80386f3b3607028d62f3727c446e31d98c65650dfb0cd2b7dedadff1354075a7e10453ccf6eb157f13a71bacb76043e556b634cbd45d2219c9f4a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f371ccd6420a488f_0
| MD5 | 042183608add7387fbbce2356d3fae14 |
| SHA1 | 18c5970b5d0eedbb21d5af85c313e109e35e9103 |
| SHA256 | e099a2f1b7de7bdce4db80047548994b78a11695566ac6c30003dad165fcbdd1 |
| SHA512 | d47741ab08ca1002065bebea4996d3093a3b0a3a08ab4ee7624645399bb1b042182a20ea6058a53a892af49be902675e9608d1d8de5e93e0978f350f2ca58ba7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\552a12cb094eeaf4_0
| MD5 | 380f563f2557631ef819dbe525ea652b |
| SHA1 | 8a36393ee2a0dac34359fb7aa37bc3318487bee5 |
| SHA256 | 916f0c223f6cb15f7e05a228933e3c0941c5ae21abdfafbeff8756010bf630f6 |
| SHA512 | e5dfb42db998e5ec8a98f4439647c9eea4f6e99b19cdcbc9f8869e3c47a2cdd57e9d3822b8b71a060f5d04a038be93e155101e5a39a08381eb4cb1553f0ac6a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b266af0113d70fea_0
| MD5 | 65360c0156a337bfe4df84c07301da46 |
| SHA1 | 4ca18e350a4735148114c789c775996d011c9dde |
| SHA256 | 32b9bef0aafad931ec57fce239340e4967b889b417395a1aa667be8929ecb450 |
| SHA512 | 90da9415cf268566555855f5b37d9df2d77c247598a10ec4d0fbf40d857ae7c469121991bf9ee6a7e5f637b9e5bf3d7fcaa9790ca82517358722e6d189aafbef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\73d9e8e69683a5bc_0
| MD5 | 8bda43a026b75f6e63566f1b5b26b8bb |
| SHA1 | 7206daa8d8849a59f1c2f368c70f5104880abc21 |
| SHA256 | d3d9de8b976e775b86d4128a5c671d31966e407207387a1f1743cd8fbc6fd21c |
| SHA512 | 59a8328444214138a774c33b831381c339de4e13b1f63b1d5528a1dd30d91415692ceb89a2a064d0095395260b03ba7c5ff894c345bb583b167aa0eab15ce76e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc48d455a0beb0bb_0
| MD5 | f79a9106b3eed78aa008cec83acd6f2e |
| SHA1 | fe07383e624cbdd54a2d25a4bc0ce9f1e44328ab |
| SHA256 | 098cfd2c95d9049b3b6bb1f1be9fc1347e8f40c0fdc68479d0c82b23bd0d195e |
| SHA512 | e79297e59cab6ac240588767d01e943b84e5866580e2dd38a6e618bf5f19154e603d74571158f82284d407652485a8cd44b4c3fc8f41e47658fdf5b144488d61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5602e955a2a3314_0
| MD5 | 55e27ac04a7677ecaefe78d853a6c8ca |
| SHA1 | 0eddebceaac7f66f1fc1a4365a74720bc3da175a |
| SHA256 | 233fbbb3c583dea31f055a1d1797cf23d55f641ddb299a2e22d5beec7a48c948 |
| SHA512 | e633333f47f18a3336e47a02b0d729ded5cdb9a123d5a3203c295047977fdc759d7d29a9885c9679fb3e5a9d478ab523feb003e55b8b45acc3fd86e7c3155e98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e418840422ed73c_0
| MD5 | 0347cb16c2711eb0c39b349b991c4b4a |
| SHA1 | 65581e6574717081df6c795199f09bacdd3da933 |
| SHA256 | faccb52b3862f90d877761eace7639415e1c11074f90f3f7dd0b5f63222dc574 |
| SHA512 | 16f909cf89491c400b7ef5eb05a011a195699050068a0dc7211c5f8281f7d5295228e6ae98ebe9da3c6ced128a39ec76d2d582ec369d56f72032d51ee34b4e79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
| MD5 | 7525eb7aa22001b97867802c8f4f7bf5 |
| SHA1 | 310052312d37e6691455805436126167de70fd7d |
| SHA256 | d04a76912e0c936eff8579f4957d4b6322feb0be044b40bb9596a8cbeb2916b9 |
| SHA512 | 8f387009dbd1840469859ba9d5f36f038d8280d8d3838f2fd8d4e244b1b489aa348d0cea956ab1d3f235f88f434a32d11fb7360ac0acf2ac4b317088a85d31f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc3313f44f5eeecc_0
| MD5 | 42c7dd5a7059508fc041e74b8dfd7f39 |
| SHA1 | 6d3a110bd12a4f4d5bf08e4160f4c470996da403 |
| SHA256 | a484fded9d5c1234722d242f6996d98adb6db0814c72a17a29fb4e848f4859b9 |
| SHA512 | 425b93d63613f9207d0bcb107b5734891adf1ed268ff9287acba75e49fd247441c336d17a4ed6519ee709dc071b479c292de0035a5a31632185d39b016ac687b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9416ae9ef2a04ed490ec57c1cf13e6aa |
| SHA1 | d6691f4dee721ac9f43c90d305d512a7872cf9da |
| SHA256 | 0325aed34b7815d81acd46e0ecd4578f85db4f418d6198b18efef7deb719f3e3 |
| SHA512 | fa52e88662b8f114987810d91d2ad126ce52e6b31a8380d7ef228cc0c2704c15ed2d6e75996a9bfb7f3e192e0f404a7f798b9649f13ef56b4129e4ccf9dc9098 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fce33752ce894bf29e0bc12ea6391a80 |
| SHA1 | bd98551c8f87fbd26b51c8a3d7d4ec2ee30a2a34 |
| SHA256 | 53b088a5f4caf34333aa9ca0549a03d6295e93f461e127bb134351bde66c4ef4 |
| SHA512 | 617dba69a83984675aa69960346304aaa79940be683a2abb03b9cd4754f3ecebbf5a9363c476e463e4a47026e69c26b7a06f99dbc01d7aae94767871e479dbe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a5f36060beb3a78ecdc00d93c3b6125 |
| SHA1 | 2846321bbad762f526f83b04ebfe8c5472d9f615 |
| SHA256 | 49a011938c6b5bd6a954c1444efff8b651079843fc2b95cef91e0ce306577a55 |
| SHA512 | 580ac43182e435a00f3db4be01dfa85c36952fe2b8faddb25dd600d793b3e7f175268c5f269f22c1c2c6a6570c3a2bafb535fc2132d135f2debae8d8da4978c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c8543dedcb7ccd1_0
| MD5 | 452bf52c575235ba0a5f6dc1f0e9406c |
| SHA1 | 84176c7c351f5abfe0ad4bcca459c93f6a0d6214 |
| SHA256 | 809e6471d1e5647023a642f1b3d9e0e98cb8fdd38799b03cb64f50b48ce74b48 |
| SHA512 | e167e7c3e3bcff130602318e0b0fc75c918127ed72653b821ba2704a0598c46f4376ebdc5c1dd97652f22a33f263324563d382e0b277f51fd65b155e8668a12f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe8e3d9aacf1a70b_0
| MD5 | 574a55cf88a607f289d9f9eda4d4c431 |
| SHA1 | b8e652c77d9ee27571a23c7520a6f03462975570 |
| SHA256 | 4ef4ddc07a09169b7d7c17c646fe0e97072320d92775a62b5bcabe1ee95c82a7 |
| SHA512 | 1ce0cdf101341928bd174fed09a9d48d77adbef1c8f020a0d6013f2ad4d20048c4b4c71d83436223c5c02a5a179284de73232bdf37b5d2cd9bea77a7e31f73bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a58397873cfc208_0
| MD5 | 644d8423e01c4bb3c9e82a598f681972 |
| SHA1 | 33287642ff47b9a6bbd6abc00a52f0574237cc0f |
| SHA256 | 96f585617a6a92eac247e3857bdd719d22a3bbed3fe7690796af3ce5c16a6040 |
| SHA512 | 147541563e706a159ad42f78b980f01abad1c7f49b8d2a040de743a3fd7eb70b49eefb4154e95b802659eb27480f2cfacd4860a94036177f63c1d1b3d16c6239 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54d038a883eb59dd_0
| MD5 | bd70b95e84db9afdbe4db6084e988ab7 |
| SHA1 | b281ba8926de8edb142d22ce5bdcd73065c84a76 |
| SHA256 | 22b25cb24cf52d1104daa13e6bcfce270521a33658c5f26cfc1ade80231d1277 |
| SHA512 | 87d2ac254658ebd192bcfc6956b9945155e87c98ac36c4f9d773b8a8b963030cd6313c418970ab7da8aa0363b560b6141883e0c13ea2114ec30c10f379dc0ad2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9eef8b1beb817a84_0
| MD5 | 1752a02d56e2eeb9cc3c57c000d381f7 |
| SHA1 | b94fd700f7522b7ee141752f33535376db62cd10 |
| SHA256 | 3badad00f303fd9fccf681e44b99ae7014f8ff979a601a4673ca5ecf36462336 |
| SHA512 | 4cc376aa218285c862f43c9008bdc990b7f99500b6c5c2ebaad6c0f83287eee40d8758323a99631db91ac665ad4832b1f2051e291f8f29e7dea114c00ab86d46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3edbda3bfef82063_0
| MD5 | cded93c995b6fb723a48e58677edbdb4 |
| SHA1 | 0c625a43b247d8770ca4c9d61e0c476b997b054d |
| SHA256 | 2fc2aa88b2d865d29798cc0d4e3c59b790fdf3b03a44a65a91bf66366af318d9 |
| SHA512 | 4a8ee31340c0187b416161704831b54ff8735211e91ce537f18a759c12fcce8142cc7d6743bbae5c703820c363f175dbc145d469ee8bd9da69dbe1ce703c588d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fced96f09aaa6ac1_0
| MD5 | 219b4ca88ec6c00ca814f817cd45638e |
| SHA1 | 5a7711f5cafd9051506a5e8eb4782f04d86c7faa |
| SHA256 | 0d9783db16b57876376d1ffd68ce826047a31d8c10eed9f50b7ce4a523735c57 |
| SHA512 | 9ae5ec1736ac4f6df9465f47774216822740d2bbebbc0b9cb83920743958647ed2940ff11f68a94bb3e43d98656830540a68436a6ee26e9dd269621f3f781014 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc4a4ed98af7ee65_0
| MD5 | b0c598e9f32462747f15ce18ba7fe2a0 |
| SHA1 | 0bbd9bff7eedd0db59034d345efcedfbc1700e09 |
| SHA256 | 6e8f00602cbb5a45d45d64d32d05725703e7b5681fe2eb45fb0053b3db4c3c44 |
| SHA512 | 58b2e2a6d7e9b2f809393c440230e8e3fa8cbc4811509218f96e53ca062ee37094525291606edc14490135f2dca3136debaa458388a93ca243cada0cbf719652 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bfb894b35507e8e5_0
| MD5 | 151b3f4cdd40149c518204096a4afd54 |
| SHA1 | 6cf0907c3d9449b0b855c74df78bc949e61f3fc0 |
| SHA256 | 4edf16d07aef74badc809e253501ba03973b768df22d8bd05bfe4cdd215a7388 |
| SHA512 | bb1844cceedd0db345cde189e7ec33e45003ae827c8065c90d228fa359dd236655ff8b78d958658cb8a1dffc03c6bd10c1ce9703614e186f22e8855ba5973f48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7dc6a9ea4018e098_0
| MD5 | ea1f0ebcec5e0232fd38c21eeec56489 |
| SHA1 | 24cf3964b60cd963665dd7f6ccd65a979ddb6303 |
| SHA256 | a0634be3aac9a7898531eb3cff307579d0b6559ab725ccf3087e2fbfff788cc0 |
| SHA512 | 18ae66f3ab8cc35d77842380c45dc04983c08128112d517e1f6c87c505181649192c122f232d0704c1a610b1b2c89729df2adc7d80195ca3ad47ec41c52a277b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08cd4f688689d170_0
| MD5 | edf3806148d97d17b736aefa2cc5ea22 |
| SHA1 | 700e6aa5c161d37dfdd79dc0e9df3ee916de5f99 |
| SHA256 | c59220a0f65d4d60ae8565c4aaafe6a811dc33bfd47d425a3c00ca90bee063dc |
| SHA512 | 102bf3a9bf85405d6625d18f26134a6f0cd43aec8a1f28d913f7353d085987bdd55a217274a7c8254bfeca7fcb469983f24b9ce0b911c9748c1f7a1102b11481 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5c0b0d2ff0cad95_0
| MD5 | a3ed3391897c67b5dcb92855fd2c2359 |
| SHA1 | 252c1e451fd77b536574a06b755792d0d55b5e94 |
| SHA256 | 9ad5a6881931e386d8abfae117720fbaf1bbcb8beeb2f1236f8924c33457d544 |
| SHA512 | 0482680631671479888168767e6392bb1260e1ee814e75e41c86b053992a569c4504901f22ef1f30a2dcce160111e5ce5c0699431b481a44ff62f94f76e4cb15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a547ec6516a38003_0
| MD5 | 0698df6147e2292171dd2d4213995cb7 |
| SHA1 | 719f524dc103f1765b779088810a4cc95b0f8083 |
| SHA256 | ba9b98e41b3e98c61d63c0a0141273dd497f45a859f7129ffa56daf91f87486a |
| SHA512 | dd7c175863d58063f8f93f3e9a66b55fae54e634f9c70680c98e2592dadcaa122ea47c33bb938a9c36edff6d6c4cffeea3309b5049afd1b66ccd891a673ffed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\5161c5160b36c2e1_1
| MD5 | 152a122371f9866979151c25240e8355 |
| SHA1 | 1de095c3f42e0c649f4d66d6d5cea0d7a0600a8f |
| SHA256 | 8a1e24c471b82cbf2162e8035bca37e30135eb5e43044e8a754ee93bfbfb6009 |
| SHA512 | e18cb40fad328ca3a42f84758ee359e0adf1c8db6ae539ab6d2323ee6488621e10114e7626dfaaa00c89e89047570fea9761986356b3d91676f39da8c9474a75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\5161c5160b36c2e1_0
| MD5 | f8fdb3668c49791ee09f9cc666207c7b |
| SHA1 | 6fcf1562e2e93468e2a2e19404f7d794cf8134f3 |
| SHA256 | 06c0d756da5bce3de5bbacbaee62cd7e62e6511af8abb592df04b187c3e0b522 |
| SHA512 | a057668c4d6d824457b9937801643bd3f27ed2213760da26b09b1bb9342e52a766def75eaf9308da0d12d248a55c8299cabcc7fa617467dfb4dd183d495c7d1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 934bab029acf6fd17575619cf313d136 |
| SHA1 | acff4b548b59cc299bc5be55cc28b9d1c438924c |
| SHA256 | 028d09acdf538b18e6718e7c83c237a044bd4ee3083704d248bf96d817baccbe |
| SHA512 | a36d0e7ba21a42ed28ef630e5019a95af411d0a214b752223bca7fbe07e7f033735e26ab8f26f8280618006dd4723b8acda2274da4d5d1bc3deab0b5a34b4b1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\a22f60bf849781e0_1
| MD5 | 1f6e3effd91d99b88b6df511444b84ec |
| SHA1 | e32d958547bed82e3f0fbacca10228f13f186576 |
| SHA256 | 238b05e5d217fad8fd8146b4396a2f16b75e82649b593e5323f0ea90ea2b501a |
| SHA512 | 0f6b8e4bbd4af08d84c0e2d298b9ddbd99d9e4c70745be843221415d2abbfb9f9833287c7644c5400d200c33d3ff24cc414542157eb7ff83afd0f071b58cd9c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\066ab160-7b5d-40f8-9497-f1d754ff6809\a22f60bf849781e0_0
| MD5 | d2fab7e83dfa149e0b3c5807e3bec5d1 |
| SHA1 | 7ce37d5c96985d22281b519644613aec9fbbc372 |
| SHA256 | f5270c24f23b0364c09b2ffdaad6d6ab2ecbf83c598c57b3e3e0a3b40bb4e36a |
| SHA512 | fc7a7af73f462e4df7d4f31445a67eced3655009eeb07c2ee24937880c1b067534bd0e73dbf844879551ab78a542c8a69427bdf7a4f97d5002b97837f141a42b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7dd80eae6368c36fc2ff36be28545426 |
| SHA1 | c379ba7fe928906c3086d50d04444178cb995e03 |
| SHA256 | 3a1f4dbb50c1703c7651172618290c1d739d45a3c772cfd55ccc73c086b4c262 |
| SHA512 | 9221e3bfad4395413909dc8cca3272efadc525090bb97b8569dcdeded1ee58844b7c78d096615971622cea20c90d7e769f9795e9c2ee4c89043e11e7953931f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f245eebd77a9c2fc31268f7f5e17c185 |
| SHA1 | 1af43d23e37c6d22e2dde0375f90bdb76f21ff28 |
| SHA256 | 4fe6fb57650431520721c23c16fd41363e38fa203a5332b613cefbfec8923f2d |
| SHA512 | 975d9b1f75784779f25f434134eb45f9152a5c6611478000a42a564819abef6469e4d1a9a7f43486e8cfdbb940d54a6233db69695856fb05d04dd495b0ebacf2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | f24dcfc59af046f6fd399fe5827eb143 |
| SHA1 | c71d8f21c84f11da9dda55832317e5fe287827f1 |
| SHA256 | 7e0bd8f2fbc381400f183a19167959ee4c0d7f37a9395b637fe8a7f8857ce14d |
| SHA512 | 731d430b08e722667c863e5b642af331104b8b11032f00b98a049d9add90a588e47809e24cbb83a6cafcd6891424583ad11dc3fb84d2aa93bbeeb62139fddd57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a2ff5e093b4af4a80397721e6990399f |
| SHA1 | 6943de39d8ef2337b07cbe5b58617227aa147989 |
| SHA256 | ba2192453e0e60cabdd5e8da165f7cc250d024f4a4168f0218fe859702f8b057 |
| SHA512 | 64033a602f36f6f6dec3f9db9ebff8e378377e9fb893880bb613e160b96c036b295b1e5886f4ccd873a0a16ed2aa484744c7f750e7f0887f09fe4f4ccfbca8c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aaf23e398feabc2b3d836e8ee957ddb7 |
| SHA1 | c288bd5ee0d0c4592cef4e03cef5b088de85dfc7 |
| SHA256 | 432cba96d97d0093150310b6d1d5fcaa7afc5c5bd1ada3ad66e7a5852393e4de |
| SHA512 | abdc0bd7cdcd315a9f69e9f59ff300082c78819d7c9229aa9467c10f343fdb12c18c289f2c8be7d835ec61ec328cb22d164412388e443fe832f375793088c056 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2b05aa52-e2d7-4129-9010-efa176c6fa24\index-dir\the-real-index
| MD5 | c9472325b7c175e580608e0b4eca295b |
| SHA1 | a6fcd1cf41c458d6fc0cb9ccbf5d52c8c49605f8 |
| SHA256 | fde10b66fce2514d6d5a2707e1955b59dc7f304f8c0b430f46ffcc4a19fbfeca |
| SHA512 | dd86d500bc07a4722f46ef8f1880e1dc1745df0fc4042dbf4f259c9e8007802c9f3398220d387eb81558c7d725e99f5c23f14888b35decc3e0e8c70a9c3df54c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e3fd22c18a079cde3865856dcfa14bd7 |
| SHA1 | 8140b5ac654f9fcddfa9064b44f092547715745f |
| SHA256 | 2b477260a1debf7e6d2a84b2eccc3f39d09091ce2145435f84d4e7973b1ce74d |
| SHA512 | c3830e1d0a9f63f668d52bc0edbd0f2c968443828612db3c3b046d13429eb350d0472fdc95f18c2ac0cb5d0f735173b54b18777e9560762d088e46bd97f4da98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff15492e2501c385_0
| MD5 | 633b10952319efbe69fc3349eadeacd6 |
| SHA1 | b0a1f7b0acdbaf9c4fac6b7e6e7dfe6ea8c00020 |
| SHA256 | 5e59ba98b3a92c121ed8d366bdf35bc0283a05a3e13f303e4e2d4e9e232a73ca |
| SHA512 | e28a9e3d39cfe60a3e075439fc8052f5d59ba2b4bcb776960ed254bb506e941746bd587144ecebc27434649adea31e953f8ec8f66bf3d736411ad3ba37308720 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f1c2624396b8035d_0
| MD5 | c0c49310233e1e22aa3044368dbcf539 |
| SHA1 | 06c0df28ca3bfe21a14a30b6514cc6ba2d1b604a |
| SHA256 | 272f93f3be2a90a140077fc2db9254f86d5c35cea3f8bb814f9e6d56ede5d99a |
| SHA512 | d298b716eaf123551e17b527bb3d9a17acd33ebf63f2d54b77766206cb6fe8aea1295225f6b1b1f82d99c609264139b3df67e541794bb221856bd686a6573167 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\866d1a1c07367a14_0
| MD5 | 914f7d949f58003c21c0b17b99bd0e8f |
| SHA1 | 94aee16bcca8a5cf893e7f8c63f04e73571275ad |
| SHA256 | 755d5315e3599b7bab0cb16c395b2120ed56555e2189a3470e0d642e79eef11b |
| SHA512 | ac81fc54ca08c8731b4198e15f9918277679329c03a0c726785c976b997fc105c1a01e24585ce451eb978a628282da81a20545910ab2936b8a0ba1f57504b03c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\180e414f012d8ae3_0
| MD5 | 835e69f504e024d379eefbd884f941d0 |
| SHA1 | 1201d0b26bd45807a0b8569ea7d1f26d95172808 |
| SHA256 | 6f217b79c411458d1630f67f28211af923cbd3567353309952818f4341b1de2f |
| SHA512 | d33005386c9111640c8d5ce06cbed1081888a501d630f183cf8fac31deb2e62ff87d7ddfb4b313b3b0f2ed6c4f59491c8d8ead3373ddb19b12f21cb95518eaff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c3dc5771737ff140_0
| MD5 | 5c367d8b8101b7b7887047dd367f89a2 |
| SHA1 | e153fe2d211491b40e2323a6eea622315e7257fe |
| SHA256 | 0bdc8d9682c539463b5c8185edb63a28da5e78cd7928e44d8d9c1be47de6ed96 |
| SHA512 | dabb776ba28542f7aedf8456862aad4ea0e16a5bb1ada4243a382656e15c0ff5bed947e098c2020beb58c1937ff9387bb9c4ac7b578ff08ab8f0a317cfc5e5bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\44a8c54881110883_0
| MD5 | 6918c9c741809fadeeede8f55cd252ec |
| SHA1 | 4ffe3a9580f87e3e82dacf1494324e7b46ddeaea |
| SHA256 | 07f0a27a6e416b180aa3be8973648bc7e23a445e9365f8591b941c2e190b9001 |
| SHA512 | 64841b425b330977201a885e6ad61c0136cacb6fcaf6b7180ad1e1d6730f39af917e22f1fff9a53eb644987433e162ac17badcab8aba011a22812bc2a6fdc5a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\131a5e9a753107fa_0
| MD5 | 622b466425e2b15045899b952bfab09f |
| SHA1 | 41186392a2429f819edc20785229c43b2f3550ba |
| SHA256 | 36847397a1060ab5076b29c5244a3fddfc3961a5f57655d0ec1b8144173c1d4a |
| SHA512 | 776dccea8f31b470c1d8e2b74bec06ef40657110b88e3e12ee4740f7202ff9cd99a4f7450301d788a84bc0a61986f9b3a5720075ef58168483ac1514ce13b8ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df3e92c2887bcdc6_0
| MD5 | cecc7ff7c286fd2872f23f60b3d27b39 |
| SHA1 | 1facc5bb02f186779f5c2a921c845449e633137e |
| SHA256 | c749e0c185c268805bd88ab479531c2fd9ee575bf96954d919ce061d5112c9e9 |
| SHA512 | a764c555f6a6f30f6f28fa3ddfcdbe760b60d797c7ed6e0f65c9dc6607c1c9366cca915abb8b52bef83d4d78e9e478bd27a07392202cae566467fbf1645486fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d03777efc027e783_0
| MD5 | 8829b9d8cf6767cfa9acdc6bf0fb7110 |
| SHA1 | 3c6ea76a93d72af41aad8e3bbb59011a7f6943ad |
| SHA256 | 45cdedcde0a73280b3e56469763b019a572b1219120c5a91db89f09048961c0c |
| SHA512 | 20f289a612a20b21c48c81a0a3574ffbe2579ccca04795459bbfaf3c61de9ca46e12fba496314900129abd64845f48b0b72d028bb78c5b49f21bae7c7bc78378 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a71e9ece752481d5_0
| MD5 | 3b02f87ff8f159a46b572692b985c2ca |
| SHA1 | 2ed516e4bbb4ac8a7f054c38cede38b05ba446c3 |
| SHA256 | 60892a5907befc4a0b9af4005b925d2ece1161e5403b073d75797e9a7def9eb4 |
| SHA512 | 3bbe0edc02580ec9da5dc8d9165a1d1e66cd95f3ae4ed9a335ae41d38db26bf3192ab392c107928a0736297938fe194d87323b815ad085c038cdc6dcfd519152 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3081bce229f0e1ad_0
| MD5 | 5c10f89902f45c7b605cdd497ef87b0d |
| SHA1 | 782efa029e536444213a71eee5fa99cd10e72e7d |
| SHA256 | 4a20fd06125407cb14e94111bfee612e8a94173db44be0d28ef801c9f4fcde79 |
| SHA512 | d84b0efe3519b5319c06e82b694f8ff54b53d8d58b8cb2506727f415a801e971674b7d9df62af196c22fa4c54e356efe1632e510acc8e32143436553d1086bc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2cc8def211f5cb99_0
| MD5 | 1d2ccc751986f841c972d8c051567cfb |
| SHA1 | 38707dc3b80e2e78e00d1e3c1230785b1b77afec |
| SHA256 | 1123dbdf41f0b4642b0e55fb7e2728f6e285044af4627bdd06b189c9c614f2d6 |
| SHA512 | 44e3f2bf1eb02760e082329c2f6919807b0be60c81e7a830e39a8e9a00323751e519a53fbaa427ffb535b49cab1ffdb89dfbaabbba474ba56f1a3e56a1cac487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\16ea6d372016dc60_0
| MD5 | 137d055744c53951b94d870b66ac4074 |
| SHA1 | 43b9752e509d9fc8dce839f72afb20ed9ea2f385 |
| SHA256 | 5d5359e26b0b5bfabc4f80bbd0612eff0826311750de84d5e2c148735796568c |
| SHA512 | 1a577a1204f97f00db432311248dc9a0e3d6d2dba9b5a12984f4befc0ad7dffc27d46e78e5feb4959ddcbdfbf81d0177b21eb421264f9b3ccccf61273bc46afc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6171badf8efae0f6_0
| MD5 | b3826b6e467930ddc0e39f4d9d1a2da5 |
| SHA1 | 6998ec173a6c12859c446f7406dce6904eda2542 |
| SHA256 | 2ec4aa8d6542dcdcc30299a572fbe117c3e8b1db3f638d44b522202708b74c10 |
| SHA512 | a5cbe1497d3e82b3130ba36f6020c68b311ea7d8a5178d910919e869e3428d82021f4b1715ec9e230ccd2f0d1e3fd63b29af16bf47b1a44e2c7b76500e542874 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc60c56ea6e9abfa_0
| MD5 | 0f68216cdd128204581510f102111805 |
| SHA1 | 560fcda7319bc65dada595a9fe1f8162ac948e86 |
| SHA256 | bcfab1d998d76cd70d413936e413890c6bf234c2ebc4bc5f6adca2d5414393f4 |
| SHA512 | 50d4b5b146c3de12a82aa4ad507f7cb24f212b846541590de262777875eeeb85c02b00a016ae3c2ce60fe126373e8d256c610cd30e3e6866982578ee471e8202 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5dacef874625585_0
| MD5 | 7517cb7255a6f76cb3d89cd87cb55b06 |
| SHA1 | b77a4d65d05bdc41d088de7ef5949dec1b7f33e6 |
| SHA256 | 4ab8ba0c3b5204c16442e7d2e136d846d7bfd71bec53fd0be7e295a8d3da0858 |
| SHA512 | 53885864f5cdf31672938c28dc638a3169af8c38964f9f0e7f741eda6959c966ccfaf829b6ebe54d98b53a7300cc229577b6f714728580936951032e74065656 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd83317242c6fbc8_0
| MD5 | 3cbe12ebad19b9620ba371576ec2f4c0 |
| SHA1 | 355039615494f43fda989c04680496025896ad80 |
| SHA256 | eb6a75696b231f4da9f1682d129d26447213358b0869ea695831488f499b8df5 |
| SHA512 | 89f45f5ffb916934d35c663afc2a379a62027db155502230d0a3e019d1b23143938f8651a52a9f783fee9ab11aba81bf66f32c792a3574c4a98837429e560a8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d6c75e9c1c132384_0
| MD5 | 8b61579ba79f39ebadc55e9b660716d3 |
| SHA1 | b0c6959d8f8f61b69285c606cf490574c48dccbc |
| SHA256 | 091c1268f1db20d6611137468a500b416359eadfea63857328854fc10de6f802 |
| SHA512 | 80327ccb041763dbb989c9c1f8f876bb739353a40da474d7333ace1c16b6c9843e7db2e4081d5078638aac82fa0421c9f30d30917001aae44318594d5e2b8755 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b7543a157d35eb3_0
| MD5 | 93ebdc89a79793d7631509be91fd003e |
| SHA1 | 9063d948acb754c8f0e65e6d4d89c810cac6bc3c |
| SHA256 | 4dcc2b63e7f23a7af40b51306537e09fc700d580bd0cf3ded3d9f59691fe4717 |
| SHA512 | 6a18c23d064fce36e43d29150f63326f78db5b39b9d4ec2191bebe62ef5626998e920b5a00a490abada5603b9fe290433237a4d077e465a61e78f47d4c1f0da8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a9c3979a06a067b95cf5cc314246776f |
| SHA1 | 91f531605e13c5e723f071e85f4e8e50a07f1367 |
| SHA256 | 09ee6a204d191a1f2580d6308926df151ec0b31f46bdf948b62547b6f9fec69d |
| SHA512 | 01c04c4e234626e0780b515367ebbceed1943bd8cc92f32859d3ecd521a311518a7c6272946685d2bcfced66e883a2fa63467f8037d7be801996f8b58fd6670f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ef0c4404d417f8534da686a98044fdf2 |
| SHA1 | 3415cc11976bb11229a874a0bf644777285a292f |
| SHA256 | 968aed29327dcfc306c45f8bbedecbb99aba77aa26085b96a5af4fec50029a58 |
| SHA512 | ae52f7e87bd004d89b2f2559e66ebe7eefcf218270face5930e1c2db1ff0119d8841455743d668be7881f7debb85b7ef6b66b92e74d4fa32c1c241aaa44af420 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 46b445bc73058d57a940740ed7b507d9 |
| SHA1 | 5e69ca375009e3b34f5ad9ebf73f1c08524b8ad3 |
| SHA256 | 0fa5976316f974481586fcf5a904cafaf72ca1e03016876560897b16de9791b7 |
| SHA512 | 4fc0824d822861047c6b52e5e3286ede9cd1a3056d634bc7dcfd744cbd9dd81dba675c220198b376d857b84a8be4a098efcdcc56ca985b4d926a4844e84a2cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4e2c6ecee0bde2bf00486a410cb5beb0 |
| SHA1 | 70a6bab8238b89333929e663b215c3321b3453ab |
| SHA256 | 84e08abc8c90ca9b30474ed684c9ae2af04edf4ccea4451ec9c49b270f01a12a |
| SHA512 | 4558b6ca8ca1bd7f92d75585bc5a1185247bb24ca0b43ebca791f63c49efe6997c0d793641b40c93f0b062f92e684f355d828fb04a51b1ad91b9446775412cc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 02e5229983cbb74361118fab98b42fd6 |
| SHA1 | 5a5b6c57fb8492e1e23e9774017db28d02cf11ca |
| SHA256 | 928b340fe319fc7340028b178e5bd09a1a0adb5816f1eab70d5b298e4033f108 |
| SHA512 | 63f88fcd6ea894c180b59248c91d1892976af170c5c121aa5b05e277dc6a14aefcd599b5b4419d13caca736b8a6bd23f94b9bee465b470a935e5af92a956bf48 |
C:\Users\Admin\Downloads\Antivirus Platinum.zip
| MD5 | ff84853a0f564152bd0b98d3fa63e695 |
| SHA1 | 47d628d279de8a0d47534f93fa5b046bb7f4c991 |
| SHA256 | 3aaa9e8ea7c213575fd3ac4ec004629b4ede0de06e243f6aad3cf2403e65d3f2 |
| SHA512 | 9ea41fe0652832e25fe558c6d97e9f9f85ccd8a5f4d00dbcc1525a20a953fbd76efb64d69ce0fdd53c2747159d68fcb4ac0fa340e0253b5401aebc7fb3774feb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf93e08f4866a6ecaa1d93bf5548bcae |
| SHA1 | 7cfc70eb90bf0fa894c862cfa000b199f79b56ad |
| SHA256 | 47453126480a64494dfa83ad6058d497bac4c46dd97486ccbb3dcf2e48be84eb |
| SHA512 | 5c83fc0162151cbd5a334138863b1e384e1ee5426002fe1e9f04077d7b8df182806333bfae358eb13c4f1672d68f1d4d21abab5292a63801b774dd75138f6414 |
C:\Windows\302746537.exe
| MD5 | 8703ff2e53c6fd3bc91294ef9204baca |
| SHA1 | 3dbb8f7f5dfe6b235486ab867a2844b1c2143733 |
| SHA256 | 3028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035 |
| SHA512 | d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204 |
memory/1092-4803-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9eed9c77d697e3998498b167bf16b884 |
| SHA1 | 48fc2c97954f908bc01e3356356b8e8fb5fb9b58 |
| SHA256 | 515b383c1b2802ee87bc45740663cfd12a77f58ff1b14b627156207366c81e83 |
| SHA512 | 3a81abf7b95911cb51815b83be95d6132599f46bfbcd1feb0f8cdb588e3d3346bce7c932a1b07d5944d77b45d74f75003ecdd5dee68864977dd5f53449d0defe |
memory/1948-4819-0x0000000000400000-0x000000000040D000-memory.dmp
memory/1092-4821-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d5302ba536c6114c40a6020d0c40e80b |
| SHA1 | 198329fd7f2c31d1ba0eccceb22e6098b687b996 |
| SHA256 | f110ef47df19240350b24dc97596140ce50da38c3af46601261779ea65174836 |
| SHA512 | 86aaa1d7c19940154c07c340f3ea90815ad1e89bb84b06def13fc32b1f889f089b798b0287809535c6fa3e9568862c87d15b5961731bb65b9f51f22ed60aa030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d69d01a5c21f3f30f401fe99de9d45d0 |
| SHA1 | 46c883eec6a29f7958f5239340648be799114a15 |
| SHA256 | 94d48b7da02169481c92fcda77797a4660a5738501ab80dc384f611d214e227a |
| SHA512 | cafeaed85297141f604ef60f880556e05f3be57b2d7e5420c24682a705e13c9ec2f8e9a910b369261f998ed264dc3862e4dd6927a49ba14e49fe5db43ba7a16d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d4c876c52a33b0f9984ade8dd5f7fd7c |
| SHA1 | 792e691f76f2cb8d03ce3833e4ada7c03f990305 |
| SHA256 | 99a94b00fcf3265de7a81ea9cb47d83a9a7db600bcc86d20ddf4dfcf53f8db61 |
| SHA512 | bda422aa3229a73a43de82fe09e580d2f2bff3984b3326ac8a1fb0414a177906d3eef900d1a1e1f678873799234897af18fba3365f6be07ba7ee57a81073ba43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1298522eab151b1abae4db5e5634302 |
| SHA1 | 5cad1d532b4ef8e27e326ce03a9fcd758f918ffb |
| SHA256 | 909e9d1a66719f83957027176a9a8fadf208355e49785b4c351823bc9c08138f |
| SHA512 | 591342bca041f9f84fe5d09cebd224a760fda60adea6c6d5e404ecc20fac0d83d92bb62a172b7fb33286d2a3f89c04609971bda42b230218ddc47c8d7c0dda46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae9152444abaa7f2f5f6b852ab07dcdb |
| SHA1 | aa164388d55764c766421c039660bbaf5467e370 |
| SHA256 | 513f035bfe6a56aaf1d3f94ece83ff9eddf9c5c0eb3a1f2834cccb1006407128 |
| SHA512 | 0784661aa57e869f8830c79cf041a5d016fb6420c35cbbb244add532b649e27217fee3364738b1e958a031ff2c674a37b4ca12b1a4054ed2a937fb1fd99937b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66d78654d6dcd0c87e23d6b78ce02069 |
| SHA1 | 1d60595505a59d744a78042cb747e3dd7ce044ed |
| SHA256 | 848ef5d9fc47c884550c9ef69f7e19cbf6283080d20e39449e3f60d41e72113c |
| SHA512 | 3d1aa923975104691c514440a184c3921356ce8a84869fca2d744056167d8e6039fbed28b846e41f5bbeda243a646d51a6f6f8921972a0c5623ef8862fec8b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25eca10ef00cbe07d4174700b5cb98b3 |
| SHA1 | 190e4e2878971473a8a8c0c45f556a43627bf566 |
| SHA256 | 30530d9d675e99fe033bc8bc58934ec51c9e0f6a0bed6c8e031c6145ce8ec56d |
| SHA512 | 567b674c7061664d2080e0504f90fa5496386387ef14d47bee7e7cb7a39e744cdc27334182b0cdac5852473a0bd417937981d87bdeaac4ff2986876118a5a2fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 364309fc3de9fbb3e167722df1c47bd1 |
| SHA1 | 35093bfae8c372e426dd98eb76f0edc88b2ab1e7 |
| SHA256 | 9e57580c56b593bd7f4647b25ca333e6d3b1a9175439a312b0640ca989983748 |
| SHA512 | 226d747616683024835e34cec1e3432c21a4207bc4f629992f3712bac7bcce47fdfe2bd3f539e32f74eea80f9aa880a541b66ba14d6d19e21ad31f3ef12bcb0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 036685ef48c9eacafd908fbfd05fb0dc |
| SHA1 | 6b3879314f15a022e40de13885b83071ec3e98b3 |
| SHA256 | e8a617c77334101c9b6d76c19506acb035b86bb21f111602f70af16436afa6f6 |
| SHA512 | 12c9731a199ccd5a1ccd8efd063ae78e9fbb3867006fa29fe3f719066201cd891dbed1994879d611d268101ead6de5d23c791120e0ba43f53bb1d919c1b45556 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5569953b113e40e49d2060b81b27a160 |
| SHA1 | 41e3db69f27bb1c5eaef7a6950574409a4f8127c |
| SHA256 | 2ccb7bc6a0364821b3ff6c0d413f92676ec9b4fa7e863d414fd03ae46dda5011 |
| SHA512 | 32368961b5dcb31e57e8e67c099f9e350877680ee2c5ea945ba1e6d6d5c430695479dd79ecbab8502922d485b84f0b00e889bd36734be75f97ac848e3df37f76 |
memory/1948-5014-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\339f7a3d-186a-4ce8-ab41-64d85a50754e.tmp
| MD5 | 798fcbe0d3625621d1d5a35c7f74f9d8 |
| SHA1 | 972f4fb965c180bd2d740a6b0f1dfd3b7788480c |
| SHA256 | 0c5469deb5a6bdecac9a789cec98cbcb911442548e150241dbd3b87345183366 |
| SHA512 | 2809d63444ea6b2715860c9d0a688fcfe3a5b08aac721581cc7a975fa5b294804e1a3e1e2ff271332a5c052168674c90ed8cad4e8ee17a5a60fc8bf987ab6531 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 53dbd7ad5284011a0916e6239d7ee4f9 |
| SHA1 | 749f05977ec51af7f1665994c2fb289b6baf07c0 |
| SHA256 | dfa370681b439fbfe1a48773481f4c9b9f3b054e29de11818e6c05d1dc188731 |
| SHA512 | 204374cc54a29a6aeab5be44d61ef838e46f7df22614905bf840914d84ad4198b1aaf655358efef6f6708a98c97aea504ce426438e2b22a36315ee3b82ef975b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5d840e7de8ea095cddc2c88489921a07 |
| SHA1 | 0d848b2707d4885d99c52c31dce521a9e8849f61 |
| SHA256 | 71b61ae29db4d04941d07610dd900c858a281cef3c8a3316a88a61f4001a2a79 |
| SHA512 | ed0a7ac3a08224f4ca0187e8b255c3c50cded760ef1852c5702c0626aed080b64ede14f191bac0ba53ecc25f26af93441f42883d9574faba7e182e5612faa78e |
C:\Users\Admin\Downloads\NoMoreRansom.zip.crdownload
| MD5 | f315e49d46914e3989a160bbcfc5de85 |
| SHA1 | 99654bfeaad090d95deef3a2e9d5d021d2dc5f63 |
| SHA256 | 5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7 |
| SHA512 | 224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe5c5d32efb809d4af63abbff0bb1800 |
| SHA1 | a84d22c48cc1a26f8d7485a7bfcaa4110b586902 |
| SHA256 | beb958579c8b79a24a73025dd2eb2a5634b8acbfa923f8f6a0497b7c90538547 |
| SHA512 | 08fa15b6622790ebd3d656be830ab94f69a250688f826684da322d24fd6c6f3a764e35ae697d765ea66d041bc8eba69f9767f5aca907f77f9927291ef5f68290 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 45a712b6fbd76847ab7b66329766e58b |
| SHA1 | 86ea54689921e3938b509071526719f193fd7ce2 |
| SHA256 | 1a8a0f88c1939cb67c942b9f661365b78f9307c19f88e59c5c491f37fe176d88 |
| SHA512 | 1e2124ea25844bc12956c04a0200303892a2a0480c01be40f284d8db22a3926cc8cd82cb4ee976474a882bfb5437e0350e6ee0fa8a9f02a9b4fe480d3bf3b224 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6fdfbd0c57f7ae57eb8401d8168b0348 |
| SHA1 | 78ca09147701c170cdeea1371b2645d0968cb4f2 |
| SHA256 | a3ddbd52e642c5c2b6ddfccdc17bf1faf8a91370fa6248087ff8dafa0c64f9d1 |
| SHA512 | 9ff8aff2540d360e2889a4c2e9c9e1d8085d153e48734072d3a1b62a2d2e36b3b9e0c1bc4f6c4885a9936d0eb88eb05ec92adcc12a74c7c5f6b845ef62062385 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | d3e518ee7b4d2a78728a62cf1e2e4127 |
| SHA1 | c4b15dea8d7933cd429261ffb465b758e61ced5d |
| SHA256 | 2ee1f09198bee934494eb17e39be5c268b5736c7b28814beb9ee5810e0c98910 |
| SHA512 | 783e06be03770ffd557e72682d25570444385f35346aba8137b2677a3ba0c665d3be8a17ea826f8680f7591f6bc6a6864ca9fc0ff2ab44be13ed7fb31137e915 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f11a44df7e1076bee0fc38f8ee3aa6db |
| SHA1 | ec6cfef436bd98e92374bdf4ba8114ee89531ad1 |
| SHA256 | 72209b4693f0e43947a62ea06317419e31dd245659f28209bfb74836ee357a4b |
| SHA512 | 6556f22c2420cde60796b276e1b903a90c58dbf80c42fb5ae5c835de110e2b67b8cd7558d058136bbb326b7356a3b96e4082b4cb7963f68c05758f9d33ab7b3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9846ddd5863188824ecc8d6339db6b41 |
| SHA1 | aecf4189ee9f173c83eac7851fdb6aca85299f94 |
| SHA256 | fbd926f321df242dcb6f728206cdaf331e375b3499ccb2f49733fe2ffb3a95c8 |
| SHA512 | a667b5792a368bd5ecc2d5f62f84653bf72690c2668695c600d375c84beac0f9e1a9d57b707d0b157b0273b0e20bd21e2b3b5c3d922d5e15707706d3b2a8b4ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a989672bed889851e67436d364804809 |
| SHA1 | 922fcef34c6ed9281e39016237ba1927663836b4 |
| SHA256 | bfeac463eef6fad4af88639ba3869f554b495f5c0eeba17d037043b573b30301 |
| SHA512 | 1776555352bbe063751814f6c5b8224be228cb37ad739f41e91bfd28789e7923615a52da457ca7204678cd572776422216318e36893739bd178e210ea5f03be7 |
C:\Users\Admin\Downloads\Downloadly.zip
| MD5 | fa4f62062e0cec23b5c1d8fe67f4be2f |
| SHA1 | 0735531f6e37a9807a1951d0d03b066b3949484b |
| SHA256 | a88edca3b030046fe82e7add6da06311229c5c4f9396c30c04ab3f0b433eac6e |
| SHA512 | 0ffd333dc84ab8e4905fb76b3be69c7b9edba7f4eb72cc10efc82f6ae62d06c36227f4e8ada4f896e359e5ffc664d08caf76e15a40bd17e9384e73842e845995 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 37d4b6e2258d61b7a0f05170b9d28a15 |
| SHA1 | 935b43def1d4b157652bd4b62a08b28e005e9856 |
| SHA256 | 80cb467810a8ad020d6cccd5936e26e2b5af1305809f0e7328fff7dd05c28150 |
| SHA512 | 62991de5188008024818bfd15d6f55d0b7e35411bf405e6e6e0c8c55b51c092981903562ded7a7e44894ed1c384c9b559ffd8b57d2de08f1e5a5478224bfafe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b573dc84bc4b1228a7e4553cf5cc0b2 |
| SHA1 | ede8b5b5fd42b0efb9f51ec786eb196d85c76141 |
| SHA256 | 288adbdd9df63ebd65208a7f68d0233d76c2cd38747df0ca8f740dfaae06b85d |
| SHA512 | 388e33c983a4bcb31beab868ae5039f81fdd3bdb8ff5f4ede9881b7b0783659ec22f6ff6c8e8256488a50ca8f3cef0b7fea3e47318f3bb47ae493ba7316e984f |
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
| MD5 | c64463e64b12c0362c622176c404b6af |
| SHA1 | 7002acb1bc1f23af70a473f1394d51e77b2835e4 |
| SHA256 | 140dcfc3bde8405d26cfe50e08de2a084fb3be7cf33894463a182e12001f5ce7 |
| SHA512 | facd1c639196d36981c89048c4e9ccf5f4e2a57b37efc4404af6cafb3ec98954fe5695b0d3a3ee200b849d45d3718b52cce0af48efba7c23b1f4613bcaa35c0a |
memory/644-5349-0x000001F1C37C0000-0x000001F1C3844000-memory.dmp
memory/644-5350-0x000001F1C3C50000-0x000001F1C3C96000-memory.dmp
memory/644-5355-0x000001F1C3CB0000-0x000001F1C3CC0000-memory.dmp
memory/644-5356-0x000001F1DF0A0000-0x000001F1DF150000-memory.dmp
memory/644-5357-0x000001F1DF020000-0x000001F1DF042000-memory.dmp
memory/644-5359-0x000001F1DE260000-0x000001F1DE268000-memory.dmp
memory/644-5360-0x000001F1DF350000-0x000001F1DF388000-memory.dmp
memory/644-5361-0x000001F1DEFF0000-0x000001F1DEFFE000-memory.dmp
C:\Users\Admin\AppData\Local\Massive\usage\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Temp\Update-30ddcfb9-87c9-4354-9440-7c1d8cfd7521\downloadly_installer.exe
| MD5 | 61016d79751db97b3908e31a438d89aa |
| SHA1 | 668c2f50db94be4d8f4f1b9a3719a1741f5bb802 |
| SHA256 | 1b8a0d83673e2e5df870918d436ae62a7d65dae9351fbf59e3ca20902a5c33e0 |
| SHA512 | 7e8b8bd34cda535052c57e6b5535e88546399d68be3ac1426c398d4a4fa63efdc9b5c32074478401dbe06e49f144bde2927fb9225b00f805427725c11519ad73 |
C:\Users\Admin\Programs\Downloadly\is-13JTU.tmp
| MD5 | 8097152e93a43ead7dc59cc88ea73017 |
| SHA1 | b21d9f73ecf57174ce8ec5091e60c3a653f97ecd |
| SHA256 | 5a522e16c4b9be7d757585c811e2b7b4eab6592aed1fbc807d4154974b7bb98f |
| SHA512 | d885a2ecba46c324c05d63b5482d604429556fe864202b1127866f2798ead67228390fb730d44ccef205c8103129d89d88a9541a4657d55c01373f8db50f7b23 |
C:\Users\Admin\Programs\Downloadly\Downloadly.exe
| MD5 | 9e1e1786225710dc73f330cc7f711603 |
| SHA1 | b9214d56f15254ca24706d71c1e003440067fd8c |
| SHA256 | bd19ac814c4ff0e67a9e40e35df8abd7f12ffaa6ebefaa83344d553d7f007166 |
| SHA512 | 6398a6a14c57210dc61ed1b79ead4898df2eb9cea00e431c39fc4fb9a5442c2dc83272a22ca1d0c7819c9b3a12316f08e09e93c2594d51d7e7e257f587a04bef |
memory/5408-5618-0x000002BF05D60000-0x000002BF05DE8000-memory.dmp
memory/5408-5619-0x000002BF061D0000-0x000002BF06216000-memory.dmp
memory/5408-5620-0x000002BF06270000-0x000002BF06280000-memory.dmp
memory/5408-5625-0x000002BF21190000-0x000002BF21240000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NM08G.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 114f6e1cf2fd6eec253a8b0956d93f2d |
| SHA1 | 168bb85d80baaba9825bc2ab0bf8b63fd79464da |
| SHA256 | 74b570f41663ab9502c0c642a327817c414a6eaa38d1047a2786f06917755a56 |
| SHA512 | 5e84153379d2232bdd97a3652851c3d414015e8080a60ee228bfdbd3943ca74cfbcc6a38390ec84e38e1c37c243e28d885d0ef36fcf7d56c91ffd872c773561d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61ee1dcab4ee1e9230622830699893f9 |
| SHA1 | 9c96aea3ae9a8c4908643bd5c911209cc7c692ac |
| SHA256 | fb7301daaf54635988fc4f87befa79870a6a07e0131fde1013fb781b6e5f6d20 |
| SHA512 | 36a52b167d06375b743a62312026b542d71be13c2d92cfdc712c979e417e2d0fd48df1b6870c29f1a9a96051e4ff3d0d847e970a322cb6fb6b5e0d1429054195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fbe87e97d8a555e358a5adeb41d6dead |
| SHA1 | 680c3b2c4428ad0049f27f875b9de9dbb77df297 |
| SHA256 | b910021c0b2e9d598260b86cfa7941c403c06291ca2747678f549231bb14945e |
| SHA512 | b6fbb25364db3865e0d06f2f69d4b9696cc0a6f87b4158795cb80c7ed2a7a956b33391a639d314e515c42a4ff1240215268b56f4029a9d9701ea22757dfd8758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0d3bf992a0072feabfec244f4082c7cc |
| SHA1 | 3cd102e6bed8a6eade76da35a4a4e3d962cffef5 |
| SHA256 | ab09503dc03ec8f33d170390f81551c958735cdd6212b92855feec1ff309fbfc |
| SHA512 | e48eb18d48d2017722075a47ffe133cdbcda703cd9400717c4ac8e6f15ef16d618404ae2ee266df10eff938afe4ce2b0b9bf9f14ad041360bc30e6efeb5adc10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ca7c0e29383c6e3f6f44fbba2d4cec69 |
| SHA1 | 9cd3a096d0f6f12846548a2a3b50377f387ef976 |
| SHA256 | 13282fcb3dadab29a0175748816b46dbdab55ef1eb96c780d23cd53cc32e1c3b |
| SHA512 | 4695188e21cd836db2448592cbf6ee96a60f4a4f7c02fb528726b3e01e101157196a2c35ed8970baf115398291d253e5f04c2aa30bc37b013ad806d17e93cb3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 669afa441a4b3e9d35578e0a4fbe8053 |
| SHA1 | 55c1bae09a7a0d2493c7decf7ecc7060173b22c3 |
| SHA256 | 8326dbf66481fb59784bcdc3b3b41991a4aa41992905582c4ed5e6cef9f41930 |
| SHA512 | 002cffdc7dbe2a5ef0fd7ac5bf3f0974304de3a9da18eb8f3b7c208dcf6cf10fb7b3ece7f8469af6c3f5a8844362e1a92871fbe680a93295b88fd6bca3c1439b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2
| MD5 | a7a51358ab9cdf1773b76bc2e25812d9 |
| SHA1 | 9f3befe37f5fbe58bbb9476a811869c5410ee919 |
| SHA256 | 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612 |
| SHA512 | 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f7733e5cb3402f7d5ce056a8b859f3c8 |
| SHA1 | 096bcddb1fb4c1118a5a445010a56b1e1277f1c5 |
| SHA256 | aa4c36297813133efaf422c82c9c45786559a3c071443804b5dcbfcd77733c47 |
| SHA512 | 4cfb06e201f9e535d756f3cffeb7afb8af84c70aed6f15b48e4e6e9daadfd374928159c0192b24ca832bed6a80ef1bbf8e2abeb30df749ec552c0cd0dcbddab6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3583735aea8ed908931b69d738fcb0ff |
| SHA1 | 49b3a0ecab916fac65b0fb6af949cb8f87394561 |
| SHA256 | c15783b2e5b8a2f975da97eb5823f633baec8f7a45b082db34a0d619334b6290 |
| SHA512 | 7e50baad4cffcfd72bab74ac7ce19a9de31ab30b4b7361ae165661b5cd57186ae331f417f1681375df6d019aad5cd721493fdcf7e92c2e434eb9e9bc319e264b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c0e47bd599c8b02ee41e065183a5e087 |
| SHA1 | fb0a35f30ecacb1ffe1fe819c99e62e976a187de |
| SHA256 | 46cca9d42b786fe6021f94f452d6fd7b2fb2601ee2336f4ea1d13fcf06b4e077 |
| SHA512 | 268a21b27f2652a4f2232c47e6daadb7564697960389743753d0db44d4b471f56fbdc6188e3a16ae3714886497194f540a2f32c9b7a6e4cd2b0c4200f9cadd08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5c5bbfdb87dbac2b2b4f3c16131248e0 |
| SHA1 | 47598e025ba1ca36a6d65ae8e708f54ba20142c3 |
| SHA256 | 87e6a97b9b326262d6460404e3950acdbd2b5f5f32b57dbaab0847de9898ef1f |
| SHA512 | 5023ed0df9556af960b49b9abf44ce3811ca7c0ac325f5cac9f0c9bd333b2dc54d8cf934e52d14b8b3294d32ded2aabfa1a5b36ddd34454e4840268ced2e914f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3bab0181c666216c4d54e8c465d2528c |
| SHA1 | 2cb3b4aa1c1ccc5a6d38d75877ddd8fd4a7a4ce7 |
| SHA256 | 62e9c88238fc8aa35e2754389a65d92ad892344ce32cce2d36a76aa3d1c1a131 |
| SHA512 | 278115a3806106ddd8cc42d0bae52deb9827c9d6dc109d860a2a727c2f84830cb1bf76ef0fd192bfd1e57a8b72e01b82c238a8f4c038e1444882a654d3c15b44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0
| MD5 | 276be423568c51fe37cf043a8895f106 |
| SHA1 | 12a202ff5b0610f7f9ba712aa31a2c624fbdcb70 |
| SHA256 | f555c1dee1d8e85359fce4262205a8a30430eb892612673a453faca41d48f0af |
| SHA512 | 7a3f679a5da7d9e36b08227cfa47ee9a4f1dcbfb884c226a0235dc07b68525f565beb76ab46497b4c0cf4ef2f9bb10989e74844e6b9c7e098cee14172807519c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0
| MD5 | ac613e71b518f2a7a957d5fca78fe802 |
| SHA1 | 8279f3cc5e24e5b025244fcef7da924c24f8ccbf |
| SHA256 | f9a1de966c1902f60a6db43a96e3e54133e87cdf02aa0258098cd0c0f3820c30 |
| SHA512 | 5507d1de696074d12bfa6e6e5be0a2806cc5002c386bc7f5edd6b66c754536a40d52143a2e8058c189f4ccbad9ae5a0b168d425936d378368b3c5f0b539181d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a53fea9ee2f077e5d28fd62d8c6cfe80 |
| SHA1 | 4ad20b5cf6d5d3074b2083675ac98eb717a544f0 |
| SHA256 | 44d3f2af606d3b7bb3ccdf8c9ba3372ccc5b422a94e215cd2de8522e8ce4a913 |
| SHA512 | e258e082f7b7edbd6847b08ef05a35b2ef58c6cc2c169bba4b0faa08657bf977982b954fc0c973d5a822ed2bfd1668de1da99f25c2e26d43b3508a904bf969c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5dad026ddbf1163c7d4033bd3ef074cb |
| SHA1 | 9b5060c6813a95c0e818b37f3307e23cc0843381 |
| SHA256 | 8ad6f7472a867c3121bc5a04a8185cdc65322cc56d579e826e16e5f2369c879b |
| SHA512 | 5ddb5966075b8dd45006fe808c3ea359c02d490b21212e59ad3e9f08a58926986ee26116044ad141d0e45c12c69c24c9b26d20df6f6028b9432afeacde755f49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56705f82d8af4798_0
| MD5 | 5843475fe73917b4413d8463b7765608 |
| SHA1 | ced4dde77716c4202912aedccca6056502db46c4 |
| SHA256 | 5a02f54cd6e923875055802e0683fce435521fad4585a5ff28993e83c741e326 |
| SHA512 | 681243021276d2d07063dfd79202a714b2258cc5f735aff24ed9eae853900284a3575dee6826ac7a73c699127acf65cd615b8ba643ff95737fc700f5ffb13fac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0e8caaa10047fd8_0
| MD5 | 0fccf67942fcf095292745ceef0d8091 |
| SHA1 | 70c351484f474173e56f3283c4e8a197eb5643af |
| SHA256 | 7dba7aaaefdd093a961d5f175d80110fe6539377b3269b8a9c4ab714381521d7 |
| SHA512 | 0dda98fb60f3a945d44b92c37f629f5f8eb191c1ebde16fe5bdbcdf0a8ad1ab541f66b8fb9ce47b08624620048f402f871866e90205cfa2219dd8852b052a6e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6528563e6cb0bd11_0
| MD5 | 2e301cdcb282f4ee067fe44772eadb9f |
| SHA1 | a7a84efff31caf8b4c577805fa49dd70a315f7c4 |
| SHA256 | 0a51e84ffd6e02a5f51b3132a46f1813008cde8017b08dff6533a8fd6edf5a3b |
| SHA512 | 152ac71de2fd90a391fe83777c25a6a21a6e91f5b93f97d59c881c4ef1bd084f725be58c5b93424f4d6a8554d02ec3d1d4ef06f94c8ab3daabb64f4b8e7f16e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e6f9a1cb189446fa_0
| MD5 | cc610c2544c27d6b3d4362873c2db1fa |
| SHA1 | bc3cd9c16dc5954caa2dbbb2962d49fd2b2cd45a |
| SHA256 | 3d2c8a07d7ccf7c15e4a867f3d9b07bef87682f985a8c37528325e23d7728f1e |
| SHA512 | e18a735fd6a15e157dfbdbf400575ee960d4512c6b2d4890fe5caf51db9d6d32727d357fd019d3ae1dae5dab2fa0fef846b38a1914261988941d373d24ebe0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0374cebd2239bf9d5e52594a6c02cf5d |
| SHA1 | 607f328e14a841043d5c36c3637c8641b1240e02 |
| SHA256 | ae2bee30c639ac28e5632db5bd709a00654f990f3fe09d484f9b2ccd7948f9a7 |
| SHA512 | c442af45c22fec442b534340e06f0cff30c140047b2479c7b8ba8fd0ac1861cfb7d04b3a382b5e30a283d98cf893658cd3a3af30abcef0d2fa019df80fbfefb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5c6e258bf07ebd0277afc391089f1ac |
| SHA1 | 0e71ddbe98bb5ffdf9ac59261976835e8e8f7935 |
| SHA256 | 76e2691e4e5907df7720d373af0c1ef58f1b7ddfee458a83674aa4d0f34cc1c4 |
| SHA512 | f5f891bc5ffb2cf9a73c041d8e8d5fbcc94ae6b424c52526843e05442497a591a783ba7a37bbd283b5dca9e85b6c09f38bf471f9fcfbfe884263bde20dff76ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_1
| MD5 | f89205e2b26e8ee82c254aecda203fbe |
| SHA1 | 05ffa9d2d6f2941c36ad0c5b7856013321322d8a |
| SHA256 | 2372c11cf736ad3a396f7eb196f334f5b7d9bbc69785cfd0edfc4e255266b8cd |
| SHA512 | 06bbafb461aec27b1164d557afb5bb3da567687229e353ec76c66551464a77a777a654498e11cdb48bde5c0ba4ef741f9102d37b8edef1107de69318f2744090 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_1
| MD5 | 686dd1fe7e43e7a1b689c00b4b079db1 |
| SHA1 | 5283662302bb05c0f7b5f38939472854f7334a5e |
| SHA256 | 12907b0bd00360ad08fb0bb4cd0fbf2e70c49e99869eb4fc0d984a232889befe |
| SHA512 | 77cb264bed31e9d87d4bced6cd11110494bd3b5eac098bad428734cce6c4b83290f11f172937da3a8d55bc1ca030b0463e28c6eecfe09f9c9fc946498065e380 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | abfa60faa543e120674d715aef01fc5e |
| SHA1 | 4a9f001d3c86b04392332fddf359880c86dce8fb |
| SHA256 | d3d56492cc3b0a35e3d6c6a1bc1321b4dc21aa7ac6036120edaafb4b75413e7c |
| SHA512 | a1567ee82798e7c0f189a37eea7f31bd1e12700b240c47eb27fc2e434c0cd52cab1bbd124fe9c4099345a83956b2ee6bf4931ce4ef25d4ca53a646ca07367d98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ed91f2ea41e77dc601a0c3e40c0df9e7 |
| SHA1 | 343138821b94f639412471a2df53b40e48463770 |
| SHA256 | e45d39b1a103f7a94a7f1a5c74a15ef20f3d3179520d0511d2201fb2b5debfda |
| SHA512 | ff5b4be3530a07def2a4e37dfc42bc6a2b8b0dae054066fafe0c3f3ddf541264ee30b9d58b2dd3430f698469c92cd89d1399fe3368bf30ad88369fb0bcc5f7fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6523f104e9329d5b5b277f404fb1435 |
| SHA1 | 4dabb4b9efbea4241264ff3bfc8c06cb833ed5d7 |
| SHA256 | 12bd46baeeafa06f58bddd206aac324012ca1f0c6ad75378b305f4110161c3e2 |
| SHA512 | 132f6f192bee1d8b18218b62f269e37b110754f16a1f6c695ed5257634c1f794457a23a59be40627b8611ed8352959411bfe4e2d0be9bbb911d085876e28484b |
memory/5924-6631-0x0000000000DC0000-0x0000000000E32000-memory.dmp
memory/5924-6632-0x00000000056F0000-0x000000000578C000-memory.dmp
memory/5924-6633-0x0000000005D40000-0x00000000062E4000-memory.dmp
memory/5924-6634-0x0000000005830000-0x00000000058C2000-memory.dmp
memory/5924-6635-0x00000000057A0000-0x00000000057AA000-memory.dmp
memory/5924-6636-0x0000000005A10000-0x0000000005A66000-memory.dmp
memory/5924-6637-0x00000000059E0000-0x00000000059EA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 789de2225ce63efc52f53206ef1c9d03 |
| SHA1 | 10d17631c5fc1238d63bce25698982f06ca0d003 |
| SHA256 | e496e939a3ff2c500a2c082fc28ab58f33c57c7f57ba379c5989504d23ad9250 |
| SHA512 | 8eaf618181ccf9c9e2c7491357d1c7c1de85a3f46d01833f974e80512d87f175a4353f1430d73245292fc9777afea0cf00f94124b992557a3e8201997d03e3f6 |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/1720-6705-0x00000232427F0000-0x000002324281E000-memory.dmp
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 4e19e70399076ab58d1160d0fa2664ec |
| SHA1 | e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134 |
| SHA256 | b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8 |
| SHA512 | f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4825854d61b64967967f629ea150ecb5 |
| SHA1 | ba7c602ce62f2391591c56eb4156655082decbd2 |
| SHA256 | 459855c31166d69abc75b3f4c0d4d2c311908012da8a3af6b1eab843a976478f |
| SHA512 | 917bb1939fb8971b37cc9f36bfdf1e1dfc344cb6ee3e4169735ec1609c0dcc98f6bd91c039756b59fcac9c1851c1c470fe2ee29f9c16774cda83ad0733062e97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc9fb7b8358f460503f0a5d57315bc1d |
| SHA1 | 42fc51e6320320dfec06b77b86251c08808b4cc1 |
| SHA256 | 58acc6b6440146131cfbaf73d46efc10235b1babf9c6470bbaf2f3644df6e2d4 |
| SHA512 | 2dbe6bb418b5a89b932a0eea7aeeb128d13e605a5925e2ad80277e88e4be5499ddb2c75f472184e0256f63b46cc7c27160f0ac08c8d7313ed68ab2cb028028cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6167ee0-de7a-4fcd-b060-5a8c7fb8c877.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ebdc6f4443172279886f495a6342295e |
| SHA1 | 8174ea285bdf72a39851b3cc96c7a454589f097a |
| SHA256 | 89ccf7a20805dfdbdc710215b44796f675fd5dbcd30990067a663e7fec948e70 |
| SHA512 | 93d719927d45e9d8860de08c682e92a43a9818051dd6bb3e2be10de8edd410927b4f043013ab9bf9ccc5a8d2b837ced02e5ef910871836d7cde3c9f7bfe1136c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2137b08fd6cb6ab5d0fbe10c9e79e5e7 |
| SHA1 | 5f3f2f9b7209b0a8ece452f706a3855f177e06d1 |
| SHA256 | e12ade13a5320017e2e445de06b7928cb3235f4d4e6fca22b773a79156763b00 |
| SHA512 | c7aba54ea73960887cbd95fe6fe970ec743a4d34afbfcc12473d6796bf53bf9ef1889a06184a21ce95900b498558f8e9a82c3f38b9d99f508d4a7c158e58cdca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b293ab1287de61552a7bffa2cb1d269 |
| SHA1 | e13d93262091d1ad855400b2e801bd2c2c66e333 |
| SHA256 | 785c3803fc3227efa573e96e5d638ce87d3f5e6d82dbd85036f9566925120654 |
| SHA512 | 3a9a222e5d1544911e1ec8868a611c59b6dd615c728f4329a9151fd7558d5c702bfc7b4244b1b0bb0cfec4b0dfaa87697321663b96b3073e7d39c551c11ea5a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9856a0abd55c13c9aade5f0957c7fb8e |
| SHA1 | 9c7f7838f2b56d6d60ffc653fed743e597ee4233 |
| SHA256 | 585ce47ac6f613a9c37503928dc1a0a03605f6f7ce0eca7697554f836e71856a |
| SHA512 | 741cfb034cb0ddf2bfec22789df4e564b5df16212f9badd7ff134b3fdcbef79d66705bb1013b9ba2a00bae1de3e14278d8234bc8b6dcb5e7373956856423e707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a01bd3e344cb0cc21d98ad3c99e27d8b |
| SHA1 | 475867d8506057bfce739820c3bb9ba2d289454f |
| SHA256 | 48ef73e60920538d0741b458b9b62923fec8e6a688f1396884e12ecc437955a1 |
| SHA512 | cec7b78a2f09396c8c5642ff28c9e0b744da97415aad3dbe18d567158c6a2f6945f402e7f70b6a3ae7ed6f7a152b038d8bc7985f03fd9dc0455523d088869728 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7c420fc552440efe5aa0035649cd8905 |
| SHA1 | a8849561b9c8f2f7c1a551cc418c9d3d36eb722b |
| SHA256 | 7823875f34e7556b4966ed99d59dbdf1568e6ec599632f671115ed935e08abfd |
| SHA512 | 46d167271322b4960ee0b5df095e7347ab6acef968b08ad3f6ed518f07a3cdf0efaf3331cb76a3e2d6e402d1f91484c0e3ed1b7572334d733d4aa634d7a37594 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0df4372b8cf3ed508b149bbbdb3b826b |
| SHA1 | f71cabbaa45a25b8f2b066b96782b121bf8ba161 |
| SHA256 | 25f5b0b4402b38de9606d7ff132039861db81b594a73d989e65edf2e03aea177 |
| SHA512 | 54d2fe9fd71f664412c83421b52a39b623bcea2303d536c9b6743eff72927f56d4002411b15e5495cd57d2c994bd6a0074c789d32b87c5626c7e23ff6a52f40f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a77346da6c5d481cada8b15cb63951f4 |
| SHA1 | 8ea723da73d2c87af89c8a51c9aaac4120503c91 |
| SHA256 | c287392a90e9bb38712d37c25562e9a40b84ffcca68c168828c62df8ca18be8e |
| SHA512 | eb1905b96e061a613e871ac21ce1141f55862796a05628e86223dbc41fb97971199f95ea8ece5962373d45b43fa0f92fddbd352d04dec4606d33a312a55c9665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6988dbba766fa0d9947799a6a035e445 |
| SHA1 | b47a6f25da8fce1ac3971fe1672e87e052c59ad1 |
| SHA256 | 18c14ae00b877e6bf2ad366fa4ca6fb6ab10608a4c042cec46e7656d19d90763 |
| SHA512 | d083fc0e9602ff545b8a5924ccde1582191678996e6210e7aa23238ebde30b4e9b2be838404363b9825b5157956f3e9773d728d401e015d2335dda4f0c6efe2b |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\7z.dll
| MD5 | 4da585f081e096a43a574f4f4167947e |
| SHA1 | 38c81c6deae0e6d35c64c060b26271413a176a49 |
| SHA256 | 623e628393bc4b8131c1f4302b195429dfa67e890d3325ceaa56940660052b1b |
| SHA512 | 0fe168bf1661691dbaa103e478dd7e46b476db094bf1938bf1ad12ddb8a8f371bf611ff504d2eb3ac319862444cc64a27ebee8735aa3752aa32a399b09427243 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\servicepkg\MBAMService.exe
| MD5 | 31804b530a429b25e5763de3e7e5238b |
| SHA1 | 4d8eb7342a2bad8318ac51a02b7b55f978178422 |
| SHA256 | 1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a |
| SHA512 | efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\dbclspkg\MBAMCoreV5.dll
| MD5 | 0ccbda151fcaab529e1eeb788d353311 |
| SHA1 | 0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb |
| SHA256 | 2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70 |
| SHA512 | 1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 5e0e2d584de048ec8e1d96a8402b9074 |
| SHA1 | bc939970e17845f19b5487ebc0f1962aa4f5a756 |
| SHA256 | 2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a |
| SHA512 | 8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 23f1360ae0e948d300f0f62b53200093 |
| SHA1 | e44fd6f0248e0a02525ee67664d83b535d9cb7d3 |
| SHA256 | 40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da |
| SHA512 | 6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 759b213d63eccbff7bd5cebd3028fb47 |
| SHA1 | 1e116f2f2ab63dccce8a978b58cd6385626df1b1 |
| SHA256 | cc91770e9ad0dba1c38387a9ba6cb47021b62ae2ae6563849adc278d636756aa |
| SHA512 | 2a58a21a17a7195fcb173a07309714850e6157aca8dedfd7c710000a814343e46d9d01b3156b0248c76eb07c70e3e146fae8d590c23f776d6fe14d21d1391f0d |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | dbee8e7bbcba63adfa242c00f228afb0 |
| SHA1 | 6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc |
| SHA256 | c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380 |
| SHA512 | 1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038 |
C:\Windows\Temp\MBInstallTemp9cca91b6367111efa5f976d7d0441b5e\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 63e983788fa945ab38db69458fa41cc7 |
| SHA1 | 93ffece85600b6507f4c1d3d0f9d2fe202c8ac50 |
| SHA256 | 47959418dda2a534ae06dd77de72a0d4aa7321da1e80c61cee50d99dd8b94d74 |
| SHA512 | 882159989e26509aee8ba1b95912136d96f1a454c29b93dd2b253d6b2e6011d9eedb1fa636713db701b852ff417a335dfc0fb036cac3b5d0a432de8fe5876f30 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{7f751e88-e802-764f-a9fe-9c4826c503ce}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{7f751e88-e802-764f-a9fe-9c4826c503ce}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | c1073ad70b2e60694da57390fbd277cf |
| SHA1 | b591850627181c9362112ce540dfb153f8e9536e |
| SHA256 | c665b27fbc1409bcab2a71a8d58630abec5f6f180d618ea06f7dfa69d90ece6f |
| SHA512 | 05ed083b6343312df35fcf052526e12db27bd53722b388f74813b5ab7d03f01725f82498bd46b3992408fce7fd989c66983bb753e30e4e94bad723a06ac112bc |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 24e47cc929edb3942950f967cd419b4a |
| SHA1 | a3b6ef0afbeb71b3f45a99894bdafaff4f049bd1 |
| SHA256 | 1720faf1462ac67e89b7b188bc7064d68b9d4d0d4651ff73ae361bfc25bcab9d |
| SHA512 | 1ba379732f4f7c3b6f4525c7f88824d769580c93eb487faba4ee41525b2fb7ba0e9e650c07e53b1fbd9c65ac509a3550698ef9066f09b76cd0e5acbb141c2d49 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | c206e576cfa1698fc809efb4f7598269 |
| SHA1 | 0cfa857f2613fe29f8bd032ebc6cce98eb328e1c |
| SHA256 | 1535e9562e9871f027233c81a8259162cec8e80f927a9f56f4234a8efe53f746 |
| SHA512 | c0b1376940bd843b8c8a3def8a290d3f41b432cec1c2b97ea621deea284e226f7c24a94cfbffea258f18c9527fdde0f1340a25bd76f183842ec94c8d8ebc5234 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | df10190b6d5d56546851170b37c92f6c |
| SHA1 | e29727610acc89c27a804ae313ad1646a33b5bd2 |
| SHA256 | 33a26f0fb0c2eb5b8f0b8dc92f4d03dbd198a0e20058da777a5b90e133fa49a6 |
| SHA512 | 91a0161aeb0dd6d8e80b58942e8471b4feb6ea37e0319b85bf728b2029a2d11bd6bb6f9307a4bdd156c5ade3cc629a3f351588c964473c5cae269022fd64f569 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 304dff2895524ab64c4c75b267da23ec |
| SHA1 | e8556d4ae9f5d4bb8eb6f6c5898b0c4e7dce6708 |
| SHA256 | 783886451967a795139f35f758e2f94ab759004a2296b2999f3b370eff516d4b |
| SHA512 | 7c0906388a14f36e7519aef3af9ca2e76203af095c88be819bd503100abee174838d621ed5ebbcf96f5624c5de86e8c076ceedd393d3b9d0949b474bfb1c22c6 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | c2137c99492ceb43b73fe0f0f3d4c214 |
| SHA1 | 27696f825d7d3735767ac5fb2eff09b8a5749ab7 |
| SHA256 | 5c45cc632718f373baefbdd5e0e7e33fdb722fcd5765bb385012657fe5f62a28 |
| SHA512 | f4f31b2f845174e1328eed33357ca731383205c112da6f7ce3d4bca56bcc6aca52b96d9b723cab8d477194c8c2139a2454d6a5f1a1cb5d159f5d98931a375410 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 957c8df794ca4ba4b1b825eef46e4ec6 |
| SHA1 | cac97d0251018620bf3a5a3a743a72ca3a77e803 |
| SHA256 | f59956f8d876beb5c11d622e1f07ca59d115e94a593fc47439f0ea3612b39ee2 |
| SHA512 | e4200735cfc82a40877360c8a3fe1acf0b6e96a66c8a068bb1417e6750513e8342ae7a8976044fcae2f811b25ec0b5b56a7eefc1c14d853a4f94be5226e2108d |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | f8c8185f480a4107784cd87be64e56a2 |
| SHA1 | 4aa8f0916daea1bb80a6bb2c4e579f2f2861241f |
| SHA256 | 6a098dd68753f448888c8242553b2bab05a1bba2e7a2887eb8af66a72ed6d427 |
| SHA512 | ed0a2e5e02e6143a228ce53d59258e474b88e9b6616d789588c3000ae48fed05f4e0d860112ecec0b026ae82123bfea4af9076cc40d4402593a3f62675579bba |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | b654ec9a7b5dbb34456c9e19b496c0e1 |
| SHA1 | fc27bc8f66515b772023fd3ad65d49a6a1305f77 |
| SHA256 | 604e196a3752be8ae2773c385e54fe9fbe1ff4df5d66e764267de5d7a30e0e70 |
| SHA512 | 2cf80a94e97ef24a2bbbcd7a091f5b0e37f89c5185e886eada603f78abfb7f68011342dec161d040060a22433424a4aa6bf3378efb139696cea497719d18365c |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 3eeaabc1d81c6a528489a2f4585b694d |
| SHA1 | 023fd934fe5e3239caaafa1deb31e6f4cdcfcc19 |
| SHA256 | 732a566cb1a28ac98b29dea2ba646798eb120f05da9aef170812a4bdab32bac0 |
| SHA512 | 71e66805f17fc1519d986029dc9c06453c13c20830b43a025a67dd513a9d3876769d85efc66955cf50354e614229d4ac0a99644ed4dff2cbbc151c217ec47943 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | a609b32af3c7ec3c8ffe03fd4270ee1d |
| SHA1 | a48bdcc114f0abb0ff84633a373aef43de08cd8a |
| SHA256 | 0fe1907b16dfba3033e293df14193a633335ae7e86a5cc07f22043943a96e45b |
| SHA512 | 943b3e252b0d36cc0c7b971a5a2dcb140533e4417dbe7da6846bad455ef8ab699ca2db18d5a76d3b3473e06292ca472bf91753f0412e091c7bab16609204a3a2 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 741f7f06d0c054aa0ad0ae15142f91c2 |
| SHA1 | 44880eff992b38a35d06dc496593cd15b0dd64b4 |
| SHA256 | d1d5612971a710b460caca32c8fd67dbcb98708ffd1885a213554d8ac86446bc |
| SHA512 | 33ec523b653b2be175c2268a74e018c4daf80c8c7ca9155141bad5167e994cdd5c8a58e55544e6b65ca41e4b698c7700a5fb7a7f6a93ed753b31c6ca2ae5e94c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 09305fe61bffbc1eafbbe8a1181e285d |
| SHA1 | 315f39acc40579675616948760cd0b16ef4b8804 |
| SHA256 | 22040b3c2b27b1fa00467edc15885e185807493070d9bd632285d41bba4a5f04 |
| SHA512 | 163522f5fb1e068f8193326aea09148a7a00184533fc1623a2e20b82c5b9dd7a88d2163835c9600a8559e5801a0f76946e60dded6d80926e231301783f3dd8ff |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | aa055493733af483c669bceeaf972325 |
| SHA1 | d35e853929e0bf4c371fb7d6c2bbb6c8ac1426d4 |
| SHA256 | bbe6a69015a19531c68f03ee9f9862c9897f0002dc85bbec774bd9e9752b8f68 |
| SHA512 | fdb192a1023145a140a05edd594339cf5541e00726204bf226f821a8332e0303ae1c9cf78a2fdba4c2802c9aa47b563012cde43b3137a62a67c3ed28c32a1eee |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 51e065cf18eb55190f21644e025e90fd |
| SHA1 | 7ebc04f4819f4b7cfb9d3364f63a2f1e20fc3bd6 |
| SHA256 | 7ce50477092aa6d5f21fccf011c9ff9bea723eab2f04d70e92a09ef23134175d |
| SHA512 | b52a8a486d27b083c467bb3d1ace35fa01251ffabca226d53796a763affc19009f61350888722795ac7789ae1ecbc2a4ceeb7dcd1b096bc7e8414f21a9f6b7a8 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 0e8a193dd3fe88941a7ebd155e8621fe |
| SHA1 | 714a988eea13229b68eed363127f62e94bd18069 |
| SHA256 | 1ced6db2ced80c57689ffa524a7a0bc22f0ad1379e082ceeef719f305890ad31 |
| SHA512 | 4df2f33f8b851111130340e1948af7cce2ada6be214044665cb7fcb4a351b3a516b02ee0ec47e5e8332e4dab2262a73c658fd4c70aaddc10ba6e43a5cfadd625 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 938a645b4ebc8c75ea261719e9833c53 |
| SHA1 | 7d470ad01382e55676bb3d0abab8cb7e561bbcee |
| SHA256 | 0abd9e3c894c25f983f1536fdc1d260f1f6704d8e362c567bc1e916fb980e902 |
| SHA512 | 72c8643f1ec4d66c6832dad7570bc48ac234c5c4d0659194f75d0d836e33c768d3f9ce1eb4549e46dd448725ffdd5acaaa63ab6cde29cedfba621b0085821a5b |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 69ac80ec518ddfcb3428c91e1064f4ec |
| SHA1 | 0d28ef92f3b27a70dffaa780999dfdfca078de1f |
| SHA256 | 9345fe4378ab8bc156b8e87d59f76f5dbde8f2a554941d5697c1c5d7bab508d9 |
| SHA512 | 6e91f24aae10fe9f872a9ac7c62a8ef86f9ceae7ef47d06d38d355f31d874d00a36527c08682b28ff4bd31040bfa5b2738ebc3dd732b74a01a0e764c549134ea |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | b039c42e9e0510f8271f77b45cbb2960 |
| SHA1 | 7212843b6ebae7d347895ea90d9ae6fde9015355 |
| SHA256 | dd4baa68e2c3cd5e92a1d251ef91ababb6c924322b3165c09b7f1d960cc65f5f |
| SHA512 | fa4e5cec0e89685903c28ded66e526017629eaf6eb5d7b4ec336093d3b969944248da986c53bb6426ecfc6d3c0adb9d2c21c8e8200badd8d803b38bb62398781 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | d73351d5cb5c7635a7a947192e2d94b1 |
| SHA1 | faa7f6059d0016bf82bfc6216dfdb9cf3beb4bf3 |
| SHA256 | 4e3b8fa075dde5949a32297f6f3f63aa365c02d509e038faefef18664ecc2435 |
| SHA512 | df6b6a8b682b1eca5a65f6758c59d053b47d3382cc21577b5ae15defab885e6b939ed9cc2da9c4418245f73ca925680f9652afb753323967603c17baf8b79a47 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | ffe5a249402aecd1d0b141012ef5b3cf |
| SHA1 | 9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d |
| SHA256 | 1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57 |
| SHA512 | 1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | ad5afe7fe3eac12a647f73aeb3b578bf |
| SHA1 | 29c482e6b9dd129309224b51297bff65c8914119 |
| SHA256 | 7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747 |
| SHA512 | 5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f69c2b0e6dd2bf3b94fb3f3d6b1b75b1 |
| SHA1 | 5787b18611231573cfef9fb5540fdec91dc27d49 |
| SHA256 | 6400f7d5e0509a5c4985ce1240d466fc335b7785506099ae3eda303e90e8fb0d |
| SHA512 | df8a78a5b06f1e8df5824f497326e8ffb519ae6184eba9015e9a4f52f212dd42c84c73392491b614f23c6e7d0a38a3cd9399c5b1f0fec249461b76a4ae1f7c5b |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 378591a0b10303a3fd2f22183d847aea |
| SHA1 | cc38e60c63a497ed9c0027452e0b50825b84881c |
| SHA256 | 3f7ab88e90e8588671e9da895b8bd71384fb7e1eb7254a4a3840b7bf0864877b |
| SHA512 | 1628a4403cf972cb4ac02a05276ce2cfeefe956a2f43a23efbb0d67501a5d106fd69580d6c6d437ff8995404c1063027c3ef6239365eeff81ae2861a37a83816 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | b9810380da1abecb87e42a22aa4bd272 |
| SHA1 | 25c23ae23be62bc094e8dfd814b293e22356030e |
| SHA256 | c9dcf59fec06a4d04e37d6d419188776e0d55df47d0234702cfce0d206fc4c1a |
| SHA512 | f0ed4f1b6be688ca6b4fd47f1a30681ceb58e49c6c3f6c7ffef2360fbc601e42d7dd819a5db0ff0f60fa9bba1f17b2a6f6e724eb84bab1725f65cc0dcafd7ec9 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | e4b925cb612e204b80adaf4ece05bf36 |
| SHA1 | 04ac8bed9feefeff22d87a2da87e77cf7ee5802a |
| SHA256 | c0d5c7eb765c61563d82d349d8a3eb89111b1bbd17d88388f9138b665887c07f |
| SHA512 | 6f41a2b9a2916db8bf06367c33cf70ea29c1f145a08a9be504bf8994a2416370785fcf8aa7e70cd28cf3dadbbbc66c5ae894755943215fc773c51f95504cf9ed |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c26b81abda14daaa1b8d3413e9f17d17 |
| SHA1 | 9bfed9860197131fb3ec3f90e7d9ee865266f328 |
| SHA256 | dd68250388f7a50b46b3c9fc04a51f396b229ef6420dc427bc98e7cd5c4a9df4 |
| SHA512 | efb4ebe18f958128bd53798fe82fdeb51add38ef8ff4ca895b654a2b5f46d99efa51dd3cc128457440f73f26f9e4f6134e01dad5adf767c85f48845dfa2fe957 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | b99b1186081ffe214176c9e7e1412701 |
| SHA1 | 0e93b6cb581d0d619e259d394de0da33f1021845 |
| SHA256 | 8d8dea033f6db7ba3b304ab75d3e5eda45bde2128768e1a7ef9873c9437bf406 |
| SHA512 | ffee6d24737cb79827c2bb38fc4f02d258060eb13a192444b2046028b587c9b3d4e8fee70d9387ff7af6dc40313615ca33ee966125220dde1ff0108efd442385 |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 1820c80b0ad2754277c9774c1482a3bf |
| SHA1 | ec2d0bd8e9c9cc17dd09aee3f617c2e466733f16 |
| SHA256 | ba068ef90d53f6adeb7218d0d74764e7eaa963b6aa2620bd4759fe3073ff4881 |
| SHA512 | 4130006228c154947907a163f914904cc1b7fc356d817b910bcfe0ca31cdc285fb01f1367ed1a1c014f8bfec43494712c9aa5453551add93ca4e951f540bf348 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | e1563a9d35887fabfb0e771b18bd5e6c |
| SHA1 | 8e664ddfa58e827ebca2122b93da55e232703a66 |
| SHA256 | 1f152a9374bfff103396c5daffe4440cb42462fda4a6845566b63d915512de4d |
| SHA512 | f20d714d150274185bd820c2f27263c8e8c1dc088d8eee60c9ec869a6c9dba30fc1561904c9ebc351acd07eca1cb082e099758f46f82d9762c2cf1b0ab7eed11 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 24408ea95f614283246bb0eb1fe4f1a7 |
| SHA1 | f0b6d35d951a8c49909c8c2e0e05f18867e670f4 |
| SHA256 | 6f203c45f05b57ad6438599ec2198d3bfb139cd32f77eb0ff1d8cde03bbf9c1b |
| SHA512 | 9c1d12df201185f803df96bd99ddfc6bca72be5d74d270ef1ea47d9d1e4a92721fcc3da31f06a4cd8e66a4e9cc8c08d69fcec9157d3bd28ac77880a2a86e5b90 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json.bak
| MD5 | ef1add8c2301720b2bd15d0158f19001 |
| SHA1 | 286f083fbdceaae002ba246fac6630fe4d667590 |
| SHA256 | 14ee0d60fdd27819fb8eb0616e8c4b44f9febde035f68a39ba590f5e23dd25f4 |
| SHA512 | bd22831c5cf7d1a0d60149bd0c84a0cbb0d622ba201797973c0b33fe6ce20a6f740e5b40f8a03447bec9142f828c13aad0964b7f6a990b66f0a7b15c75092813 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | bc1f3f23b9515e06068b7561cbbb8914 |
| SHA1 | f125cf5419beec2114fa142e4c92034077e1a839 |
| SHA256 | 5feff54f5c90780da8d06aa7099147efb42223309d7f2763b5f27ef7aaaa19c1 |
| SHA512 | 76086d34591d407abb26146f2fe301f3be430918972bafe46da044448c48147dbee2d213b3acf83cdf29e4c96ee77ebfc76482fededa58e22d4ded9e581f3227 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 02168782a307464eb1634a680e9ef875 |
| SHA1 | 8892020d0524b0b027904f272eb176de55d7a16e |
| SHA256 | c9d635eb9cfae73c973f302dfb3f59f232d2bd926af6598dfd8b4d8deae65c43 |
| SHA512 | 38c7cc4d56cd3009cbbbffcbb01e3ef491757ac48c97f6deb060e0caf0e3806e865f0d0768540c394c8375798970e20be7974eb93bdff141551422d6c4eaeaf1 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 6ee870ba1d6e5db529c11a4790d32c30 |
| SHA1 | fc9e1fd94e34c593ddc789a1220870b99b4e1967 |
| SHA256 | 99d41d5e86fb831ffd3107e4d1598015fd453e50239c9478d972c4b6bd64087d |
| SHA512 | 39e0b6549ff90b1a6b00fa9564ef03575943c15897cff53cf9db2725c56edd36c90f2c4f7864b193559d576e8be2ecbc03f285a4dd816695258cf72296727bca |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 7b768e47a7eddaa53089232fe7949cb2 |
| SHA1 | bebf1e05500eb3c4ab59b2fc047445d749e5f89b |
| SHA256 | 2f44e39ff5ef7be33f3a9c860306a0a891d5d780bfbc993ae57e49ba07c367f2 |
| SHA512 | 5266fa882b6a304159a5ea09d9f1acfb9106090caab802346b5a6ccf97615764d580fb68361ccbe41898116f8f9cad8d0edea73f1f29f71e0ee915ab65885491 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 6df78c5323ee3fb7d159a73a389f855a |
| SHA1 | 23445569a26f045869aec5e218d192375529a40f |
| SHA256 | 0dba47e80fb4a1c643cdbba48aaeec8374992e9e3f7e92f0bdd391ccf6b7dde4 |
| SHA512 | 22bcedff478922dcd55f46c91766d9d1f01211a55700833b1f047f0ca4048ffebe2fe47e64b9e8cbf9abab2bb3c20749af61f1d39773095f1d89ccf52c41811e |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 0710ba0b17b760f556e5f51cf64a27a4 |
| SHA1 | f0f0910137a197ab6abdd0618b2b563003ef4218 |
| SHA256 | 1b80a2eeccccdc9d206a3ff7c2a5c25f32f16aee67d6128d0c9f237b7b7f0440 |
| SHA512 | 3efb4e26abbb4cfb65b0cdd771c3ad0409b83c15d89ac3d6dc1203114757c3a79ccda3f3a7a2d167a985536d2348b4f8c47e1eed7992c90311fd18bcdb83e0b8 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 8e8f1d944af588b97c04c73b68873906 |
| SHA1 | 0c3b8e6f8beb808bc53c747160eb334f6ac6e25c |
| SHA256 | 49ac9bac100ea35214918d52310e07454a7977d8df3f6d3692b085183e0dcdc2 |
| SHA512 | 825adad3fdf0ddbf9f4c3493cff7fe059595f4342fc867ae397596394d94412b419ab988a054b5db4f0c9f911e27f6eb8b33f520a8dc339f8f75407b7e1de88a |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 2cd4ffdc06a77220eadb6ef9af7c4bd2 |
| SHA1 | 17c55dc802b1f013a90937a851278b04e4701c4d |
| SHA256 | b6f46408a2453b7a989052edbea7bf811e49cc89db5b70a4cd9fbec222b9e6b3 |
| SHA512 | 789d6e6f61a36c2724c4628075c6a22a1af929e2e6f7d2ff8099f53385ed63ae7665284eb94d7d836dc49aab05ea2911d1c433408c53e532cf25d07e1f03d894 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 358f32f9344831443452bbf07963362b |
| SHA1 | a98a434d676c56119da72df42210a4d646423979 |
| SHA256 | 158e11cd314d3ad67532f31eca8dfb8fbb64be1b89d484076044e4be33d85ede |
| SHA512 | 6539f1b030dc7834c644dc2a4dad3f258ff39cd176564dd2e9878a0f57070814b86c9a60fd2626d296ad167a064af2f907569571d526055f5b08bc0a529ef8b8 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 2f2c3c2424ac71b2c45dd736d1acec47 |
| SHA1 | bed803fdfd6269c0be69a3cd96171d70538b37e5 |
| SHA256 | 97f4bba47b29d891d732405ad1ed88bcdac2bad8561b7fecc109012e3e9e0275 |
| SHA512 | d374628cda76c6d8e9e637eec65c0345a480bf0aca11c254b2e8c6b81ce01ce54a4f2798584e9c1ebd5151dfbe203b11bf86dc10c9870c07ce1b6d3ea9c2abfc |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 1609fc12a3e710c58d95a81a046421bc |
| SHA1 | eaad815e7a245b625a3d3c9ebe4e13e37347e7d5 |
| SHA256 | edd4d7dbb1d632f71b6c1604168e9d19de004e9f4c6281117d7c55063e13fcf2 |
| SHA512 | cd1b1cf25087273e92eadd46f7f9af80c519f5685792d2477a2f92e5f032f644026e294eda24435865bc9081a24ee0437617b83762f0c30ec7741bd451d973ed |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 7305958c209c5e5c46ee9b6edf8bb295 |
| SHA1 | 7ca3405aa0a6097d4f41a2f304b5fe3a3529dd14 |
| SHA256 | 2ef61b5844ae0fde520448c23f8b6d8288cf719372231bb3932b827bfc7c09d5 |
| SHA512 | cc67e276f8d5d4edc77aea66ee3cd7d08ab91e2844fdd4a1a666e4a11c156366b66c7ee933641923f1ca6c0fe6c07064b5e604c09fd6862bf774105902c30e3f |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 2406a8efd5980c66cfbcddb905167692 |
| SHA1 | f81bda1c426c9066babdce11852dd694b3e0cdff |
| SHA256 | 01dd2cf50525197f9e8825c316290e0c2fadc45d7e5de70e4cd87f4618987453 |
| SHA512 | 9e9e73d2b6c7663aeaf326b4152a29d1d4b2c68dcc69e132db3d8ce666bdbf14e67179866f2d8246ad68c666a665e41a66a9d19f4c87bac7dd3ab3683f911d7c |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | d289d84c0406750cef937bdcdbd32740 |
| SHA1 | 89a8a040a62bc0d2c2809177773f6a10bb83fae9 |
| SHA256 | e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d |
| SHA512 | c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | f95c4bc5030f482a7fcafe3e1b0c1f66 |
| SHA1 | 225ed9109fe819837629ced344502c011f75dddd |
| SHA256 | b25db54817e535b6f4d728ee323eb1c9582c0fc2f98b9e9c278dc397bdb3e379 |
| SHA512 | 7906ad7462ffbfee9722525cbff84bf22c9af3e45578b6d371ca23b24983a4a0cd9bbf314ec959b0ae507877a6512936bb4f4bb2a88dec64f909af0c532cbf90 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 262adf0cbab84c71547cdc9245e24816 |
| SHA1 | 27cb53d4b10b677615e0c1a639624d000b7fa873 |
| SHA256 | 4098a99b8c918c7cc0b65c870d1f96860a22a22bde77ab13ec360c65ec426d45 |
| SHA512 | 8c337d97dbc443bdbf10659032776edaea53853e09b6164bcb8651f3cdb865156e3905f84f2449ff1180f8dafdc36a8874fb133a14e5fac6452f87081c1ec250 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 816266d9da1abf21de4f703a9a3d2aba |
| SHA1 | a50c4bbda32c10287bf2ccba4f28b4442af4821e |
| SHA256 | 362d7392764c1210868a39ce349156673554b1a4cb09f7d5f88e9837978902b1 |
| SHA512 | 1457c7699decfd72e9e7dfa5e6c40ff879ece1310c55a7daa236565ecb78071c6d375fb4cda480dc86d7187033bd49a8a9d1f5aa9f339e4a63beb5c21cf196e1 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 2a0bea88ce233b8d841d56df26195e06 |
| SHA1 | 889af4a1f2b77423d5557c8ba7980e5d25e74647 |
| SHA256 | 6116b30ab6f4bf5f0e8eca78bc67890e7aacc6c74fbb4a15a93af44bb34f2636 |
| SHA512 | c3d2620e3e1c19b63bacd578cbe55d52242dd01fc3ba5a90d0d001f8cab105a123959f0b18a8e6e71b4dc97d7995e832c8cd2d3693d808c8a81c98499cc63fd2 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 223c910de3dd4ca9aee5af9a3e99cf23 |
| SHA1 | 83bc0eb4d0b8b5b51d5325d5380cea4a29fb23dd |
| SHA256 | 4e25464481df721ed1f092185fd0bfc3e11f256e1927b57bf889c23e7d917bc4 |
| SHA512 | f93dd3912a17837e1a4cd0a5fd5b3894e478ef4c14cf026b0c51ee38e247b9da87454b8cd6b596ca951ad98bb0e8c1a2219e2cf647529f9f528f13d5611f94cf |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 33d84e1d54c280a0fbbad0a5f5c8218f |
| SHA1 | 1abcb573fc3d82dab1430d9242e3438789d684c5 |
| SHA256 | b68fbf0c359919fa60f14f04924f5d7f74a36918cfc99b01f58625e1b56a80d9 |
| SHA512 | 08a410da918b4dacaf42da1fbe83592ea11b7075edf13b78b17e5b1b62a8e71801158f5efcc053354aaec61cf4d18d7aba2b4eedaa0816eac21e5e5cdff5db65 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 2353e9bdec778a8bede8194701c88030 |
| SHA1 | e805b0d27ee0e63256c63ef2fb13a4189dd27dcc |
| SHA256 | 549c9a4d4afb57e20ba07d48bacc008752a421cc775e71b737c97dede887a6e0 |
| SHA512 | c644f406c49474cbe6ec446a775b4f58f12a9cc0e33fb8041d8b9a92873c30e133623b5ccfc7b99a4c8af6d350fc48ea84d91f7bbf2fb5b06962639699f0a5dd |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 592665cf8e73326ac2762cb33c41b942 |
| SHA1 | 17040fac8672cd384eb5289a2db4786d7898c204 |
| SHA256 | 219afd4949aff0880797dbd21cdfc80011ccf6fe2f1221a1dbb4535c920b78f4 |
| SHA512 | 37c630641013b5d4fc70cba9749e96502d5de3fa035cc7a57b386887917b8d49fefbe20139fb69705ecf1c9da9ec25a221b24e77f2901560f3f3293dab65f362 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 12f2a34865a642551b820ae055872c45 |
| SHA1 | d8f54dcc905daae26eba3a0edc1c8ccbd0ead9bc |
| SHA256 | 727d5e5f479d83cfd3a4faf5716ee44090ae93331fd696afab445637be696a75 |
| SHA512 | 12af1aa20a9c681467727a5464b2c62b5f4408baed0bed6f08223abe30f3fefda53d705164e364563dd88293b2010f06814d8dda36160d880f565f469f84dc88 |
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log
| MD5 | 8f13b28b27e1b9ef2182430abee1b4c5 |
| SHA1 | f1d75c91dd80829e2791c5f91e9546244a44c25e |
| SHA256 | a8beee13be8ebfd7060b9656dadda4260f3800c726f739502ed3554dd44ea93d |
| SHA512 | dc1ea5b5f7488d1a211c3ede3cd9602e98a250b5a9a376c96724f49541828f40aba232569b0f2caeee1b98d9e9938d95620e38d39e56323d9785635dd5faf777 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | 9c4bec17ba2add58348045dbc762ab67 |
| SHA1 | b00ed0ca3634a93a23f70e79bda67c945dc915b6 |
| SHA256 | 9c3b11ba1d4e462d9470fa0b50a61fde9f00cf4adfafd8e8b19f1e8af369cdd6 |
| SHA512 | 6aab0e3d3c189c18ea6540d1736b64a518958c62e1cb0a2874826f6cfd76e3a06fdbd28ae0b81e2fc8fc20601d00d804d86fe9887ab6919dd8090a696fb52b31 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | cffd7ecf8765733aa7a2c36ca5f1eac0 |
| SHA1 | 549b0974cf92676a7589466a3ee29e1dd45afa6d |
| SHA256 | 89c561a58d649d5f29fe1c576ca46245780369845df32045a64739b4056d8bb3 |
| SHA512 | 47006f07c3270f358ce67c235739ebaa17b8fbd9a05da9f05a079322a003f8e6d704d3c5353e1a186df74b1bd6438526f6701a0c173563d676846c0f0f230be6 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | c0b9e8891cc6f485c1d786070cfe9ee7 |
| SHA1 | 4db7b720dd427ba47718d1299b7917ba41dc794d |
| SHA256 | 242ac747d3c842c4ef4e923de27cb98343fedc80e85c96bf291cae9e981070c3 |
| SHA512 | 883628ceb63260b137d8aa9b2faee1e1f41c3681bee3f97a9f67d36336beac048278f7ca4ea5b7baed8ad0fa89fbd34d531de072ec70a466260a0c077218cef2 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a71d60a766a013d337a9be4d2b519c43 |
| SHA1 | 85398382d3378c2b82f6d5b73ba0858dcfffece6 |
| SHA256 | 3d2628b84112ec8887c5b95bce37e34f82eb8a4a2fb8f4b973adadc079279bde |
| SHA512 | c967e92ed5088dccc65830d02948123d20ebb98cae31cef7ee1bc889b4df8cf6011dfd4bc659ab00578838618906b880a5eefdcf6c4e4017a517de89fc27d240 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 7ec33c052afd81a7eb453f3a4a581c15 |
| SHA1 | b1589c853cc11e3842e89bab21b3b6c746ecae29 |
| SHA256 | d2ff36638e2efbebf663186bbc59bb128ddfc1023bed2c20d4803495b410c6a8 |
| SHA512 | 7b68f05947ee9b899b82283fc3bed115e2ac2ea1fd2ccc39c87dab2687321d247d25c4a2cf396063d7871957727ec85b40c45d373ac5a9edb181530fa4761526 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 543b8ef8ee0bcb7515d2cb6604aac9ee |
| SHA1 | b380024548c54eb9a92f4eb80695c48e6ff420ae |
| SHA256 | be4948533b99614135ffc3dc9d06f2d9a613560227ec3525efa2df5b9be5db73 |
| SHA512 | 276cb6b3a6072002d7e0222171fd51f991266766a18d9befe2c9caea5c39ef41fe6b92be7af1da3e4d589a4c36d1b872e2ed18bffffe1a243993542d8345b9ca |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 82ece4654a49e3d5801a7b896b383084 |
| SHA1 | 04315a5df9822309d0f00a0aba4df2b4714f76bc |
| SHA256 | 85e2148e9b3ddeb9449188e18146ec8faa04596ac247d667de8749acf74bb580 |
| SHA512 | b1ed671333ee3d12aaafbb5096c9fbbea4600ec837661e333ff2d19df588601a2c7430e62bafae2c2725857291d78f6a7994639b8cda2856baaf9a66be52bc5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 59b33393f79d6b2739962ecede5d2600 |
| SHA1 | 6964782036fef08504dcc7d213f21bad71c4957b |
| SHA256 | c208be034f14889af4bf6163de9930af6b4fbd75a25cf0937b8af9022f2f1ee3 |
| SHA512 | d9245fd00afedd2a4618b5a7b069d4ed97642a81b090280a4a08ebd43352fc897af635102b74913dae63dd7af52be720e24d02b524b5825c40c27dd52f6f0708 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ca09bdff2b40500a4f824db79fee984c |
| SHA1 | a8d2710eac597563194cf00a1211256ef5bb9f85 |
| SHA256 | ddb20fad110e1bad10ca2d66dc69db38468edc2de2f54be9bb54c9b496ddd032 |
| SHA512 | 8322b8400e941f4808232b9961753effa654e4fe4e99d1d670b2343f8629b7501dcac21ad5af6d9cea1d65c2b0bdb1bb561043083f74d45b778c530811ff0150 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f1b5035568d405b344601401cf298b7 |
| SHA1 | 62abb2143f874ff031618aeb42fd4d0ba87ddea0 |
| SHA256 | f08984bb20f06f648e656392e8c86cca656281181f1859fcd138feec68a57638 |
| SHA512 | 6ada91caeda2f2562ab8b15db08fab9fd41521cf73b4fa1817af0370d8a35a2b41403706665f9b8add2ee15ce9c74d00197821d491a4f4af8c0a4927743cf869 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6a4bf6fcd6810c40dc30e5d47ab546e6 |
| SHA1 | 5676e3a5f54276cfdaa47cf1e1e6ceb318ccc96f |
| SHA256 | 9b61069138332faf7735581f18e7c40ad0f0a001b8f54f0fefcb99aa155d4f36 |
| SHA512 | c1efeaa16eb25c9126124ac54c6d8be28b00ab43b0cd9da928a06d84130d3e96d052ac78aac33420d31149f83006bd44a6ec9f60f4689f432a15d2949438f8a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9665c354d8e8f65142f5959c2d2b79f5 |
| SHA1 | d617b9427e0b4b9892e6f09baca6913cd64a95d4 |
| SHA256 | b01b033b8f3d3ad32b46c54e6b51839fc696a2fda0718bc12e8f286bb43edcad |
| SHA512 | e82a68afff939f5479882c1d26104b0c589fe84d1a825dd031c6712562a0d85e042b0b4bd36fdfbf312292fe66752cb35a1bdaa1d1f0315aa25d6f9bf9d37455 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ef3671609d75a19718a126a471b8815f |
| SHA1 | 8382e52ee8e386d33b5526e6ddce49a0ec0b68ab |
| SHA256 | c63a78100ae50452c3c4b1c2a9f2d862c5f5a87af43451fb7bb9d6d25aeca187 |
| SHA512 | 645dee7da94b0b0e64f962956073f1be35ac44cc9aaeab7053e2e9384043d7ea7dd379d4e69762fe3551d10ae5350e2742123174ead0fc000b42846615fd235d |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | a5ad52a8005dee83be704033a79c0399 |
| SHA1 | 928eeb0a46f1c05fcbe7aaf99bb90d05db42f6cb |
| SHA256 | de553880f4522ebf6df2159475d801688eb93fa055ada3074f4a79445a9b30db |
| SHA512 | 4078e7ecb9f158bc953abd4280acf410050787327f560c8f361929c51fa3ee8363bbe2e419d57926deaca1e3331e3196daa64dd792a02b0060f8ada76e56cbf9 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | f32a21bb599377682a6ed7daf0230b2f |
| SHA1 | 82bf2720e64b24eaa63a009fc7592cc73c7cb823 |
| SHA256 | de9e116467266b0e7d0cd4fd318f41b841487a1fe125b437f211c801ac8cedfe |
| SHA512 | 54760cd4d0ee368b9729c48ee04c3655f8f61d8c9b1a2be74b5b6bbc3ffe6a71886dab023d1033e1d94f9ce8e499f326459590428ca29b6db0b75438f2d81fdc |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 38a176ecc96c0b24ce772e48c7521567 |
| SHA1 | aa72560e4696c47492c2466b786338ded151bd5d |
| SHA256 | ecedb7e110a9f7db37d020315f422f93575eec79c4bdc4ce992807d871bf4dd3 |
| SHA512 | cc6a160d10fb6a5e5d29b45e03287f394f4b2cc682ff93cf7c96b5fe4c9beb35fe188dfab7dc5dc3ea539676bcb14707a44ac6874d3e96a6f0f0a39a4250a7df |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 324ac8b4035e1d3bbf386b3eed71584b |
| SHA1 | f921c5b0a2d8ca7e79925587cb341f421c5d8446 |
| SHA256 | ec64d6138310f9056d82badda02630d3008370a46167e7edf27a7ef59dec0cd3 |
| SHA512 | c5039fc42702735188a382d6592835ada8afdc70d739eb5e248c232fbf1b0086d7b6d5e8117d4d4a7e0104d258e3061140f4f364de43298090389b24be7c13d4 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 8dd60d844a9ce123492a010b6415fb8f |
| SHA1 | c9094e371b42148ec0da9b2c80f14e82e9f72430 |
| SHA256 | 17c8d51f1fd6c686f629026bce2016aec3661a558bf2b44b5896177a0fe9cd1b |
| SHA512 | f0e5ffeafad24da5ed25b7e18e78262add5f787fb9aec6bbaa7a1346e17310875d54fd823f9e4eda46c863a9c4809d1e7ad8511c2fafe1fea838231fb12d5220 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 2a6996886115399651ed5a498f31b6d6 |
| SHA1 | 91b4778d457615b8f6dc8b01d611749043ae15fe |
| SHA256 | fb7a02806a685d006977b5a4f01f85f9f57507bd771d25d8e17d0d0e7fbaa18b |
| SHA512 | d4c3db343e71b64484845a7f061eed8aea2b46c2ad56c1e4cdd17a18e64d1bc534eca81318fb680d9fad58a37e9e65b53e7f6d3c1cf58a4e4d98ad8bb2c8ee9c |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0c8b8c18ac770b25b08e355763ee3582 |
| SHA1 | 5f48c080f80e489c6077bad70f4ad2dd4f702ee4 |
| SHA256 | b381418fc31186309eb7d80ee29cc10f74219b94d7c8a32028967a0f974fdef8 |
| SHA512 | de0f21428dbb82c868bfcf970c8cfd880d517e1115539ffafe3ada91ab7a6cf2e2a6b65bafdcc53267e5f4468d9c11435e37c76d93565b48697b0ed21a9ce6b0 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Windows\System32\drivers\mbam.sys
| MD5 | 113e213914c40631aedef185984c5629 |
| SHA1 | 57bf886bfe1e4d765ea43e4c91709a5c4a9a024a |
| SHA256 | d314cea3ba19c49342763fca6b64a33f12d730a8fa531ed9f7e75675035ba004 |
| SHA512 | 76d7286963f28430d8a9bc3b59adf209b5fceb6a5248b7be54c60fff0b931ba2cf46a779f7e66008baa0853ad6ce55a4b9dd56e33574230d1e2588f7679630b8 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | d5b4b6aee2e9f66e9600f1ce4f3fef23 |
| SHA1 | cce9528696def1f33beb6174ea6d9377fb1d4db9 |
| SHA256 | 9530e5a7f4995bae6d4c99a5e5afce74ff5964130cf28b944ba0aec244819b5a |
| SHA512 | 7291e1ab6f2995d54eaa5b7a0fc884c983d9cf8ad0dc8c0ef1713c12eaf01c1226858acf3d589786f655b07c494f59a444b698d8a4f0befa8cdd31b6342b6a15 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat
| MD5 | 3b5e486d7440e5d885c56ef91f210ecb |
| SHA1 | ec51d4c2ab776ededa1e6fe7e07194c588d46ca6 |
| SHA256 | eaa2fcda52bc0623da8ef55638b97a99eca7620a5b399d2fd5eded054f63ac75 |
| SHA512 | ff871bfd41dbbb5c8a3f747ca5150caf7f6c58567a99bc650ec7527b910ad8431d2457bcc6383baf200fea4b177053131261e98fa1e3afa67b8bfd88eb1f6d18 |
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll
| MD5 | 3bc4d2bb173c005c678da34697c17d99 |
| SHA1 | 2e07b4f3af7dc82d8f7a5fdc920578f6e908a0cf |
| SHA256 | fbcfade08f8d2617b6e9f2e279f81ce3b5e1fc0cce5bcfd927cde1335114f6da |
| SHA512 | 36864cef0ba96899d1c9ce088ae931b10461f1360a21fe8791b61acbd6ff1b30786a0f6745eac6acbdcfbcd3f05347aa1aa05fdaaf9e36e8fd0da3768ae78a17 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA.tmp
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DC.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | cfc82bfbcff45abaff1757c0f5a984ae |
| SHA1 | 1ae5142de9c852665b4a521dff87801368d215d6 |
| SHA256 | af85e115069e4e6e2bb45fc833cf8ab2e386f099e5d51477447c487d64707938 |
| SHA512 | 4fac9c7c2427d40a6d737336b2fafcfc71d58d3f68dc29a9ccddaf1ce13eb38778d1193377cdedb471e8ab631b19f25acf60645d0728d7b74ca965bb365b52fd |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD.tmp
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DF.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0f5de916828ab43d91d8cd3b87b57bf6 |
| SHA1 | d120c57f49d45907549ecffd2ba510cae0745c5c |
| SHA256 | 59f0e5394998d7444c8914ae98e33289e3375bc8e0d2c2895b458916db0e3109 |
| SHA512 | 5dd8ff5af9e0436fd4a457ad43abdb65bdb4c9fd8a519564bed9fe905895e432f4cd8e64fda26bddb8bdbf68052ea99af9b28e72f47d0b68f827e405ac3529ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 113a71a412f7f2fba94fdcb0c1a7ec76 |
| SHA1 | 4bfe1ea6679a7a102d157e6ebb6fd254bb83e285 |
| SHA256 | 8b3f7cb4e14a898a58f1f330bda1fcabdeda3ebd2e1b5206e4c3006ee65b78ca |
| SHA512 | 0f0e55bdf74eb72d8c08ebb91ac90782a6295bec4caaf669a8f525d646fec5fbc0277ed47d9dfdcc4473a3530ae37603b63bd53c97d287e20f874487718d3b45 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf
| MD5 | 05486a31377c07a62cbd8ecb63b2ea81 |
| SHA1 | 15503875354b6686e9a9ca7a6bc333fad33407ed |
| SHA256 | d1da47e79e90130249e75cb40f41210256f90bf56d6036e0e75bdf3bdee611a2 |
| SHA512 | e1bd08bfdfaa9dfb128cd85ac0a2950747e6d18bb24aebc78919a180994e333773d0d30b958b00804c4af535b443be1ac28d6c3237256eba62d3c0812009c975 |
C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw
| MD5 | 31f4ed6c2077a6712cfc2b27762b580b |
| SHA1 | 57c68266fc9b49c5d7dc62a15eb6636befcbc84b |
| SHA256 | 1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3 |
| SHA512 | 13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D26.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 78f1fa2c350b720242765294a0dba213 |
| SHA1 | 94156d32a19ebd8576e19835a75bb1dc0a45ab46 |
| SHA256 | 25b5c06fb08ca9ccff8938aaf8d1e7e8adcae81c1499b48ad013dda62af9bb39 |
| SHA512 | d6c5356260d07bc1dc4c4d4a7f230d4a9b42c0de8386308a9b7c572b15942b82416fb2910ad249e0e3e8e280da0c8aaea4eb1730e04a8e2d604deb48928d6549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 770a59ea77ea526193bebcb93df9f2ae |
| SHA1 | a9d81380731a3bdb0ff1f6136fcf5afef30a9687 |
| SHA256 | eb27460edff7774130b47bd618233c0687492fd1cb62610d4f5dd483725b939b |
| SHA512 | 90a6084bfb1b77b511dfab82c81256124ad017e69577719c2270c906b30aaa7110d482ffed2cf01c57c57d7dbce5a567be2198eafabf98f4d18a6ace5ed1b2ea |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3B.tmp
| MD5 | 607039b9e741f29a5996d255ae7ea39f |
| SHA1 | 9ea6ef007bee59e05dd9dd994da2a56a8675a021 |
| SHA256 | be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369 |
| SHA512 | 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 26f1165df7b398f6790609ce193e227b |
| SHA1 | 5f533416b8746a2b916e9bcc6e37082dbfaff962 |
| SHA256 | 39602bf44a323e4c309fc8ea17d4982f985002dfb6662e63c9171011fda89571 |
| SHA512 | 921bc9eb65dc205f4da689930d213fb5a2bc97383f6bfc9667dc24a00ec7e94084aaccd3948586228698d6f1d2466d2713ec9905cf4975a25487f97a879eb4c1 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 64070db00c251165037d48bacecd23ad |
| SHA1 | 0db99676e9d3d55c481f40531d2ffc33d1074cc4 |
| SHA256 | 94a95fe491f13cb5db54a26b1ff1aabdf21cf8302fe2426b9d17ba550caf5ba8 |
| SHA512 | 6741c9dd88e83e4426613140b585d8643ca01fedd8b24b63aa8ff50a0984ccb1f4070e53cb79e27dd20e3b248f4f4a539b75ae53bb5c78bc70ba2e83af53dd5f |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | c34d268548bfdd31c6fffe2e274bcbeb |
| SHA1 | 3372e81ca0ce0d0804ea030ffc92e8ee9c136d76 |
| SHA256 | b7ec6430e79c4f1793adebeea4cf52752f105deaffd6e037cfb1beaebdf311db |
| SHA512 | d213d452d165828bb1ccdba44715f5495f33ff93f0291605b4c888bbfb0ecaff59ee7c800ffcce5f875b17477ce87281ddf0bc73c84f7b80d6547bc8565de9f9 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 7c8e04ec2a5ece0fd0d143ef22aa2348 |
| SHA1 | 6d5aba2d428ebe4727ded053373a1ede577be546 |
| SHA256 | 9fc0c707fbfc5c445de91e809c92989e263b7d8609836935a5c63f0051fde06b |
| SHA512 | c0440db90a7175ec76ae086933321193dc321bb8a7e7b79f44a640ec1cd1e7e083567bf0f127bb0da995739c3cd9267af2f1ce875c3d388e175efbb841c0a1c9 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | c3fd8e97c857400afa0b4f4366966edc |
| SHA1 | 4e6899fc09dc9cc7789def99778fb4a338bedc5b |
| SHA256 | e48ca24fb5b9f67252f790a9538c8d38a6f0f773311e695b0a4c335206f67325 |
| SHA512 | 60593216d68726fbb626ea308668631f73620239faf9056aea5b3b176e99fe60414e0b9f34f500afdd51b5a2bb6a79f2caad0dcb8bf7e9959c9476daf76cd486 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll
| MD5 | 76a6c5124f8e0472dd9d78e5b554715b |
| SHA1 | 88ab77c04430441874354508fd79636bb94d8719 |
| SHA256 | d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d |
| SHA512 | 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | ec1aee4d4f25fd7ae8af698c2f8c3ea6 |
| SHA1 | 3f941f00777423077cdf554128d35186d2e5afea |
| SHA256 | 7ce1b975d93882c5f151b97a809c9ee231df7b74f9f8e568ccc1a2c4018e1f47 |
| SHA512 | 9ed59dadc79c2a224af2d8c77f459b9987ac23ac36e81388e13b90e3305a08ff07906a314b9be283a46a7426d7f550b26b4c2f4e3c584183a4052ef9a7752284 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | d2633eb3217df3ddc638585be7466a4d |
| SHA1 | 4e5734a9b09c53eca56d96ac9c071e5b79b2b58c |
| SHA256 | 4e25f7bc0c835d5d7217560918f1e295c1169bb350b513e1fa1b0b010788101b |
| SHA512 | 3a7a5faddc678e98426f253428ce89da291bfa636ba21f18104b98bcdb22bcdecacd2f912137e4152497778ed21590e63391d160295a63d1027f1d5b26504e26 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 77f32f9d541b5fb221a982cdb2ea7c24 |
| SHA1 | fb8bc894c18c1dbc3203b7007661965319f150ee |
| SHA256 | f08d4734baee9d58411d7ed79ab2be835e068ccd286a8c95e49e53d7b0096b24 |
| SHA512 | 4efcc636886989a7325ebe5d75cb65cdc3e4f9563d5a05b4f8528a2a0fbf96b89e4de9bcd304fe63a3e207c3211239ac60d504710f1fe4f9ae75fc3da3ce5e05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77bd8cd0f889df0d212a10dd6dec14c4 |
| SHA1 | d4fdc3fb7d7a06a8f6a7b33a69ba74c61fafd131 |
| SHA256 | 10fb25e50954ea5b6b1cfaf2c14b00f2512d6a0bfee588f9f5eb3943bf3c2e35 |
| SHA512 | a66de269cc15a7fab0e68286d53d3bd914ebaa024a435e6f54d734f23c1a7944f82c6ef9fa9fd809e5188fc49246c6c174a93a2e41689368e4b9bd14e18d4c44 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b46e81e143f6dc3929df7120a3fbc9ce |
| SHA1 | 8c7f2bc7b0d4a346ccc885684209264477249697 |
| SHA256 | 310f3cca727225411ba0aea6b1c8cd0bc9100e00021243fe515ef7cca686e525 |
| SHA512 | 5cc5b03d9ace5b78467104bb6e4f86ce1e6ee019c0ad35545e0ccfa0533debdfb8df230b430aee46952e0f8ab593a89324746e5aae5475b15d597956d8eed1f0 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 76f030b191342018b40e8f4d3cccbfb2 |
| SHA1 | 57ca0cd41f874f72cdab3ef3c9b920c9dcc018c0 |
| SHA256 | 415de6a3c33c69f1e6611b14922abb2097f03b330e76ed7dd12de93853db8f73 |
| SHA512 | 9af0adde07fb6cfe00f93cb4178a905810f9bd208eeeff71e550c5d3ee831f53dad341fdad412a200856e679f054be38587b7a611b333550566c782885fe4d27 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 2d9d94153acc79cd624204f938eb3135 |
| SHA1 | 3bcbc140ed0005f5ea286720e9a9f178f747b1d3 |
| SHA256 | 8e5e8cdd38657bdb9de0142d6364ea10145947ee73da51a56ff600d3ff1c1b52 |
| SHA512 | 0a1234a664a239f52bde4e6438edfc0ddc6096da3f855b15ec5e1f05cc9b25a9660fd79cb40cb00c9683a81da82f1237600c9b689164483a854bc4d89e1fd1fb |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b05eefe2da25b9c750bf14cf4b8de8db |
| SHA1 | fee4d9bfdfcde8390b8d7f9defd7a90027a3b0ab |
| SHA256 | 9f8a0550bd6bedc590f79c816b33258ecb2dc109b3f9a5edc38a06f19ff5f737 |
| SHA512 | 78852ea5bb303500fbce22453bd1e673f7675f37ac8ef82d5861283dbeeecbcce5dfaf1478234fb0b1f82944d58a3573c5cf014edfc20a8dcd752885498403cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bf7a95dfd45731a073733c751ab20154 |
| SHA1 | c88d9dcdda588be175de5a0f8b3606e722b1e70f |
| SHA256 | fe61f4ee060992eafc44d386b83daf5120cd19b218f0eddbacf40325781b93ff |
| SHA512 | dd02898dee3690a71ba48ce5fee35a9d1c92a86d35ff2762354c726bd269a99eda7bb13f103c8126e6fb13c71a902ad31d4b653de224cb82f26a2c3e9d43ccb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cf3137abb047f97a473037aab1c7018 |
| SHA1 | 02b734ba3f3d2c08cba59aa4999c13d800b27b21 |
| SHA256 | fc6c0fe9c2845d9a235ff0e5cfd536c69dd47bbdffbea9c7f6a1c3e6fddf2ea9 |
| SHA512 | 0b1c2f821f738ad9a72380c94796db76472a433304133324468fa7d2bcb5c12f0b47279925e298d345ea36400eb77a842f18653aafd51e423705b8b90dcd9c78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2a20e1ef4136803266fc98593fb0476a |
| SHA1 | 25617d6e681604a78c12e95f158dcbc86a940adc |
| SHA256 | 9cc009635b15078c528b877bd1fddeffa51c072e261a6ccf3af233cc8deb4256 |
| SHA512 | 528ff84e0be2f4b440d966dae64e578099d74d68eadbb20f5f8c60a5ab56c7b3344d622e7498581241341057f36bed926f7728989b0102869fa78bf952fc4023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 817378aad72613ac8e0205275d0fbe8c |
| SHA1 | 56a4c104ea38cf349cb7fbeb6de40c7751afacd1 |
| SHA256 | 1af7ad9b40a9fcdbdf8b6da03a36b5f6f7044ebfd9475abe34e12a95b2545448 |
| SHA512 | bc38c2a849f911f76e8d6ea7720567d1d60d8a9d76aae68881f39202b6e3ff0d5f7951534f61661aa026df05ef58a1a3b6ee959fd656d6468f37f77d8faf2fcc |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB1.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 786773a2932fb3e6e688716fd3fb1dae |
| SHA1 | a3046d8b7d4381b29f5536cd52734474bd9f03bc |
| SHA256 | e8905211da0348f8761dbc2d4536e32b52c24346ee6c64e38fa48eb5229b65b2 |
| SHA512 | b15cc3e1153f0330c5c1c88a3e8ac531eb2f075af267c6f12a846df812454a39c389190e9146a68511e70b4fef3bec160a26e49bea70a947506bad314ec07418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0a586e3516aee975a234d7738e04f176 |
| SHA1 | 7e2cb6a5eeb20d6d2e321de3d35567a1d452d7cd |
| SHA256 | 31f631e409a2f412d274bdd1be5deb425922b9110a4c7adbe190b142418a6e41 |
| SHA512 | 6ac312f4f73342e14bbcde0a957d193527373d2280fc4c29e54049ac0f941ce14746a455137fb5c26182555a1b83b0839be52c8ec144cbf4802c3fe26b58bd7d |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | e4b0721cd77aa42285336bf8767ded6f |
| SHA1 | ebe56e40fa4e29530dd8ca2c9eadea409d3b34a6 |
| SHA256 | b7c0ab0d016afa7280bb4b236d3a96814ea6c4b092d6e3f94d5af2d6fe813b23 |
| SHA512 | ebab05c462bc3ab9aa92c17d76473fe7c7413397081e63c3501cec4a3b924b219d15c1b4b45787ae0f6a3fd2e664d53759bddb0951d29fbd2a247427d8d8220b |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 11bd1f710de2076b12212ea93da3a048 |
| SHA1 | f186505ae7d7e71b08090865b90e9aea344fe2c7 |
| SHA256 | 1c489643890278620662b4784bd3e988ce8515909a5ca93fb6d45e63c7f03985 |
| SHA512 | 7aa7373ada405d94129853b184486f7758b188342b86f845b090d9c0f2a1cb241c153108f7e899da9ab947a2b13fac22aba91f9d5c35d60f20286901d552dcc7 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 190443d0e02687c148ab2b70c54a43a8 |
| SHA1 | 0df0a5bb7654faae87d8635d1f5f5c2445f464e8 |
| SHA256 | f62280a1b424fb00f70e9cdf906e9016a235ec29eb29aa861914d9befc110a96 |
| SHA512 | b002cfbc59d08a8f9d4cd950d9a0aed197a9a5222091b53c95be2c8a5028a6ae3fb4e23fd30c5a0a53d5aca960fb442f3b557b31b97723b2ccf6e176e7ec426e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a31a18b6b81f3e7a2a914dbdfed26066 |
| SHA1 | 8d5c2cc226cfdd57e36c91141159183869f4f704 |
| SHA256 | 06693bf5fe26d411e5aef683498b045a717951684dc118ecdd157f2ee16abc50 |
| SHA512 | 56ca1b90ca9b91c50233843d780dc2a2b103b960c6f598af64f31dfceb725b96a889a724fcc91904d6a867739eee927bf2b8924159d5f5dd3687edaeea6da3a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5da4ba92d68b45d4f08f6f68593b3437 |
| SHA1 | 8dee42ea38e942c83ff40384cd4fd11d5ecb6734 |
| SHA256 | e859e6a59e33528e6725a54c609a0f7ef8cfa62c7db9f0b9ae07ed76b7f7b23f |
| SHA512 | 960cd4427125dc12e8cd7cda950274d2ecae854cdce68343c5241108ded6bf94bb7d8125888aaac70ae53a1ab39c8fadf8d6da38b39b9e1c0f057c580ba1841b |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 1dd01d3f4cd815e9dce137cff21ab826 |
| SHA1 | d420cce9dc4a9aac2421f46d4960bd0c5eb092ce |
| SHA256 | 8b6f5edb46c2c4f89de06f7663599bfe4abdd0a7915c86f9893b94e404a7ea8d |
| SHA512 | 6acbe8f80c36f1c4fafc0d26dff72909ef246d603254b4c75cd056c675ac59e576d0e8355f55b2e521b3cb2b8cdac441b756810697f4de3cd6b06a701211f597 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ec800c97844450b094c5cda09fa1a894 |
| SHA1 | 67b1ee3d26a7e26333bb0623a772b6ed017d9b61 |
| SHA256 | ac593517a2cd4885a9767c3dd272095b96825cf5325f6ae0dee983d55bdb998b |
| SHA512 | e89c18c1850998c2afe755041805c1805c8a3daf07306269710c33a6b5533d9a4eafc4ed190bf0c6b3fa584665c3de4b66756daf5824ed174b727a1dc0c2eb3c |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 42dde2a36db917132256e5679c79df89 |
| SHA1 | af4a5960b5bea7cb226b030c2f65f350ff54273c |
| SHA256 | eb730f71f30a18beb8854c557f9c61003716b05092cb2188bd90e73f0f5d3024 |
| SHA512 | 5345c72ba948586d98bed96a639f175bdc00656c6024b9059fba5692d55fc97c8f3cb029551afd9fcad8a4066fe06cc8bc0274552269266023eebf536b7615c9 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 2a7e497f2d1b33318e04bf74e9aa0964 |
| SHA1 | 1c1b584ec38a8cb52a1e14ed3d4cca120b525cda |
| SHA256 | 275ea18e8acfc8cfd6e28f7a76b1bf004874b4b5d853d74f73f7e6c9bd7cabc6 |
| SHA512 | 96f29b428c4b8c6acd01f276560f01984c56068f5aa1699b6389d028b67eac251497a022ab98d352fd4de531157365ddbbf2e6316862150f0fe69b0115814694 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | c72e4d6fd2e6148d8d351b83c2ace810 |
| SHA1 | 874ba131016ec327d194d941e9bb752eeacadf0e |
| SHA256 | 06b2d24e9176726756cddb85aaf8f942d0910ade0c149608782e72b6021818d8 |
| SHA512 | 881885f887b1864700a6bf667cd5e05e06d865f7ce4ec42476ba00a8b029cccda4b9fc6e882513f1b63dfa1b6834d81cace8571c8ae3bfedce4e8265c41c4d75 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\e0af9fb4-3671-11ef-8ab2-76d7d0441b5e.json
| MD5 | 29684c4a288a5a6da5a9ebcc8eeb528a |
| SHA1 | e2bfbac1099fab40bba2be4ff67eaf96df1e7157 |
| SHA256 | 42ddb84f26722c94b3c5564de211ee1384969e1bc543454a48a5f174e45dc44c |
| SHA512 | ecc85805476f358c427cb207dd7540711487801e348f468561f4210e117206dec86fa16987d881218a6412d57034d82411a64b95db353e4ff54819c71907126a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9b054d6c03b86696510620bb8eeea403 |
| SHA1 | 3887b79e00dc2d12572266a211bc0200dfee9fdb |
| SHA256 | 0c678f1fc0042ac339beeac0e9fe3d0c244016c11717d0d8e32daa8ccf8afb97 |
| SHA512 | 52d60bbc3b3e4902b42c4935de56cfaeafb109be97874479ce340ddac9b164148369ab6a9a54834a2fcd4b3df34dbce59d705895a937ddf2c165188178b2e05c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1b1392ac5037fef90d87204fe1b47c2 |
| SHA1 | 43e0663ecd75b2da6401241724800d0b6d08ac75 |
| SHA256 | fddc8f3f97fd4aea90ea89a07e871cd581957ce1f7f3ed53c324405ba6d49947 |
| SHA512 | 0e0cb346ee1209781fba806b8e9d2c92c6eb66127e8dba82c25c131bf740263b677ca6fb5480818ccdda2a6603910783370fd6067cd9f08732febec5d4ade830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90f56b18eb6d8eef077c18cd71c40f56 |
| SHA1 | 2f5ea31b0077da8ee51662d640c621085f9a00af |
| SHA256 | 83ec171671d0a2c3168553900bb5de0246da8514574a8b93be5a50dc7a073a55 |
| SHA512 | 237dfe267564a1bb2bbaa793a3dd19a43580510d35dbeb6ab2295dcf9d0147abe37413c755d79f8389c6a20155f93803569196fda82330693d5ef257c5bd5756 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f569a4606eff5e2ef0722248d6e98a1 |
| SHA1 | 66435f06d39f0d9561d5d42879fb2181b657e52e |
| SHA256 | 8732174cc1fe2721935d5c73cc97e884feb9284083a74c0fbaf0cc5e0cd4a81d |
| SHA512 | b8d81815a807630e1db5176906ce9cf4631213a62a4ca33cf9b8d5d247d6153240a8ceeb28b8dd91da3371c0962764c6f9da3b8f260d9b6b9d8d080f361ea0ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8953d91890c1d8874bf7a62c5b69d8f9 |
| SHA1 | b2fc81d71d753c0aa8d1130389e258bbf65f0aa5 |
| SHA256 | a109308125459a23c991f54a763ad3e7687c26417b6bdf995333510258c45a3d |
| SHA512 | e36d73f4f55a73ef7c8fa2e329461a1ef19e123e671b970c9d55c950a50e68e2bbf126a4f135a21c123615ae5a7e578a89bd677a6783768640be7a87b7aeb1f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7ea755f3fbfc7e06563a182fff41d732 |
| SHA1 | 3824de3d32c417657aba5cadf04cb90f58705e3b |
| SHA256 | fc0c4bce2eeb4a98b197d442064de4ae96dd00fbeb363d9f9831ad7452865c0a |
| SHA512 | 5f55d5e2ef09b751ec54defb87bd4a29e249bf59a03954f53ddd224a474df717c41bd7c94b91f7d4dff04f8a15672b59192b6ebc96a329d7c530667c2a8a7b9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acea5c88bf9043a8c6d0e518206d8ff3 |
| SHA1 | dfbb77c15f8436321436f9a6c54fe9d6a99d903a |
| SHA256 | 04e72d25194ea9b2aaa26f2d1baf8da695f2c2e642a505d03176cb7d84128912 |
| SHA512 | 7347c0ce152c5808fb92a8427e974b27745ea9b0a65994485796acee2bf6beae878830934662f743975aeb431aaff7c5c319f5fc45391e6583e7bd3213c922a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | ab6ab31fbc80601ffb8ed2de18f4e3d3 |
| SHA1 | 983df2e897edf98f32988ea814e1b97adfc01a01 |
| SHA256 | eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8 |
| SHA512 | 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4a5a210dcb8d4c6c7be84fc4b03b6de |
| SHA1 | 5267878a15da4da8e8b505139ad59a4649d2f945 |
| SHA256 | b18766ad7553da026c9b7adec65092611af990d1b4ad96fcb0b6119778a1c81d |
| SHA512 | f9ff577f8152cf8a150e9b7ab1864726c7d2df46323351f9630ff49b4a7cfe3255834388a25ba0f1d0790059dd7407399d80af7c751ecf81f2ed9d8a9962b245 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1b407888cf05e6fe9b8c0f82845ba73 |
| SHA1 | 1ceeb7b6ebd88f67169a3afe2b53132a9832a8c6 |
| SHA256 | b6c288c805754126ebe0ca46c14bdc8508909089320bad4b04017c951d62fdb7 |
| SHA512 | 8cb0cec6d17309152a62c5a4bb7e4a1f86e60e0960318b48f9115e3c43bf6a25aa35deb73073e30f5320dd6deb8e5516eff31b5be31e6eea75a43e11c7960921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2423f4bcf17f64ed1c953bff1e3aad86 |
| SHA1 | e7a5c0077190ce1e58092a32c6d8e138acbf13a8 |
| SHA256 | 3695cb9e11f39ed66f433ad5756cd1120e6694a8e1449cf1acf5e6fc679445ac |
| SHA512 | f080f2aa8cb50df02a07fb1889a9bcb656264a96e7fdc899c7958fe8e818bf4551c84c239cd69ff23093001cf6e872c50202aebc519e9b6ffff06205a47c9fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 683dc279ab7a0f44f6e3e2cfce45c384 |
| SHA1 | 9642f9e4ac0f37a37b49c04d1b09e620c857ce04 |
| SHA256 | fa483d6f7aa67e468f4a6f32e5eb00228c9f8231ab43831dded95e8a3ea943cf |
| SHA512 | 4463d0ab4e0b189990befb51b86d8e7c8a51d1ce368a24b41aba6510f2b57f23e7be6f4b84aa6c0593949bc3d28a5fea03f47260c63aae59a780357e5beecee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | cf0f6a7a3a6edf628cf0c8cc6b72e839 |
| SHA1 | efb02c32130a97807d96c64802165dfe5c9c5913 |
| SHA256 | d3247c77e7fa37f1ecaafee2cb767e5fd71e2f6798df9d4518b7ea01eee87d5b |
| SHA512 | dc366f93fc42a9fc848fece730a866bb1e02f032caad0905c8b7624434e6589405ffe83a47dccb5fcf893ea3d9f26e2e192bcebd3549882f359964fce46df512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c9818c5b88b57d474bfd690d5fe1471 |
| SHA1 | 2dbc97a3bc9c393f8ee1f7cf9a0702c1fb622799 |
| SHA256 | f798b17e9117fa0f87746c579f42325ce7cd3a4f412d357c8c099b203737e48b |
| SHA512 | 2abb17d3f3969dec6b9c26927ef6d2828ae0fceda5fb5f2075985538f24e2e40c38e308597a5e04c1195be83b70bf8fddc6e9cfd52713d035621fd022b09bf60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d5431181c1261baf43772ffb0706bf4 |
| SHA1 | 570f851e929334ba13030ac11e4f04c3f0c012d5 |
| SHA256 | fdb18514f098f32590f82f2fbe24ed6ae4edac5968587c70bd502d2ac63d8882 |
| SHA512 | ee17b69b91e8b05876ef0de6cc4d803e12eee3358d8ea282b0fe9629f49e88b796e2b2aa01ea81f1e93ab792b70458e823d9a6dcccf4734e71a3b4dd2706cdb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4c0052b5f450d7e46d2f23b73dd0bb66 |
| SHA1 | abedeaba222608061c8d0f17f2fa5e24641f456e |
| SHA256 | 3d2bd317a93b1d5436698087c8f2592aa5a3ba612e93baab23f5f773d7d37bf5 |
| SHA512 | 72aa6d80dccc4d7adf02d181b968cb5a64fce7ce41c8527d09d9799098fba3aab34b59949a7fbf2ffe4d3ce891602f844c9bf663c08e3b246ff216b59868c43c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42a67916a055d5abc2c2f1223b55f841 |
| SHA1 | e393b51a0bdea9be9ad530976424bbc256efe8b1 |
| SHA256 | 809ad1d69275f5b862a1ce56e62bc5442dacd455093b729b7691851b1363aac6 |
| SHA512 | cb7e5101aee398081e60e8bbfede0fdd940154cc107e78aba786f1ef9aa66cb81945d5cb9a3e857faa2b7a09b2c10d23ca1e7d67c54f65673e064bca5763cea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | ebc863bd1c035289fe8190da28b400bc |
| SHA1 | 1e63d5bda5f389ce1692da89776e8a51fa12be13 |
| SHA256 | 61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625 |
| SHA512 | f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1405e472a78a999826d371967afdae39 |
| SHA1 | e0ec5dd11e952c46a9ab7700e18decdcafbbee80 |
| SHA256 | 13a68ffa72cfda86ea621d6cabf5259349c2840add09ce6a33b5af64bae5132a |
| SHA512 | 1e9155c4ee3b13b66560f342fd1c3d4cdb1ba4423e82c581d6bf58898bb5832e7bfe515a2806378e372130339c42e7c92c9d2792212ac236863f96f97c547c4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8c59ecdf529d352045507e0589abd6c2 |
| SHA1 | e92c832a009aa627dae6d7dcc0effb9213cbfed1 |
| SHA256 | 5c6e5b729f65926086a87c5f4206b2df484a0592b66b9dd63d3333d3d2c3645a |
| SHA512 | 304c35b9666bae92f77ac8ff9bc31cc968e2d6657ffc0e19cb9aea1c8c4c26071062dfa582e56246de39f1e83c2aafa8c77c5e05fb52e0d58b8c2a9a27b41e43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d6f5c6d51ccbe94533bb2ad5859fa8d |
| SHA1 | e9fb4d3f760bc5c01fd54f83c7db9d281ec0fdba |
| SHA256 | 2cbc7bdfa8409f2ec5479c34a6baec2f5ba738db9e8ebb8bea016ce0bc4e6548 |
| SHA512 | ca199e4eaefb54848ad9ef2a094c56fe95fbffce35a89118d4296d191ef363c8885b0e5e3113af3b3e3f92973450aa8d55704826d6aa9b5e02a560c1eb8e37b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c88eb3dff9e78ad9c40d37db14e19b1 |
| SHA1 | 55028416720bfd81dffa9fd194936a0e3e9b1179 |
| SHA256 | 262aae184e388ca59a8122d661f60111f00f0716924b4d5c358d59c3fdf5ee47 |
| SHA512 | 834c32d12279801662499d637839851af6f877b52f1469bb631d8a6e9a86fb8aac7fd52298e2c431cfa10a32f4057893f168cce4782803bbcae18768dd018efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 755b77002898223f671a5131d2d95667 |
| SHA1 | be98c62e7dc1b14e097ce1ba1977397fbee21ea0 |
| SHA256 | c2d90e26ed5e459050826c1af732dcb7163b584d12e6e573efd458d23ba582d0 |
| SHA512 | 4bbd451dbab6cd6f8dca8450b12853a324437a5d2ee241628151c03ec90c49970d1f12401a63efe509691ef0f3bab61e1dea5b36a1342cc1723c4225d366742f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 231c895061c50b1663b47933cfce0a44 |
| SHA1 | 6d0d47a2f391e124654992e725b4517b6b249c86 |
| SHA256 | 26274ac74e95ff6c871518477e3d26be0edeb3adfdddc00467f174fd2e205751 |
| SHA512 | f081c463f1a71a53c2e0d3dc8855a717f29e6c3d815e75b6bcc416df45efefeeb1d30917b022c27ad02da734c63c85467a52a8dbf115c2a6435c3ebb68cb392d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 02dd9f2c277888d1f86b54f33faaf2dc |
| SHA1 | 9ba36828482fbc48d23f46716549c5ce6e719d3f |
| SHA256 | 7024a1d631e0261bee3ced3f3dd1c9582a743c035a607048cb4e914fc4b0d8a7 |
| SHA512 | 55f5e637f075751329b0bff021d09dd0f96fcf678fbc50bff37f69bd3ef6209ed845d087ac025b99569507007b235abd6267c415a45f5528575553e14f4c31c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0fbad0e79caf9189e4abe467035ced25 |
| SHA1 | bbddbafc6807d97dd84e529487651b4631b6af49 |
| SHA256 | 772e72cece3289e3c702119382dca58c87717460479c5f926e372498954066c5 |
| SHA512 | 1bfabb6d975c71ebccb5f8d7b7c0b265c1e651aa0547ab6e8e5cba5271fb055420adb92d33a2b717ae773dec0d922e76e1581f1c3d8999595ed0d354493035bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93589d59839cbfc2547bd3325b61fa22 |
| SHA1 | ae985e59f6b7b0e8f9e1bd087de598833e0185ce |
| SHA256 | 4e93a4c675b1ebf93dc87aa1196b1bf316a1d8daeab29de14fb14a2e9c75f76d |
| SHA512 | e742c78d71a304d08aee58e26187ecdd9342192b7a36e5be02b4422c244ad6755c3e7a758d4587e809e3a8c8fcd19a8e06af8cc3661f0c8acd48c882af1ccfca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7fbc085311ea9340d59f6f3ac9fe64d |
| SHA1 | 0c6b30ed31c96428e7746716645d4a5def38b8c6 |
| SHA256 | 2bd06da03ab5996e0b6333d28470539f3b49913f0bb8b09b22ce8bdc5f34496e |
| SHA512 | c7145fa8fe6c9d9d112c302fab73611e4c74860dda8d22a31c5ad6470dc85385649662395c74ea71e1254f1395204d2452fb4faf23b5b88228b1797b51ec511d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | be87d0325ffdbe52635a6ee90bdb3cf9 |
| SHA1 | 8b060cd93b7e666ec97d2de25eb566e1e2c68d93 |
| SHA256 | 20ab6e913c41966745791d1ab6e305e0551e3946fad6dd0d3f5bcaca29dda800 |
| SHA512 | c37af2289becd2902cdd1091b2fb064d1e34cc16adf6be297d4ec231047e9b1b91f9a27afe0453d2f7695db05f175257af64aae4f61bfde4ee7851628d6ead1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0a99c9d926af617106df4488f189c238 |
| SHA1 | 420f9dd93d5287fdb06efef279e2788ab2cf8c2d |
| SHA256 | 4dc239aec77aa3fdd3e320ec643f08a33cfe3dfe903393864af487ec935499f6 |
| SHA512 | e2e6a9db47f000389b12f64297d8ba85c83edc00b83cf3e32dffefcf7535fc40e1a5f5736505705672988200ea0c7ce3e69f97f10735a83687e9cf3d1fbf0bf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 01fc1fa76c9282fe4e614a350f948c0f |
| SHA1 | 1712a826c86409ce344b1c9e405a48b0bcd1e685 |
| SHA256 | ae5873bfbf0b5a3cd312514db2ca2f194e49a8b9b78a7404e4f9060d83cdd8e4 |
| SHA512 | b13ea19701a76c5c610ebb9a3f3e346e32039355700537c43bc7282a1672a2be6d2bde9c0354fc6f3d8f2fae3d99033ca3ee505359ade2f6de83b3441c5ee284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ee16ee77d1a588baa9ebb4b60447210 |
| SHA1 | 4c81e970a618fb565462710f6f8d10553b73e48f |
| SHA256 | fad2631bb32e194f8e0d8324a7754f83cc57be2c0f2931f970cc01fc4340e147 |
| SHA512 | 723f26f6a522a3ef6f756f4d312334a1544c972e665d7e3ec26ea3b6bd9efce6fb51075ef2d9298b20f0ab1f8ce8e2a04f3c372ea5984faca8d650572a493e64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | edd71dd3bade6cd69ff623e1ccf7012d |
| SHA1 | ead82c5dd1d2025d4cd81ea0c859414fbd136c8d |
| SHA256 | befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6 |
| SHA512 | 7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8fe7ff818779ef9cb774e7f5a9156be |
| SHA1 | 7344ab99eec95aad2711ee346267a3664eea4c41 |
| SHA256 | e83facc93e91165692b4b4607c880e65575241af9614443a8639b8803cd244a7 |
| SHA512 | 69f387897ebcde830a6b190367c0b97d4800ebacdca7a84294e9f7c102e8ace5f7e898e5ab59fc8a5273acaffddae2ecf10b1cc090ec590a2db6138e8d634939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 201b7534b0d56330ad24eeea077ebd03 |
| SHA1 | 70acad212e45aabdf6dae60aa4e51a9e1dac49d6 |
| SHA256 | 8610f014db9cb83eee52b4178928614f0fd255088003868886bb33df18fbca54 |
| SHA512 | 794f83ee12ffd4479d817c83f42f6d8d805622b71388ab113c84601d01d496af3f0ce14b0e03fcc1b281e10f115f827677ae5ca2ad0b3966b398219f82d5208b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 600d9255e475d3142a5bd2e165479982 |
| SHA1 | 666a26db4e2a8df5b667f696514c88182f2b329d |
| SHA256 | 9790ec04aded67f92386f7a1f14aee009ab889dd9b3f7fcb211ae7aeb9d58c9b |
| SHA512 | fdb7399c8ef1b36b7f814413de9d2708b4f1e25d50e32c7536482c47c038126bebfbc8f0d1db9048f3e78bcfb89bc922ab9d51fc9b20e9405d517668c4e44fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef7cca300dcd6d42660c93a82b75ac5b |
| SHA1 | 3b1f164d73f37828c16db838388e8c6a3193803b |
| SHA256 | c2cab7099de4839c4b26c96cac74e93aaad6c8de306333555504663fab505d7f |
| SHA512 | b76826d261b9ab1b82b19537ed081b71036861a8b0dc7d0f9a49c9781d4c0c05621dc4054223bde7921be5dddac3ad3ad7515c98ea12506954178423ae420b88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364178646388313
| MD5 | 7a4483fff634397962726109628debb0 |
| SHA1 | 6225ed6b2af5daf42f2f712ae82d9f58c03f4b7f |
| SHA256 | 0fdf094e348fbd4105bdee1b29255ecf60401325261575124fee7947ad877fbf |
| SHA512 | 36893715d26424e3b537818d55a3bd150cde4e371bfdfdfa02ba4468fd79267741d97f43916c9224c11b4642cc3da0731b49d1f50f6538261115411ebfcfa8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 116175fedfe7516d40d57a20a3320bf0 |
| SHA1 | ccd5051a526d105ee9fc137b69fd0c5678ba2171 |
| SHA256 | 3edbbe475dae30b7c1c2d0f6f2cd7601a72ce15797e8b1c0cbebabca6176cedd |
| SHA512 | e14bf6ff82e741ba83038431bacfc5661899ab27eea6fe9da69eceff13f5db39996caa406b6b2ca1321bd93429a3887b39694237f12fb6861e4b6fc800bc0366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 01c5dc9a4db262a1b40f9d400666ad9b |
| SHA1 | e7824fe25118174858f4dca06f5efc60fb18f239 |
| SHA256 | 4d8be5fd66fb5de4c2fb2fe7acba64b18318e42df2121fe9e475000a421a188d |
| SHA512 | dc910bbbc4a78b9a5055ebab5bc033ac5228e0800ac875038bce6b9ff4301e510840f617cd849171e52de42853116f333fd434fc9a4d6a2b1456536f7505da57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8d2e6f3c65915ca74ac88937f326a11 |
| SHA1 | cb557cd919a0e98a26af707d478ff8a3d2ae4ba7 |
| SHA256 | 65d42540efdd26a8926e02e9edd7cdf55df763918071a112a9358189a8f1d842 |
| SHA512 | 194ab636150258979e7736d6b65d9818f226d5108a995b844d0281e6dfdbea06f4b7d1d688e1d1e45a41e7ebfc0776f9d38d44cac4429d59c2f007c98c635779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 904754a73eb4f8a75410a92b2b7a920c |
| SHA1 | 208f9e70a93742e8ca1f5e2537690172971209be |
| SHA256 | c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db |
| SHA512 | cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd344541deb03c5ab1d2191b23b687ff |
| SHA1 | ead0af380b65bacf590cacb1b1e05e653f1adb18 |
| SHA256 | 98cc1871798b1d18601ef2d87c427fabf7bf8cadd5f0dd6ec0efe846066907dd |
| SHA512 | 9196feb2aef1d6e5e0660a19b752c63935bbc080aecc8f2ef0fe0f253a27931353690eef3340582c6854ec783ac95c4ffc126abc919c42af50ae25927fcc09c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8e3f7cd31b1d2bba6707843f6cf6fe64 |
| SHA1 | a1c76456e195e318ee8b8ceb2ff34b8dee5fa0b6 |
| SHA256 | 323ba57e76df3dca65a3cf83a19887a2e9a9eda7250d17d3c5cf76d1e2c115e4 |
| SHA512 | 90ffd27d95943c8b4c4e3bcd72bd2a275cdc603898bb560bb7e60009f7622de9652c95dfb438c1df12797260e3a2961bb6628dd711238b580a0c5be901ac2e7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 4c8fe8a9eabdfebb3c677163e645403f |
| SHA1 | 4bb07a9c0961c20ab29309b0a45c53cf2e42e9d2 |
| SHA256 | 6cd54cdeca321890fdc6df811575e57fbccc30a8fc5c5aee0c54fef691778dbc |
| SHA512 | 07ef70ee73fd3e466377ecf02abc16fc3ff63839be89c1faaeb79b221da4342adb610695b93f1d027c07f3b600cd0107a317c39ab761af86cfff02567460205a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e31b42d2d42bbee6f8da10eeef22ce30 |
| SHA1 | 75058b45a54d49e0d92a37828aac7e8eda5a5cd1 |
| SHA256 | 431f81a777c78bd127b4961a343bbe443aa54bb6d42c8023fa998e010c5b1eb1 |
| SHA512 | 0e4c17b8f29707926d3168a0961af5aa7297157987e81862d3e9ea31031b9ff3c14c7f6bcce96010993c884236e1b570be2929365abc791b936e4a8630e53af7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eebd8def0d4da2cdd3e75865f1179c1f |
| SHA1 | 124005a1661d52233ed4fc71b1d7e95dbe04e96a |
| SHA256 | d0350fb25811a8ce7beef86b7a6aa116fb82f693985fa2efc10950e5eb21449d |
| SHA512 | 31ee89ba4b5f16034dbae7a832ca87fb78b0930f6238cc00955cf64bde746136a9e175af1d8b293cb44a6f03fe60a57ef3e173aae46cf5cad1f75299e1007cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 44824968f1d7911e9cff4c749698bf0c |
| SHA1 | aa6f77595c63cbb83af54594e263b085578c6bb6 |
| SHA256 | 999c4cb041eb4112dee6fc244273cd1c76b679f561ac63e036d94cf45b80833d |
| SHA512 | c2a41c70d08fdd78f7c8105725ef8e67712bf88c2118223a05fde5df8e9b68c19507040c49489556b792a749136a5f8caa02bd2a2dfd52957c763c2afbd4e43e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 634bed7c386bfc0576ffa73a585c4afd |
| SHA1 | 40f1c32e1d33eed47514ed0911a091aa87618ce9 |
| SHA256 | 320a9f98b498ad566b4f276b96aa3afe3b32c7970224cd79c6b59b79761ad670 |
| SHA512 | 0d60275ad80ea01c292ebe88c8c3938731390a0e235e923361b3661796f32a30691dc5f7445f6e69f118c120b0c7d6f50918a12215743dedbc9414c2a7cd762f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eae987dd02d9bfd20855c598b609cbd4 |
| SHA1 | 815a3003b51bd921695032fe472c2865a0d0dd42 |
| SHA256 | 11eddf612057ce69dc1bd4f8029dc830ac846c29ca9558fac619926e137eaad6 |
| SHA512 | 6a730c95250b29796bd68b2e3447e8dabc465d36cc1ced5fe1abe6de7a1d2d3bfad3a662a12d3a2eb6306b79ec6074d2d8ec95e1f6d7add89a21cd0b2cef8b7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fb5adc9ae99e9669bd25201ec4b331b4 |
| SHA1 | 5f0e50155a676ea89c0fc831decfcc2b8b953869 |
| SHA256 | eb1dc3d369ce4df722a2e9b681921be94ed994f5df750913548ccab745484727 |
| SHA512 | 9a7491a5f503ab9a6ba5a6d8e5744a031c5baa96854e491212c1ae78be9e0d1a247a7e6db8e3e4cf4cc569c567aa169e0670900e7dae5263e0fb18fd1ae08cf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4829b8901839c40003d07a7d35e470a4 |
| SHA1 | 15d806736b0cf5c396b6d1b76893d0eea1b336a2 |
| SHA256 | 1ee66797e2b73b24f839aedcde760e833d1d32d00c013c5bf4e845b4f80b3c0d |
| SHA512 | 5570bb027bb218f220144f7b48eeb3c4493c4f2e6beaee354618fcae92c2f6a55a7dd780434bfd573484477bfe872a925f48a1ff361f8f8687da26977eade4f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 60f5241336d5837d14418676d72015ad |
| SHA1 | 5da725226fd60ac3752144349978b013b7d58043 |
| SHA256 | 0b970e0a5b1664cbd2311a2bde2656f2a0ecd3adb97b548b5d9c74eb908f1a43 |
| SHA512 | ea6dfb71597f0e682445db823201bdadae75ff1b44dfbec18767869e4bf53d55820a3e57a4c40f0ccc2060e64e11a4e0946c767803a19548dc6b1721a5751bb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | cefda9be18126fe32da3101a17039e2f |
| SHA1 | 2dac3ff4b3cb3864f84421290f3a1faad273adbb |
| SHA256 | c8ec4ea6a17b39c4a28be7bff09985fada50aed54a9ac5bf17d19823ba2aa122 |
| SHA512 | cbe90a2accab9bbf15281a3e8168680de99614c0a05bd829c8cc054ac7019b34406cb53e565d5a4f4dd4b9488feac16cf0bbb0ff0f23f86fb2011722f2f29759 |
C:\Windows\Temp\SDIAG_6048679c-3467-4c98-a28b-edc5b901f144\en-US\DiagPackage.dll.mui
| MD5 | 44c4385447d4fa46b407fc47c8a467d0 |
| SHA1 | 41e4e0e83b74943f5c41648f263b832419c05256 |
| SHA256 | 8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4 |
| SHA512 | 191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005 |
C:\Windows\Temp\SDIAG_6048679c-3467-4c98-a28b-edc5b901f144\DiagPackage.dll
| MD5 | 580dc3658fa3fe42c41c99c52a9ce6b0 |
| SHA1 | 3c4be12c6e3679a6c2267f88363bbd0e6e00cac5 |
| SHA256 | 5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2 |
| SHA512 | 68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gu1seklk.wzl.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0cca28f08d9ea25fa65e9aa578eedff3 |
| SHA1 | 924719f95d154943e1c771402610dee6847c3542 |
| SHA256 | 1e97ef697f3986d4f4e388165c0758974357f5bb846d10325635fcdd6942f208 |
| SHA512 | 767ff25c58826da8cd303044f97843cb874b4fec2dfb71b1397ce0fb9b9e07ebfc681b4ea13fb5f40f71a1e3b1b2456d2ad3222a6f4c49a83f5933345505fecc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 440c21c7afbbe6a33c3712d7b2fd35ea |
| SHA1 | 8fe80650186f4f3630a7eb911390d81d83bbefa4 |
| SHA256 | 300e62bed4a7db568b5b1b565a3e86e1b55cea17ed059be07d3864ee06a21764 |
| SHA512 | c1c51d8f6ead84f4ad2db497f95c8b15552aa88c89c1ba5d45efe1842a5645986b8fe0271fb0f8da5ab768f1cd9f3fc2c2857ca83f142fb9d9affa57a059a50e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | a874f3e3462932a0c15ed8f780124fc5 |
| SHA1 | 966f837f42bca5cac2357cff705b83d68245a2c2 |
| SHA256 | 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d |
| SHA512 | 382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e30e9bf4400f03a55b59d9b76ed09ed |
| SHA1 | f1a38e4fba7279773ece9eaab3ed0ab3d9813c01 |
| SHA256 | 4ddfeb1348c82efde80e5f7b087952e6e4390099822c1560230d894dcd38c548 |
| SHA512 | 97a4980fd9e78653ead82c8dd7c552646e79b219098e4d1d97f492ca7215c22a0f747294fa7427c09743308ce7f63ae0145c80fe837328e57b3b9e8441c4541f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | cb86b66f06fbf2003a04ea1021d81b26 |
| SHA1 | f3f04fd9731c443d7cd6cfc182d100f856f39dc8 |
| SHA256 | 8286fc9352bafd04b6d50cf6be1488e823d29f1668b59433d80f432f1401850a |
| SHA512 | 9b23e47a7278c4d2de41c928c9d92bc8900761ee767eb3fe981ec51822d8a58a7287b3ec2d6aa797d1d5b267c67c29b29226ee482d2b7261fb87382006bda7da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8f0d7475d4569b1a189ad81479f23587 |
| SHA1 | bb6db033a46612db297c7273927207ec0bc8637c |
| SHA256 | 8c8e9349188fe271cf2d04222d1485bb74cd7904df3ed4028321dca887caf936 |
| SHA512 | 433c055595fb0ed81c471a64a34c0318bef3683d4821ad9ff5a54b85c62b0aad71ed21d61a0ae6dd5be807b3080a68817db8c7629e87c9c07e0212a6c669b697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0e242e0a08c6be380f2e6896988f0291 |
| SHA1 | c48f2c2c34b4b84ee8a921d7206c67ebc24cbda0 |
| SHA256 | da015b6bee0aa335047de5d781277d2e95ced9fbe1b0b4f83bfefadbbc216dfd |
| SHA512 | fd45e1a792c7baba951afdb13c3df732fa21ccfa30d404545ad4f6dc26b2425dd77c5a8328e22fdaad1674e6813bd897a8b09f956e6d91370fec078725a29b27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | be9659800f5d47ede50974bbc6154383 |
| SHA1 | 6cba69087891f858313a88a78031221dd278dd28 |
| SHA256 | e8e6a44f2be2bd118ddc9cd45293b89cb2ef554eaeddd20134a563d77295f816 |
| SHA512 | 4b8cb4cf36a7581b85b5cced618f18588fc3cdb262285adead6f9d872c8b1a86062986de7e0d269246393ee1a56b9e5deb1862f4de0355d81dc17c3f1b08418f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c56d90fcfa9ff71f3992f1fa34c6a70 |
| SHA1 | 8a038641d66fa7aeec94eeab9eaf59cddcfbd929 |
| SHA256 | 2fe9e5bcea5a582617511daebc209192b8047f35326a1293250d814d87f4e2e4 |
| SHA512 | 93ca4ff883cc1a6ca39c30c5716d5f8c34277399f26fd93ed6fcf07375910897d3ec36e3e65448a0980bcd28ce02b5003384707bbb239edc1a5784ccf6d3975b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6671db8c02f3c234bc5b756619a0ed77 |
| SHA1 | ff451a14cdd61df48cce4448f118377af77da143 |
| SHA256 | f7858098c26ef2a143b0e7cafbc03040c3c1c3185f446517108a7bdd2a6d9c4d |
| SHA512 | 1c6182196ec6086d5316c741f974e6ec4efcedc3eb835ade8df2762d2ff245f055c05ed95e06fea3e04fe3a08e9582846cf2588c31fd69fc4978440039604ba1 |
C:\Windows\Temp\SDIAG_6048679c-3467-4c98-a28b-edc5b901f144\result\A6129ED6-B8E3-4AC9-86F6-8E8FB49516A2.Diagnose.Admin.0.etl
| MD5 | c39912e9b272143f6914c3bbf2feccbf |
| SHA1 | 81bc6d474b135437ad8d0ea7bbd683e60873c4a7 |
| SHA256 | ea09890d488a30e9a1e32fa63aec29c34a36ea6c82d7bf8d386036c21c3e64e1 |
| SHA512 | 0c530ba55a020d4a0880a54cb528b3bbfcb1bd8bde82dc761106381436e093f740d75c6d107f4179de2698dbdf533cff3009e1295704726d13efed85cb11e5e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 038b2cb8ec60252e65d83791794c9d2b |
| SHA1 | 8711b6fc1938d6e32a85212f8f902fb8c78369b4 |
| SHA256 | 8a7e66026ea4d0eedd64b4f04c724a70996fcebef1c269750c4d7a37e631dec2 |
| SHA512 | cfb1154574eda578a56ea87eb101a42d6f3a3b37f96f5b2f3238ee861132319ce4e4ef4cfeafa943e7d1f63d8cc91e3c462092c66c19014564e80c5e86034ee5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df048e4420d1d0521c86f7b354b838ad |
| SHA1 | b018d5db20ed80eb315e30222c72fb884ea742d4 |
| SHA256 | ab94795af21681758eed037e472539568709cff4cd239f15881cda55d354aee5 |
| SHA512 | 20a11a9f099850d46c48d701b87e63e05ca5ad394bc3b43de6c74ca490b20112b74eb286938d38db09a869e1ffc7fe42657db92629179dde6e14bab374adfbfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8c2e780b5fa2125d98e82c3d279c140 |
| SHA1 | 44216dc61fcf75fe84460a1d0916e7347b28f49f |
| SHA256 | 6409c27af201695e0dc8b1d3d4f27f5b4a4548dedd84968b2a6ac7472d9e4b00 |
| SHA512 | 10c7542f0b50360ad1920a06df8b6e764240fe51b5a9fd4a16bb748e5c2301543374708fd06776d8b06451062eca2352fe21caf5458542d92fe3081785b8762c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0d5a4cae685cb91e7312af6d1cb51130 |
| SHA1 | 94b8f08cff53340ebb719212aae28229898cf20f |
| SHA256 | 1538d7a75e87051df61c764c2988addeddd9ea5d19dbec2a265d36ff57ee3e31 |
| SHA512 | c7ba2049d58ec17ad320283e369eeeb1ee4878ed28ae3b99f06d34afa7f6a3b30f05d75c6e419aac5598bec836c0573a6fd6bc09ecb95d74e4013d738c4d47c4 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1612347604\2024062923.000\NetworkDiagnostics.debugreport.xml
| MD5 | c0b9cef1b6f2fa1788a1cf586ef74f44 |
| SHA1 | 5bedb2a22c0eabbf946c748264ebf26aaea4202b |
| SHA256 | 33871ac3fdf76c1ffe3161822deb3143613f0afe7490becb30075bf3c5a78064 |
| SHA512 | cf9c444a00a90014e36f5b9cf6c8c2e1f4b3507c72239e3f9d5717bb3beef8435f13fdd62b966e263c962473255793b33acbb3466796ed2028a36e8c8bf2c167 |
C:\Windows\Temp\SDIAG_6048679c-3467-4c98-a28b-edc5b901f144\result\NetworkConfiguration.cab
| MD5 | 3f29c5101ba4afb96194512e0d90adb5 |
| SHA1 | 187c1f6fa62ed44ceeeced88955b5b8907ef0bcb |
| SHA256 | d2c4260857debe2f8e61f5ec40a4d27e05376233b1176f305fe08817c26bcc4c |
| SHA512 | 5232787f02612b73525e5b7d36ab8de969f289a6c2c22e3a0f32982a1854402d76e2246d961389a5c88db65e2a3dc5f635c423e0c4621e699281a7fc0a9e0ce4 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\1612347604\2024062923.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 548cf9c262b23f8dfd3fec6d34d5e88c |
| SHA1 | 4cc12c977498dde525555d2af320fc782fc81537 |
| SHA256 | 7c772e64c499b8ce740c798ef84876f488a02591c75a63f31d8e941cb37a7035 |
| SHA512 | 804b90071dad1ed964eb6cee8b4a2c856ed871a2defa3fe1f17fe7ac5cc25e54490e14e390911bea06aea45e9ead32397c6307222c1e80e9dd2059f0519fce90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
| MD5 | 23c4728d88e1b93f9f6bec9ebff640e0 |
| SHA1 | b4ed0839c06e1dcce0c474ba0b1a3c4b4f6642a9 |
| SHA256 | d97a6c44fd2b2a25864f2ca62f405b951526df6ad7badfb408804394e5af1048 |
| SHA512 | 9214d55e4cdee65e2646551a94a894e7c41121e7e2f9f2d9dfd87867405d06be2f4f0a144d7ddc48f5ead2297dfc67cee962625e25306191afaeff8399f6b6cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6c1ade8c4c3e9bc2eb043336e8402398 |
| SHA1 | 567605512257464dbb22d85733576bcea5edb293 |
| SHA256 | 31c500bb8f642d487a10d4150558eb2b72c70fe89a57d1d89627a5218fcdb490 |
| SHA512 | ae11b12c53050bf68811276e062956148ea31950ee9a2d1bc3f9281bd0748286520917fd18a7e3425f69aeb935c7b81fe97711ec20491740e5232d846518cf6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8073ada982867e1b38185e45e7494e15 |
| SHA1 | 74d0a8507b75ccf0773af25aad210fb8b75ce52d |
| SHA256 | ab31c11e9eb2b13bf3a3361a431f44a7a36f3126569cdb6db796a406861f5c24 |
| SHA512 | 4542678eca5693b2ce5b5419e8e7d097bbeba1ef06f6427899caa6043ef5fe9737839b7f34c05ab97f5f719d21dbc12db1e364f16c399a0bf95266bc45f2e017 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | c6c1a9af50f7c72361bd73480e0fb318 |
| SHA1 | a405757840b882ea4c8b0b4606e14e64c6d0038d |
| SHA256 | e9a8e32f40b836d602a577d0255943a91f438191fdfbb14de66ebe612079cdbb |
| SHA512 | 8b9208093580b1c758d90eadae9c927a78379225de462627c3c8ea60c88b08abd10c263ac0133817f9853c1f6d2894519781f7e0c84133229242017f64d334c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 178cf64e8b27b8472be178637ca50ef9 |
| SHA1 | 9db4edc55de8e6a9a692daecdca182cf729d3267 |
| SHA256 | df64d8d1311fd563b67ca553d645f04641a759366e0fbdcbe1ea6e1e0814009c |
| SHA512 | 38306a40516fe606dfe00e1fef47d2d85c92c1caa7c3e9bd5d7c40536715c6e58e0d1333ebf3d1382c7e0b97faa24661a8727fd0d936151adad74496e349270f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f2afe7a8e229a19992c7c429dd9c07e |
| SHA1 | 7b4ded52813434fbe948b0d7e7faecaea6d0cf50 |
| SHA256 | 2efa7dbe3ecd0982cc6b6d64709f76d05aef9315e7295db37ab2e25b1ccff28b |
| SHA512 | 5eb48535ace284bf56a55c6e6c504d3c9d257577eebeec9ed1d6b019f8956e5b69d5d5454a7a1571e178d192d75a71e5a4c1eaa675910a5640e55078d2a699a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c91f7a9f18f0cb91dbf75e4be405b567 |
| SHA1 | 44479624cb8e9a0f6d22ec2fe2d43107801ee23a |
| SHA256 | edac853999880febf18df20c07acbd8b6efbab2cb75e98a71ba166841b7d1163 |
| SHA512 | 5964a440c59402f7ae8545a27408b424e204cb0f341ab55f4f8e7e9bdc0521652819aa19fdd262e0bfbcae4310394c6123f2c2aa46b6c1211cd6bec752a3bb3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7782735f0dda43951581ae36d8626566 |
| SHA1 | efa9ffc9435f0e3a53aeb15867dc630fd01eed14 |
| SHA256 | e0dc411d2e89e602743d6de2d15aa77796dade05c7c2e0f9312ee7042e88e9e7 |
| SHA512 | bf45f55ce34135dae5afbc72c2a8ccebd1e66f4bd77e60fe1de61249214f39bc558871cf480c529e0f2c34768d4a1ef5323d55d75ecca4f6daf2e8280b1bff6a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
| MD5 | abf2eb992dc7f9ab9b2d468724cc9c63 |
| SHA1 | c7d044aa4a0bcec8bbe943e28de2141b12231b0b |
| SHA256 | b77b76ec7eedab1e72fe7b1ce98283eebb2e6f81973f5a9995029e57a454d84d |
| SHA512 | 93512128fc1930de8d79ca22e4d0f2b8033f389ee36870cec91618e4a4952caa8278a73cecdbc20fbc6fe3a7b86684f22c38aa13110f27d7306ad8a4e7eb8b47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore.jsonlz4
| MD5 | bea2a26c8d1fd0620b19211ff35f87e9 |
| SHA1 | 85027b92a192fe06bfa531ddf0acaa67e9aff21f |
| SHA256 | 335e3993932bfa711e772029e6545b4aaa14ef243b95369cef7585ccfbf99f06 |
| SHA512 | ab9fc41eae2acd52a41abb3ce9fee8f50ef9670ad4b9f5b058479df5d2362657f9b3fa45dc80e866842ad9efab40cb8f6f953ae695e0835acf1554fdc7c53803 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a00268011351b48535ea0dbf28c17d8f |
| SHA1 | b402af7ac37974e12c13d825513cd2d1cdfd535e |
| SHA256 | 7f5b4c74aac28efe697a9e61d167187c2c72bd50960c560fad56d7daee3a8780 |
| SHA512 | d0ee8397a4646c8355a9b6cc81fcae2fa992226d8898e3dbdc78bff275b77495fd15a309ea761de177e624c2941342ea547e2f91466b0a3b851784df154c29c4 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\e0af9fb4-3671-11ef-8ab2-76d7d0441b5e.json
| MD5 | ee4d4f91392fb524292653d2de78ecb2 |
| SHA1 | f95cefacca30c1d6fb49dd742a07ecf920418fb5 |
| SHA256 | 52ada12b828ea6db7b1cfff3c3fada41c2fa7a2ba18eb361ef685f14a4a48dd0 |
| SHA512 | 4b3dca14f8aed9995867f515d8ca9e59e22a694b8f53573ea9908584b6862e189ff403298df0c64cb0bc1e0d8f009159460a6e27696b906eed9ac7561e592572 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0956b8d3c10c9cacd65c3c62d88b4548 |
| SHA1 | 7d5e3af476b64242e1c101ba5da275f029faa337 |
| SHA256 | f795bc6d3485bcc56fedbdabf8484b66b8a45edfe251b7cf863877c7a5298c39 |
| SHA512 | 808e99b819c25f3cd08a58462949e7752b6b19a940aff31066fc8e833dec62c8d0ca6fc7f00eb9248d00082ef458352540fa148b6e5c5fe90c9630230d635acd |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_ApplicationSettings.json
| MD5 | 40bb311dccd8e556a152431d062a9921 |
| SHA1 | 5778da3138a72d0ae436076d49c64050276f6b69 |
| SHA256 | 3f7ac02496413756e1979607847a0038fa32b42aa0634030af8f246e205e1294 |
| SHA512 | 49df81669b85cd228a5ad6e3192b1e0673ffbd2d43d5299fbe14adea372bf296047e01a3dd3743b35367aec1bbdbed5b712be1ca003a6e5ae528b47a61e56720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0704b2052ea05e8e5a121b33d5d42ad |
| SHA1 | 68467876658ae68826fa54ff49ba8a7403191488 |
| SHA256 | 52fea78da0f886fd6342a3505b6570abd84652fdfa1730e19c08b256b89d959a |
| SHA512 | e988233a747bf1b309e502648977ec38bd3383677c8898438bb211d728fd58c153c5bf3515055ef3e5566771b61a129d1cb3865f29bed09577f799199dc1da84 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e545a303-3671-11ef-bc79-76d7d0441b5e.data
| MD5 | aa46f3b61db249ece4cc17cf194a4141 |
| SHA1 | d0fef8f81f47b2dde078700184819dae2c242e96 |
| SHA256 | 9e78a20904bff116a9738c83d6f907a9b87fd485be3d7c11e061341447811c7d |
| SHA512 | 0d16c0faf21aa75bc3eb428848de89a98fdd489b36aa96100ec0b785d01c448ba94eeb98824ee82f9820b4bc970336ee974c2a0bcf4f621ecab9f791a4e6c08f |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | e8be1097afa8d5a1ad4f4a1e95e3b9ab |
| SHA1 | c0db5212514e53061bcf5d4a1e13a16238fe9adb |
| SHA256 | 7b051671af045137f5ad829b95306050ceedf5acba612c580b6add88f4b568f0 |
| SHA512 | 0076667fe7ca77b2d425ea28d1d6ba4f2e0e6fb0804ff7ac49de62ced6f01e84c84eedc56a2314ec88f8a3d6f3452a5ec6b636d3dfe4756eb5a7a740816b3696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e769d20a1c365aa145b7baae2f36c2f6 |
| SHA1 | 2d30f01e0acf76db22fac273c70e4faac8913175 |
| SHA256 | bcb481b8b552ca237c2818a36b4875d16cfc02e0aef4fc8eeb56d52118c00e48 |
| SHA512 | c5cee96a5dd328e5d918420408b08ad2acd83032e9e693b54c0a511a5a951d4c2467ee4d0de040e3a90e82965705d63b245eb7f7c7de74a4cb59e51f3b62d768 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fc240ab4-3671-11ef-876e-76d7d0441b5e.data
| MD5 | 562327aaf967da1f500bbc0a1df5d291 |
| SHA1 | 117d317cabf555bba7d8d684032001b4c968a37a |
| SHA256 | b1ae1cc8097fa6e0a25a47f8b465a3e6e89a3fb844c8b84e9407e7d77009639f |
| SHA512 | f140d5929d1811076669d394b0b02967b2d4bb290b1478ba43a2547b3f85acec92c948c5d01f2e50138d967b9201d3e9f6a3481c1a18d4e0d79d06013d8ffbc0 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f947bc64-3671-11ef-b359-76d7d0441b5e.data
| MD5 | e5ef91a91ecba462feb8613da90244c2 |
| SHA1 | 55ba6968389cff4c03e13b08da636fb2c4df8d5d |
| SHA256 | 20da4c18938e37d38cf69ab246a1981b408e301a303548f44eb40b7f35e58b74 |
| SHA512 | f177e7245114502223fc7faf622bcaebdb4cd0c70a25cc0e0b2b4a3e31ddf27bbe63809b73b83843338986045ef122b473efabee3cf4d19378296a7be9e9404b |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f91b9b8e-3671-11ef-b9fc-76d7d0441b5e.data
| MD5 | 40716aebbb0487d26e3acc2fbdfa5a75 |
| SHA1 | f3ffcb68271fde562a7a8a629dc61cc54fb38b63 |
| SHA256 | e7fe61821e5316cbebf893f9bcc8e307fab7e5fedb059f8cbdfb64fefeae8ff5 |
| SHA512 | 9514ada0aaab07af4db8ee27483ce4eadb25216331f3f2e13d99b7db548967728731839f51091724a0230cf9feb4c08c51a99fbf1337829bcf6d5d504bd94ee9 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f905c958-3671-11ef-95cf-76d7d0441b5e.data
| MD5 | 014403038a1131d99c404cbc5be9c62d |
| SHA1 | a07c95136c29dad4c3efb81993ac69d8e43f1ebc |
| SHA256 | 2b78ad44ef0cc8701f9f12234b947edfb73904e33e9ad52d99f983ee1633f5bd |
| SHA512 | 0f15802753f4a2d6c30f4208a09cf984d13ba2998f7fda2f9e6461fc2f77762c75217300b40dcaa06587f72a8b3c910e3bb5dfae9a718e7a9238d91dcc549249 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f90a5dce-3671-11ef-9418-76d7d0441b5e.data
| MD5 | 10b8a915fdde668f135dfa816747d219 |
| SHA1 | c0a89dc1dc38e0db86ee98bc59f7f9d30331a3ec |
| SHA256 | e093f8fd42f835fb4ce2bb05a4923ee4d66455b00586f340b2079fcb1dd4a9a4 |
| SHA512 | 5511de54a85adcd58834f7945a92bf91ec044f3aad6cde552f0c323bdc40b77f1ae23b58362a0a3f2a384df830e2f496d94eaba1247b3737ff232f4feea9c65f |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f94c6d68-3671-11ef-868c-76d7d0441b5e.data
| MD5 | 8701f42c6ffbca8b99e649c66a12ce5f |
| SHA1 | 40097ddcda3f5da5513816f26d8f7cafa56c5f15 |
| SHA256 | bd692ac4db549b323155b5706405c193781d147ec3bde96ef9fa93e1a0ae073b |
| SHA512 | 114af354b61a96c4e2fd86ac23577ed0e28d72d1b47dacdbb91bacf041eefed05b2d0a9daf90b737ca472d06d98de6eb205697b709f52634b33dc47223cce576 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\161fa6e4-3672-11ef-9fc9-76d7d0441b5e.data
| MD5 | ef55adfeadde1d2a47cf215f40dbaf8b |
| SHA1 | 7aead1e3d29b9c694edf18ae3389fe0163d0f116 |
| SHA256 | 8adfe0b55f0da606ff837f5243657689c9f1d75b4019a1157b46cb659f4f82e2 |
| SHA512 | 4cefcede80af43d579125889ad1f23b733dfe8c4d681ac084876c071b24f5ffc10eb020fd1fb04fd08597a071bcf54f3ccd9c5b2f176044c32363e4ca3592016 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0f5279ae-3672-11ef-a334-76d7d0441b5e.data
| MD5 | 576f4d1931808002a4d94b6d85d4729a |
| SHA1 | a09b20b160293d517ec0a33d531cb8afa3c9b364 |
| SHA256 | ca13f0e4df9e9095ea1bd698806130a3c50c1ffa074d9971f24b1edf6e312143 |
| SHA512 | a6878614ab8d389e245e523681b7038b65a9bb363324e940dc95e0ef5848e89b1b841b0689d14314546231b1dc84ada34aba20254fbd04efbb37870488ed6ad7 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\045c619a-3672-11ef-beca-76d7d0441b5e.data
| MD5 | c9b26733b76488b75087294617bde7e6 |
| SHA1 | f89dc0a1e9bf38eee24127c1ffe600facf041b5d |
| SHA256 | 007a41c6f33d476aad90e35b4a1ffa9748aee420b6cd40fc732b3b67d2d8d6d1 |
| SHA512 | 2662d54d2e66dff97019f31e47a44a59c41521f0a55ba9468452a77b1128ad102d18880d6e6b473f2b869fb6ea5d0420c1c2cea880cbe19760b24ede202f74b9 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8a5f686-3671-11ef-9d4f-76d7d0441b5e.data
| MD5 | c66506a85265376e4238b55ef36c2311 |
| SHA1 | 45e57c724e9e7330cdbb2578d8a03db18b5af96e |
| SHA256 | 98df93f170aa357b4a7b10fbda517073133ccc0dc5552eca813f3a2fdaa0bdd3 |
| SHA512 | 4f5eeb2faf47775462090c9c8e34249519c666d74992cc36c4a5d826a4c16f332b80cb0cb29e3f3900c2572bf74187fdcdd8d37ab3d2ee8e2605b0deb1736160 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e545a306-3671-11ef-bcc5-76d7d0441b5e.data
| MD5 | 4dd97cd66b41afc8047f4d55aeb4784f |
| SHA1 | 006dbc74e75aee658528a99616527a57aa8ca880 |
| SHA256 | 5cdb45c97e4ba3a65a0a6add77755fb37c6cf37f3ca60503eff3962c3b4a3c99 |
| SHA512 | 87931a38e60e5cac594164cdae66e25fc774afddd6b602f65c720879fb7c5570a8c93b09b6ada955b2c7e8523a4deaee3ab04521f76d51b87e44706c6239cec5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fc49baac-3671-11ef-bcb1-76d7d0441b5e.data
| MD5 | 66d30f03b1dc1411bae8b6214dd7b479 |
| SHA1 | 98492a38d8d40eaedc8d0c7d5842083a03d57448 |
| SHA256 | 234cb5af8984a4ea5ca1c2dc6ee7a53dfc7d1d4fe6337a0e55eadca779615c29 |
| SHA512 | e7f94a0a96118c2e432b72a4320271dc20108e141b49c5fa1c1d2360bd9b1909c78c398ac715087f2f3f1edbbd261950ec6d7774b2095696a96653043f0d7c90 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f999b5be-3671-11ef-8650-76d7d0441b5e.data
| MD5 | f23b04473aba18b149cece5fcedc901d |
| SHA1 | 19b61b971f30a485e89e728c97ebb6915b9c164f |
| SHA256 | 5048858daa7cf2feb36876c70c842513db217e3cef14d1e1940f162cea70cd18 |
| SHA512 | 69be9d8c03fe6627cb6b4880bcc09e2fc2eceb635a22a864f8e9d71599ace8bef5e528443e3b8dd6eb1f975ef15d22bc0e150f0b084bffc46f9a2ce52b77b8d7 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f936ec0e-3671-11ef-a709-76d7d0441b5e.data
| MD5 | 1a99471a340cbbf1d112012a33a459cf |
| SHA1 | e66b2674766a61dcca64c4a7d4df5e88be6a1a11 |
| SHA256 | d738bff66694b26fc5a61fbd3067a614165ae8798f3425000d863debc6327b4d |
| SHA512 | 38f42466495e90582525a175788c07da0cb54e9a84ba676b78de053549e1aeb5a2de3deb2b65318bab5a141428bbc171ed9bf3711c3e47e6714472e368f86787 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8e6f6fe-3671-11ef-97ec-76d7d0441b5e.data
| MD5 | cbf18cd8a32dde5688f34dc30b2b9c8e |
| SHA1 | ec4dd85e96fef91a9caa0ae1a76f4cc5490745a4 |
| SHA256 | 503786a020bb3ed03bbb2f11df367d7ef586574874fb0ffb1c5b7e67172fb33d |
| SHA512 | 6986b74e375def8fb3676896ee7fedbcf1d2252d3ed0814d305c63fc90ccffa6c07057cad7c846b08ed456c2a6ee4efb487bbde43a45d19961e46a1bd8d52add |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e545a307-3671-11ef-baa1-76d7d0441b5e.data
| MD5 | 89916388eefb0921ec95b4d162a36266 |
| SHA1 | ac2210d08ad0f8bc23e90fd045704e6d8bf8f908 |
| SHA256 | 665fff6cf9101905c0f257fe2fb0516ed1ffabdaa1c8376034c63b3b773ad950 |
| SHA512 | 7e02c7df101a0f821a0cb9f351aa84fc5f8300bda181ec576adb94828b8c035862d249cab71a493eb1a51577a80f8118571a6356f7a5c376ca6d6c7916aa3d8b |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e545a304-3671-11ef-b829-76d7d0441b5e.data
| MD5 | 375813828cde6aeb5237d0dfefa61d0b |
| SHA1 | e6a1d005215fbda2b8623e7bb139432ad84f32c8 |
| SHA256 | b9a6173675eec5e1b4bc6c45b0948979403e40a56a2665f5ad7e677900d62e7d |
| SHA512 | 02f4c6663e9d1416963a0e73dc1f942f11ee3685b7c2d3fe77b9adf91bc47ae8fe3f92934f51254d23e5da8ef7168ce630ef8b8c7591c98a0ce11c167805f01f |
C:\ProgramData\Malwarebytes\MBAMService\DDSCls
| MD5 | 21cd622f34b3d55df301b5c5c45f7666 |
| SHA1 | cfeb0be325e278a573e9cc03312ab5fbaab6c2d2 |
| SHA256 | 7dfa9f9e3bf2bda0a0f52430625f91d8ea1bad121e425ba042082a99ef515d57 |
| SHA512 | 3afe5f9b21f1f3049d7b6514c238662307e72091af91da34fbf0c8195774bfc8c7793c7bef8a7c1abe3e9767324fec0fb88041178ab304f05ce8451e1b1a61b9 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fdf19e7e-3671-11ef-bd14-76d7d0441b5e.data
| MD5 | 292d694ea98413597b6bfc1f1447ea97 |
| SHA1 | fc74286de519e7638386a172b2b6629ac20f277c |
| SHA256 | c9b8cb71148e22d4b5f09b4ed2636c4f6fc725f1471a7ca0336a96813a5cdab1 |
| SHA512 | 3961886f3b5ce727891bf246f3b5fd140feb05b6f4e1f0b172a037e6ee38fff2cad4a06d54b83cb28f464083010fc2125a57bb4379b6c4ca263a5a1684bd1d4e |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fac8e6e4-3671-11ef-9ff1-76d7d0441b5e.data
| MD5 | f5a1e27fdfcb109c5e5ac45745fdb2fe |
| SHA1 | 30b43dbe0baa16230f40fb6ef97da7b38ac785f8 |
| SHA256 | abc2182558ba7980027293ec7db8b97d623dee306b13df7fa72e75aeed74b2bd |
| SHA512 | 42e0b870bdfc76908688421872d5f2502112244b9e5030cabf8cc85b938ee6ebefc0a414a23efd02ca6f97b7c417a8cc408c3dae29bd5e8db76949f5436102fa |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f93edb08-3671-11ef-9342-76d7d0441b5e.data
| MD5 | 479edd1bc06613891d19321948f6ee7d |
| SHA1 | 1dd07a2eaa157cd54a3d8d7cb0ad0e510fb34efc |
| SHA256 | d5351e579595b736238c989594173d374353a40c0892baf65f76d4e39794e56c |
| SHA512 | 6b42d7d82528cd10f612dfb931a4ce46cae312dde16ebc6191639d3a9987a9c2503ade469b5c50b230771846b6c47bda49e8ec5a2d87de97307856462b3557a6 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f9113b1c-3671-11ef-a51b-76d7d0441b5e.data
| MD5 | 5882409901dd9e7772ce053040ec4925 |
| SHA1 | d948e4c66bc5bf8d671006e1db85ec2aa879f78c |
| SHA256 | 387ae4d880fc21766a336269f97339d8d7e337ca7a3d33b742ca029fd1253cb7 |
| SHA512 | 8d479013efdaceeac96c3536ff860c21ede3aeda4f7b125ead162110dee9f82a0e51f1c58c20e315769077503519059921f9b7322c13ea55f215390f240f9748 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8f79888-3671-11ef-94e1-76d7d0441b5e.data
| MD5 | 6c1f72fe0db9c28a7eca617b59f7da32 |
| SHA1 | db297ed97605f6d8de73a6aee19e689fda24462f |
| SHA256 | ad75226e634b75672e2c858b8bc8dd87cca212312120da004ac50f8f394a12cb |
| SHA512 | b0d013b0ee5ae3cee35bc46d7d7bc7fc4bd6840a2bebc406a970ac41fb1ea178f82bcc4502c082cf36e07bcd87e36ea7dc5ec1fa74bb1af3fcf19746793a8582 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8a55a8c-3671-11ef-92d9-76d7d0441b5e.data
| MD5 | 301306a2ac9f5b18ca9ae02025f73010 |
| SHA1 | 44cee6c2819d6e075f13a220d8a0310aab124fa6 |
| SHA256 | 3e4ab3e7ed72d6f906f269bd6edd889a273870c728f44d7d7465e3a7b6bdd705 |
| SHA512 | ae8afd911566378f15f265fe36dd7f953906cea86b1d39f0059614fdea112ecaaa6b647870ae18aed1ccea886beea64e1b0fc45872f436e3698e82cd7eb2651c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e545a305-3671-11ef-a3bb-76d7d0441b5e.data
| MD5 | 02d9de8771aa36b9475881abb4f700ee |
| SHA1 | d2f4b018948057314d85829acda627ac49b729e7 |
| SHA256 | 41a5c138779bb91c898849fe6b6d8791d0a1b510bd2a94339f54a2b70ff9c4ca |
| SHA512 | f8345ecd6ba4afe05d1582344b5f795d92efe829b2e7f86d78c29ef4128af2c0905188d91331d2e06ca2611eeb7574744bb584118369c0c7c59296f21243fde2 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e51480f6-3671-11ef-b58d-76d7d0441b5e.data
| MD5 | 3aa19d49b4490ec1538aca1f4664af1d |
| SHA1 | 60f859acf576110ad193b811262a20282ea94e75 |
| SHA256 | cb1af2b3c0e05b9769f5b13df0e23b179512e0966936ce0f5873cbc613e272e4 |
| SHA512 | a2ad96ebb2cf2cdff03c437cc41618f0f98936da285f871ad5c83606d7b8a8a18dedf84c351aa318754bcbd7449c4bf55ece43d3d40b28a92de1ae344adb382c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8a50c1c-3671-11ef-93a5-76d7d0441b5e.data
| MD5 | 33c68c9e25a4ad2391a4e07117a4015c |
| SHA1 | da494c92a4f724bcbae936d088144d9922f3e55f |
| SHA256 | 4c2f82e03f430501077956c0cc21a3bf50c50ca66f01b4e23dffb13269b1e0fd |
| SHA512 | d3a8be698f1db45504cf423a25718a80e3d1ff886793128ee463e3df8ff9cf89d950cacda463bfde0697ac98da2a3ea989272cb7951080aa4723221be1c18c3f |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fc49baac-3671-11ef-bcb1-76d7d0441b5e.quar
| MD5 | 5a614543068efe6678db86ecfffac399 |
| SHA1 | 6df532ecd4029a94c506b5657103c5d5fb43ec3a |
| SHA256 | 75b1883bc6a3bbcb4ee465bc03310a5e064778996a6bc50414ad22e670c5cb98 |
| SHA512 | adc99581c900e25384eecb2ce86e2a1459f3e9e55124ce2ea9ea5883b534d5ecaa2ff37674decab0884d4fc80657303ade4c176606bd826dcb0332197aeb63e3 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f93ae37c-3671-11ef-af24-76d7d0441b5e.data
| MD5 | 96983f64b400c2c3b26045176452c12f |
| SHA1 | d9dbcb3027d1216c6fe1ea1c68a1c15e79d42ab9 |
| SHA256 | 1b94d1a526f08de31596fe945e5b5401334d08a7c4f00c29b5f27e18ef8b5fb1 |
| SHA512 | e89fcf3f00bb71496d8024ebd69085029573e2c6524e4731ca42dcb8c854b1f7e7f1d7f4b888a0cee4108331bfe01b2bd97fe451aec03da272d7b85de42ebcf5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f90b482e-3671-11ef-9bec-76d7d0441b5e.data
| MD5 | ac464b5e441d6a65e41e7219cede3141 |
| SHA1 | 367905c8b7d3f76c95701043ba073b9bdee08556 |
| SHA256 | d993d09f66094c549134f6186aee48bed68986805b71dec5babaa5433a17cf01 |
| SHA512 | 4cafdfe57fbb698740074b0e233b38179fbd0d8b70c0854a1e28a8e12fba038fa20f429c7a69a9ec12121a49be84673564160939d72e35948b8f02ef6f8587a0 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e40ab20c-3671-11ef-ba4b-76d7d0441b5e.data
| MD5 | 7dcd121870eaee7bf5f0e95984de428a |
| SHA1 | eb24717b2b17ecc35dc1e97f295877fac09160b4 |
| SHA256 | 9afcf5539d6be9fcb8be63606f67460f153e66322e03b4bf26b46f120170e4ba |
| SHA512 | e7f4444d220f8ad5b22fecfca067965405889961b79d7fd3fd0e7bc70c3f56814e4b481d19aadf524d82e38e99639393cfab4885c7c1f7e30775b9693ca5cc34 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1116e4d2-3672-11ef-892e-76d7d0441b5e.data
| MD5 | e9a99b739ea57ebf1c324a9ac41560db |
| SHA1 | b03eab1fadfcdf5de96a96915e3d9c781ca2af88 |
| SHA256 | d43f73211cde97e73369e9e3a73bd48640eb94853a7667d844cb898bc9318d1f |
| SHA512 | bf1530852981101d1f36ee5a2ef4fd3b19103d2b8cdb7e7c1c366d3e4d46ed1388fdbe960ccba7e0aa19e84d2664171ebf40ba39ac8c181341fbd7832ecf3411 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0a85122e-3672-11ef-81e8-76d7d0441b5e.data
| MD5 | 40d34ad9ec047b4d03d53705f1627950 |
| SHA1 | 40f0eb0134daf319ded2c1df8fc9eeba685135a2 |
| SHA256 | d1927f43d237ac0205fb12c1a28b3afdf4c9cf764b5fb0b9b6975385f1347d51 |
| SHA512 | dc84cdf9f09477729b4db7acd04304082db3351576af3bea47f9dec444361036d17b2272e833dbdf3cee0db68d4609735b819a762c6a3982fed58ac67fa6975a |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1404b62e-3672-11ef-b638-76d7d0441b5e.data
| MD5 | 961fd855cfefc2cabb94edf1d8c7a8a6 |
| SHA1 | 9792e716af7c964468dff1e6216f8573f8a44e07 |
| SHA256 | 672810bd89b6ba80629f35a798497441285a64e5d5c94c58c58cf8cb029b38d1 |
| SHA512 | f5d7848b6efdcbd099c5441c846d53951beeefb5750ee4e9ea4d61b929dc1384e0c502a803070b5784cd37c74d22f4137ce5eb2e535f776edaab45bfef9be532 |
C:\ProgramData\Malwarebytes\MBAMService\AMECls
| MD5 | 20f4bd1cd8837bfd3af6287068c7a618 |
| SHA1 | 04e29a4aefcb40ec5479fe14bedc63ecc95c6529 |
| SHA256 | 9c2e03ac0cd9e1233bb84ac9368d16e57d3d97d29c3e96e7a3db698c64b82c3e |
| SHA512 | 642ffa93a5b576dded06af2af274fe4f85dc8e3e52aad64a7f356c18a36e0ffb53f2494d84e5d9c6528efa5d43422a1582d1734f0334fc85c191ae04f537f80f |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f942ab98-3671-11ef-8ba4-76d7d0441b5e.data
| MD5 | e05f85b4893ed334854fb6161cfd37e7 |
| SHA1 | 059141524b8abfb564276fdee748a7ebfb6dbee7 |
| SHA256 | 6353b32af11e5c6a382305a42c370f8842c41ffd8aee80df5ae7279edc9c28a4 |
| SHA512 | 16dc6184a5e3534c51d5f35ce2f3bb5bc8bf91dad94b226ae3c0496513754cae46d49681e9c40b90ee70944108883168105011721d1526ece42fcdd5ad1cd57c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f919c6c4-3671-11ef-89a9-76d7d0441b5e.data
| MD5 | df479802aaf2625eb677d5a77bb01003 |
| SHA1 | 3d257f2faac639b7b0b1c3a78ff5650eaf17373f |
| SHA256 | b1ecc9d849f529bea9f67d1549dda7532ab964773e8dad99e570ddcf707b3a32 |
| SHA512 | 62573a70b6d8b370931e1a60514c97b1e9a01f302ec0ebcf853eae98b6b1705b3df38c0e46bd7d32774afbefa5c3e1c23a404490ce3c3e65c3f506c6e6742b91 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f9004b40-3671-11ef-aeca-76d7d0441b5e.data
| MD5 | 632d55982c9fd8bdb439601564d8a5ad |
| SHA1 | 003175153b38d5d49193df094b6dd4e59cd318b7 |
| SHA256 | f3f18915264123f73cf3818e2846d9bae49163a4578d0a531e4ab507e2dfb4c0 |
| SHA512 | 93295fa9cb658329050215feca0a2993aefd3861690db2c1adda8a6a8da3f0d0dea3ea3f87771d7c0446d5987052c671f268e8b5751e0b398b88e394ab195584 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e51480f6-3671-11ef-b58d-76d7d0441b5e.quar
| MD5 | 7c8b3df80ef92506651d6e700460a05f |
| SHA1 | e8d72ef7b92abd9fd9bc99f0ad5b398c131ae661 |
| SHA256 | b36853685ddb56aa69e55406a41a2e5ba0c6fea54e00b3f55922cb72ed09efdb |
| SHA512 | 9465912adfb2e65307e7881f966328d54a3aa50d7bf3f6524eb592936bd40a66a795b54e8ce321218d114efa3b4643ee648d4e092a9877b0488f50448cf6b50e |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0bbe077c-3672-11ef-a647-76d7d0441b5e.data
| MD5 | 3dbbd2a53fe905f416e5f3fe33a4390b |
| SHA1 | 784f8648a6541951c2b0f63fac2d99732b8c13e7 |
| SHA256 | 9fb23390fe5abf36a494169f1486eedc0a19b74241bdd635c12add90b3fe4ca6 |
| SHA512 | 7f70a3c0ef4a19c3f8404792cecf28427d9be7e705f040a5b426225ad078d20f4789073f565fbaabd192d1b82c0dbbe2b2a994c7f208ee85770480afebe0ec48 |
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
| MD5 | ea360148a6e87d1ada191cbe3ea959d8 |
| SHA1 | 97d7ecb01e7bf562c5e0d9fac1bdec345922daac |
| SHA256 | c8f70c8237635b19c16deb8b57bc3cfd9e3f13a5fd90e70deeffe75dde781662 |
| SHA512 | a21d8f94ccc32b98e98f60a377b6933b30922151deb8b682dfc519f0f1239582996a22c95c042a868e4759ada8328af2eb810c5306868d0851d3a792f0cae5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 796b4c7ab799498a3a3757ac2e571253 |
| SHA1 | 9acbb26829b3f0871625baa838ab9dce42ba7117 |
| SHA256 | 8011adb769ccc0942686dab4c8967566f2d680633cb667592c30b5b667f7add9 |
| SHA512 | 7ea1f03a133e50b3b319ceded4053404bd467fa55659fb1e69ff38cfb51f80b18bf82f0ecb31a273b1827eb0aa95c239d5d9b89867fe7377d5ee0f15ffed364c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 651270c5640db7a40ab40daa78928fe6 |
| SHA1 | 053c48ce08333b806d526dcf41a17e9381c5afe0 |
| SHA256 | 992d2b86f07e949b41745a227a2acab4c3871e39e9494f98b0369784f1e245f7 |
| SHA512 | a186165f123d647884ffeeeb1426d8cb6e0a99991dba21bdf0506b84dcb5f837ff7532d3adbf4fac0631c1f3b21b95bb9467df3882a5f9a60f9964cbd272720c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 81fa477ff913de253ec89d6b5c89ab94 |
| SHA1 | af3eb02d7c86405219099b9b979d637fe88dec7f |
| SHA256 | 844719c712641cc99909350b0c0c3712a0200225dbe9c2c14a0caa2a32ed1f81 |
| SHA512 | 20ceab0ccbb6a57ebe42d02f91da9dfd01a098e462e14c6767eacc713ff418f57c4ca7b2d83a68c17b585b5dfbc7e8ae78956cbdaee8e8a35a89730be704649a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e03d786cc65a23955b10d4e9d9013e9d |
| SHA1 | b19fee6130454d4499da45c655c1eacca4e57e80 |
| SHA256 | cee5e50984b7d9eb600a9921f23045ab07d737e635db16d02607cb8aba3c8bf3 |
| SHA512 | 93ffbf55ab6c63d60ea48941ee2828ce392558b9198baae839d43bf08e1717cd7d4919bcb50443f0a3cea5d8c170f51ce0902bbe1e774ecc7fe8897cce832b21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 14b79d5cd929a5502c3cb0ed14187329 |
| SHA1 | ff66556962290e0af678fbc073253a16edb9000d |
| SHA256 | 8221cdaaa794e65cdffd46f863b7dbdb2923188156029e6b870a2120c22e4dc6 |
| SHA512 | 4c514d120971f8b230d7f9006c495f927d79684fe77649dc9917745064e15ef250db80438c0c2c28cce405ef690a2c5197fc1823e8b399027dcb767ffcb4fdb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a2ef0a8ee7a98254cd4f23fb545d1c30 |
| SHA1 | 7cd07da836a8b7d193af183a7661a53dc7a385e7 |
| SHA256 | 3f13bb85e6bee244d11e1362a72b3ae986505b3bd94e02aab09ea816857e14e8 |
| SHA512 | 45391f606532d198433c0604969e0b0632a8547ac1fcc0d4573b39ead619e916fa052389c552f739417a656c5973d2bc3d55abfed23fa191a90c0bba94b69506 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 509013020cd5cf3f4edb5ca4560e8300 |
| SHA1 | 43c9c51700a273d818e7332421203541697cba4c |
| SHA256 | 765840776810ca47da891b5f31a5cc323d27d1a41d3a4e32f1cd7126a95c0361 |
| SHA512 | 25761de615ce7296906f0513fcfaee3d09a76885180b8fe0c0a12d265ab9576ff78cea2e2c36b13dba225b57cedcd82013c844eaab7489cc447f620eff23eb46 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b4047fb6a0090771f06e6791bcacc02d |
| SHA1 | a75ae9881187070ba32bf8f21c9bb1b69c00c970 |
| SHA256 | 6c46414f4dcb39e13c2df821437771506dfac4318ceb6eea1d65f5a7065193fe |
| SHA512 | 1954424ecff4bf150ac3aacad492deade8e570e3aca117028a94e60f93927a4b2b626d3ffa9f7e01e0a5acc102b6c5f94e7661054ee302da53395e034f50f606 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 9c541f4d88d981849df62e8c09ccab26 |
| SHA1 | e1a1d4cb5bc048a8c3939a8122487f05e1553857 |
| SHA256 | b3d80206162413d918bf0a10cc040445544186f84abe1236b55ceee8265c331a |
| SHA512 | ef490e95871ddbe06ca482bff0a12bd9f06098f2cf39e5ef8f30132d815d235650cd08e2fdd524d9f37c789072b414d8ff16feac13bdc09904e6ebeeae3e33f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 66b601c585ac2c9fd61fd549179a24cc |
| SHA1 | edd4ca4874eff0d25bc9b74f1cecf935d618af4c |
| SHA256 | 75cb45bb07a327a53a57233bc20f8d3488eef568556adebcc471edbcdc8353ba |
| SHA512 | 644f444d9cb88562c16d4620d5efa28fa3eca89ab5e523928c086125818dc709932dbafc2c8f318f0ccbedaea2f27a27e15c40121e9ebb5a0da5864333717b13 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\32de98fc-3673-11ef-b0e1-76d7d0441b5e.json
| MD5 | 52f578abbcaf1ae05ef2011ce326b2e6 |
| SHA1 | caf4e3cdafa112d25a6090c85491291469b59225 |
| SHA256 | 9899f47380e76d086400a301b2d525b0ae5fd07228bbe917c84e9ac38cb82fea |
| SHA512 | 283da6e9640a55ebafede29879dc5fc23642e261299ecd4b37134e4c65af639240ff927f4b570bdef224e590e4de9c3b6153744d4b1d3f55079fd81a82cefb4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7a7271a9ea9a99adf9f21b263333010e |
| SHA1 | d9f25df82d2f19e494372a3d810f24fab5e83d7c |
| SHA256 | a9d3ad4350d1f4fda54b31bc02e2eb2994431cac23bde1ccf37a47a1213badf0 |
| SHA512 | edbeb039b5f963097d07ca181ad680a74eea7cf2f1ed59df4a72cefb5f5c04641d4a41fc9d22d74e81f0b600d7d7e672588edd32df00284dcad1d35452e70ca2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4fad3786d653a0e43d3047dbe6cf6a3 |
| SHA1 | b9cd2b97c23d609dbd8249849871ca3c289353d1 |
| SHA256 | 84819110160ead6a478816a85fa8f000da218a9235b8fc554f27bc1a03943884 |
| SHA512 | 04739466d510031a450fedb0c2c82da71be4db5a4cec308663fa0d6a5571c0db24f3f061fb2befbb2051ad5e01bd5289c805927ed596a8b68271e109f39fa2b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 56f0f23bb3d455724183ddbe4d4b0bf9 |
| SHA1 | 542f36270ac252993446dcb301707856930bc94b |
| SHA256 | b66c225dbf4575d44a403d4d95f4e260f793aeba82ef8ed8433d4209d814a27c |
| SHA512 | ecca8aeb8a753fac4f92878cf88733c34e6c26eec88196e8f4153055c504d69320629f0a746a1439213a861b525ddf869fde3512ce93b5df903b629feba52109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e5ad94f53adcc556762a180c1aef58f |
| SHA1 | cd7e41cd0b04c971d05d85b06354f555a809bd01 |
| SHA256 | 8c1cd4939a5c1cdb341331fd9b3c0bb6fb46a37136a4dae00973e6d26cef4166 |
| SHA512 | 22001396829652eb4904f7ebbcc9fa214bf80188018ce95b11e95e5d606ea495323afb0c34811cea0b5b9c5ff22ce0598f836cb715a11a453af7b283119d76ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fbfde859bf172c0a64efc5a57ed67ae5 |
| SHA1 | 2e2c5c8b6f5ae1ae3cecc9d68c70ce8764107c77 |
| SHA256 | 3b038c981312714846d9bf5ac9da12fd0ff5f77a787e9388a126af05eb14623d |
| SHA512 | aa282dcf2205a7eec9844dc2b9d22edbaf161cd80735d2cd0ebf7a20e0140320300a2356e98a33ba14b46465a25c87ef24e6e028f5d83f4af0d8b0d32db50c81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f6e7146dd950e06f8431f2067e292a1f |
| SHA1 | 397d00cc55c91c2a45ebd80408596c04ab816f51 |
| SHA256 | 0ffc7d1010010e4a0d80b48efe9feca37459d69f6d6f1a8be8f17ab687c30dfe |
| SHA512 | 271643ddcfdca4632a4bffda1b79735dcf1653fb94ee972352f126e21f3ec34337ad5421e06e831b0542b7acf21650b10fa18e74549fdb8f81752c443b3a8805 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 572d7c7531b997d14f4bcdf3454a7261 |
| SHA1 | a8ce566c84e70a3dd90323f826824bf5e8e7366e |
| SHA256 | 592f8810eaae304628df35fb03ddf49c12cedea7b7378b52a002fd1e1e1b761f |
| SHA512 | db4f2644b5385fc057c192bf39e102f99c7e46422b5c320d8497281bf7573d3760169683c8b25772cdf9dbb7a7ef39d589a3af9256e9f5598dc8eb318618fc7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 8b341ed26cfd25dae8763ba1db91e6da |
| SHA1 | 9e8927dc3d79ec2c950ebfa14c9f11963a95cc8d |
| SHA256 | 0b341e4f1dfbf64936ba038e4b9b3bd4acfe8514fec344d93f8a40cc944cb461 |
| SHA512 | 62cb3422b4ba9a70b49ffeec8e59def834111adfd30dab80681842b9b540c5996ea99fa3ff848806ec7b0bd1d19a71edc57b0ea88a5265eaaf183a86d547307b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 797b3d3c00fa33e19e7637295a5d9451 |
| SHA1 | dfe659e6b84ae8c6192a7e75fa3ba1570196e53a |
| SHA256 | e6e92027b18d09ad6d11bcb21b09f282d7701f2b07a1a97a608f8973e6af30dd |
| SHA512 | 4d9efd334c4bdb0913e25d7a2df99de9697103ab35da66858965ccc8cd2b158c6fef6e10e2d097e376009ba3f74084dbf538c25fa2f5a2c414a07e5bbec307a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d68a85d936eb6e401ce746dc9fef85d8 |
| SHA1 | a4b161c17be18e6ace50a79a787d78d0427705d3 |
| SHA256 | 69acf10b8abbfa59b9a586ee495fd50e45c892b6746637e2ba46270bba8732e9 |
| SHA512 | 4d879d64c7a485422075d3f891fde60fb154c09a963eb727bf8059fe577372137efafbd3e3994f1524c21bb0e5b80b6808181a997fde55ccc0ac50a35d8f82bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0ddd67b945727e48c51c8ef64fab432 |
| SHA1 | 8930a7211fc8aef0380e7ea8599acb924520f430 |
| SHA256 | d0db4c2ca31b01f1cc6f249556cab60254e22ef5194c71e8fdb6a16d1afd3f8f |
| SHA512 | 918c85adc4c3f71be6f59b4c2b5ac9af536db0b8133881e71714fbedd5265578343eb33b977bf045a6cca4115e5857a04ebba2fc1e2bdc2f0db77efaa843bb0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | afd5bc071bc6a7ff62420001af9bf613 |
| SHA1 | c7d880ae1afaa54c146d8ac6f1ab7a5663cb70e6 |
| SHA256 | d011f75080a44ef7863c546bca752877fe739be0a28aa90dee158277fdad4c8e |
| SHA512 | fc15a2b0ddc6518bea7faf940abed73156a53a639f213ec7ef37a73ac429f4640039cf57084a54ad1c404df152df44c0d3284c922a4be665dde5a9b1bfda1e38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9986ece8de74616ce5d0f546942df4c |
| SHA1 | ac2934655190874da8e286d5f6ef9df1eff777f3 |
| SHA256 | 6a519656878007686caa1fdf9bc86772794da81cb137b99ff99ae35e2f5d8485 |
| SHA512 | 71ca4d4c6809af7a6081ccaa663fb7c5b388cd493fafe6848b587806e204e890178dd01c768aa09726bbde39f64017a556531f6df818380de1d3a8f9ac8936c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6a98c47be0f529c22e61263bcf4804c0 |
| SHA1 | ebe2eee5e5dbb9d0cf0058e89314def5134897ed |
| SHA256 | 444c150ee4bcfced9404f47e0cfe6f49b0e753a8c7ab597107844f156cf104fe |
| SHA512 | 357e75c3cd20c40dd1282edf48af033243693f49390ac8f007cce2e2a40973e41ef8592b2be01daa8cb608c3593f3f7fdc9e0430e66b9a8bc1eef70f821d177b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af8ad43c7140f8a3361b544bfa4b605b |
| SHA1 | 64e0013ea8d4530adf8b2ebd361caf43651e3955 |
| SHA256 | d0a010de5060b60ed7d68702fc9b476473d477fafd075cd090b32a2aec2c99a4 |
| SHA512 | 0536babf4ba1f8ea2902b87e8453e986633445d4842715b6ef8f1f07cd18b5364c25c19257f4b64d3ad5fe5c0ad4b7162d37f5fa7978b4896868eb4e1256fc9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 0b77d725802ab3096e298f28ceaaf1d3 |
| SHA1 | db8653b159c15e1a1295f4e9ef6003d8e6e0f418 |
| SHA256 | 270e3c401469b6931842e0a7c36cb48b242c45c6fa62eef11366c85ef300fb2a |
| SHA512 | 5410a3e3383f38653ab2562c3feb6d80d2715c9c6a6d72a17549bab32cf3a8d4d70c30291b9d62e574862c051c286e75eff500f68d3bdded046990ca173f1872 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad4ab64c0a4201adb2b60bd5eb44f6b9 |
| SHA1 | 67157d30c82735942692ce6f09116fba2c5fa47e |
| SHA256 | 48c357dd4f5d3389aa062fd7fcf0dfe6675e93ba349ab2ae65b47f1b3962307f |
| SHA512 | 1b21d286c4308eb507d32b8bef50b37a89948bfc6ce24dbf4e79a205f0229e2f21f6054bdf1a80554b9615cc0cad1055fbaad1e0433869dc076a8059fe929a89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ce8bf040c50fe67fb57a7e32b2495e9 |
| SHA1 | 98576a1362688b198c2eee92bb40ae75e830c529 |
| SHA256 | 437ad3a9e7cde11045e94a66dd11423ad97d177bf3f231b492a40dbda0df4f42 |
| SHA512 | 7119efc78af0fe0e1cb4ee31909de113014a75e52b9c12f6c91f45c1cc8d4a3bb87d1da840a1ff14abf95543630511c6922f3637c0bb81d5d5780eb2d128c318 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b233925193a3c2d50d0ac21d5a48f9b5 |
| SHA1 | 1b81311774034a6d68182e13a82b46804d61d4a3 |
| SHA256 | 3c8d0e6d449e239987eef0c954e7807f15dbef77f2651b92006230118e79c0a1 |
| SHA512 | 08e39307430d56e45ff0f8f55297b2de7cfd13e3aceff923a42466c9c96e8a937d71c2ad70cddbd4590b2a7d5ef607f6b0ce8a99709207eaa3231d7c1e037528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90b9756ac787736fa58c803a43c86bca |
| SHA1 | c2e801e38216b1dbe7e65cabbd7d06b49a833812 |
| SHA256 | 3017137ad8872aa492601c40efff013e378ce83ef103c44cf4e73e6f107b9051 |
| SHA512 | 8292b097d94777d0f5db8176b1bafeb0cae3b545b2827a62944788bc4453cac0e00b0521889f2aaf92633a0ef35f403c5ee7a12226e26c3f9acc4ffcddd765e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 88ef0f552773fabe70406555ff39c9cb |
| SHA1 | c7a2a73e7e47c08be1f6bbc964107e8323699cfd |
| SHA256 | 963e5405007110d02b7c22a3a115f6803b8dee3b45d33a0c21323642ab7d1908 |
| SHA512 | d6e2a87878f55fb7037bec0722778904d0dd3b8936d475419a5720740be93ad00e9eb53d0efff2ab9baeac293dfbd678bc016518bd984373bec184848e557af5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 158052d509461d354da56afc5269ce83 |
| SHA1 | 20973b093195f23df2f8e57ac9a2e90486729e81 |
| SHA256 | f36f94cbeb8f33f744d028b26467e7ea9da38f9478a80f566515be44c6c34f10 |
| SHA512 | ebd1219ed182e74bb19f8f5ece89c11bb4570d6fbab78a46bea883edd5816bfa9b2ec286e2582ef772e50b78debc8613cc7d5bec115539b15c406896644db021 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7cf7df0abd78ff55d7f2b25e0e3dba4 |
| SHA1 | 9a1667a2f244d046ea13d6968ff76528924d087e |
| SHA256 | 4747e481c6883371903b53e8ce76d4f875527a0262ad630014bb9ee3ea362b0f |
| SHA512 | 294a5288d3514a65ff5d01d388bccb4b0ed162cb71dee3ed5cfb6fe39ca372b903d53a0051a148d9dc2defa4e995fe3c660d7c7870795a39f3b5207af40d063e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95f4c5dd84c79d59829f928ee7b72483 |
| SHA1 | db1921e8fbc141219f69d78d0aac1ab9e079b8e9 |
| SHA256 | 00d09e53f0dacf34ce1cb8a06578d05831b3617ee283cf23cf2c0f0d4064371d |
| SHA512 | 39a90db0be34bbd39ecdce8320c7417c7061aa4abcddb2251fb307782bb55f5c8235a7bd81bf2dd43322cd058f39ee5910b7d407be73f08ff61dc7f812d19a84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6bfb25c5d25b34530b9ac2e01d3286f1 |
| SHA1 | 8ab7de68284c7d0c0a200c3c8c74a7681a17ee07 |
| SHA256 | afc295f5a00c4cd069bc392a138166e99b391e78f6ac8f3561ee4fd53d3d5575 |
| SHA512 | fbab1410a71081d8e8cf9add2e35d5a89ae63b2712536038fcf3cbae85b9537425dd4b4784511c201fe4680f28fc2c275a2af1c2f39d24ff5b4d2662c9599b69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d77e972a69c79a87766ba858d131be88 |
| SHA1 | 4ef2d5335870907e8a0c04f3b6d3057c94d92668 |
| SHA256 | f844f1eb3ac23283f5d4d54eddbc702f30a466fb6bb9e1c50eee82be9fae162d |
| SHA512 | fafe70ccf5740a7c7e21b571cde832fdd6f25a0fc40b8b1d47f8830295ab7463ff04ef932b98508aaecfb857c89246f5014a7851910d0f9eab1acca0ec1019d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ef83de43e7569ff76fafcaf46158ebb |
| SHA1 | 595a8937af46e075a08a4666520e7e1c0bc52ebb |
| SHA256 | 710bd092d5c675998b04c4df1da356389a499f086ed4ab5a131635daf6e70f9b |
| SHA512 | f2939083a3c27b5639c68753a60d1460472d509cd18b68dd8d495539da9bcd9587581c73eda8a929600c1189c5c26d89aed3e0e7caa18e838af8009d31511a05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6604f57b69172c9b7828e26814a890ef |
| SHA1 | 1129c9e30967b737b00a18aed3f9c09bccd11eb8 |
| SHA256 | 34161030988af050d5b643a93e4544364b551ea1d6d87c95940e95498e50729b |
| SHA512 | 7082059ab6e81ff1a9e9c9328402a4454d50d287de73a116de82f891adb994627670cbd97da52e06a13d00455260dbe2c3e069c00fe541943f89e085f10e6eb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 91504df797eca31cb4ef6e49a732aff8 |
| SHA1 | d41a9b40853d434f9941d689712b487760db4629 |
| SHA256 | b4833992de6597ba76b2c5f5e5664be94f2cc0d1a29824d4732c1027b933955d |
| SHA512 | 7605ade71e326b9f2416267ba30677d18eb227bfc165b434268fcdc1d0f62ef235cc2f81e0bc4a11d1d80e20092da639b1430811c1bfe2e80a528bedbe73b712 |
C:\ProgramData\Malwarebytes\MBAMService\BlitzCache
| MD5 | 457fa231fdfc053a88d4a2c06459875a |
| SHA1 | 2977c944625fd14fb39a5f84807ed7409eb5eea1 |
| SHA256 | 2a77c2abbcae5ae28e9f8838d63d068e30a1c37521c230b94ff0173b5a313c98 |
| SHA512 | a006a4c9e914f614dc1bbc3ba998a5e77ad4ce94f2fd552ce931f4eb9512700aa1b83b9748d8623ddf3b4890f2677b9307448de901a639c599ffa6e49fb38965 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | af2f45ee99e4965301aaa38c5323e06e |
| SHA1 | 1a529b2db3a2be531ec0cd6b33cde914350bce13 |
| SHA256 | 0913c536c46fe371d4cf2cebfd2348897ae1b6798fc01686375152af9a067346 |
| SHA512 | 9ac4d7a489617b5f33123e5dd7914e95b0bd8c39aae83465a36298ad7cfd73711d0cd11e126cf014b47ffbd491f1a45f804fff1e6f4f8f191192c61d59020c97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd599f13-e4a8-4476-a9fb-e03acd23cc92.tmp
| MD5 | 99976295640cace884536158c0af0ad3 |
| SHA1 | 98ce8c79161ae5cbb40ff33f3222c7bea0761188 |
| SHA256 | 5f9f5e9c412c8c57aee8a083f518174ce027dd7d7ac613995140b68b65e3b90d |
| SHA512 | 2684425b57ee8451cba78a71879b92e98879237d6eca730d64e179c32c2860a56d41e415ca47364b7429dd1c9acd353fcc58a90029bc0d6f03ed210ea25bce23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2fcb23dd3fd8047a9217a1ecb18fa96e |
| SHA1 | 675fe1997729047f519d311df0ecc2107f111a1e |
| SHA256 | 82f851e3b6115c54c529609b8dde72c3f5fd7a823241c21ab6cd1ac9694ed272 |
| SHA512 | 982b00984e5651461197acd49895fccdeaaaeb614411bf9a95fb86b870718953597ff0f6c8eb21c15a8469e5f1c29123d477c5fac925ccc9960534478afbd707 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Extension Scripts\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2f8488bd310b5feb4a632888abdc4661 |
| SHA1 | 8c3a776cb5ca019aaf278449cde74317a1c74de2 |
| SHA256 | 314eff1141a1217b5918df3fe06c0957e07aabe8372caf1519e9dd23eb90796a |
| SHA512 | 7efd90dd6024b4b8ea9138b483dea75a04f6ead14cccdfc42f2b3f06df06dcced599ce8210bdc7ddc91340c75637e0b479dd5bd226179e43ab1149d4b2eda0e1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 227669d1a5ef1ea0ddb882e4018281d4 |
| SHA1 | 9a76d5ef3cf711cc282722dc82b344e1a4cf01b4 |
| SHA256 | 51c6b4a0268905833f89df4e5c0bf8b60459c2d8ea7ba8880177df38f642b753 |
| SHA512 | d6ae67ddc2a379a3be9e85e2d741022ddae6060079b22e4ac7df4805105daf5e8b96018a429c58eec231e5cd142c7911bb170b385d6e8fc12a76099a778ab601 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3bb76ec23c5506830ead56540e06159f |
| SHA1 | 94695e47d907e559e91e677cec4eb763dc0c5ca9 |
| SHA256 | 6b40f4ae548688a472be3ca0c1b08ecf520b31e706fec0f9793b4666134eba06 |
| SHA512 | 307f9bd06ca5ee753acdc450cf1599dfc8ed080d9a1b19d752dd9b7950377a5b04e44d374f12ed76abd74961c2b1f8ad6c93e4663ea77f5d6e066570c1aa6bad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32b9dc9cc81d0682e78627c873fdd651 |
| SHA1 | 46c486386d3e153c3e9b11d54cb52cf0064b71cf |
| SHA256 | 712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c |
| SHA512 | f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8969cb89174c91b42d863986f3a64aca |
| SHA1 | 73812646f59879c918fe6c0a5bd159deb749b3cb |
| SHA256 | 09916ef140559ac56aab3e9d918d42ac6fa23aaec1235474c2b6e79e7fee605a |
| SHA512 | 70dec2003a2f304d4498c2d29fa3eea687ed34109d3f8fb787a2bf95950d344bc0967adf04330c2418048e6541c0e9714ae63b5e2deef4d048713d55f3bb8863 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a9e2ee476dd4d435d4f300de7456e78 |
| SHA1 | e5927eef41ae6fbcef089ac6f1cc2a453e43ad60 |
| SHA256 | 119df32365eee7b6d9cd69526138724f6329f065f7986ca7df9367cffbf1a707 |
| SHA512 | e95c322eb62f32be3521e51f7cf19a149461e5d0d8e8e7d819af875756aae2e45211ce4457c49a2407846c034ac376e77d346d4baa7bbac4837771fa707f78a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Preferences~RFe777a06.TMP
| MD5 | 7b9b16a9e225476a55aaef45939498db |
| SHA1 | 57a8069f0b56b2c8887e7463bfe853a90165e400 |
| SHA256 | edbacef57675c300ecf1849d064a6bb850096e6028581fadc9ad7551c204e7dc |
| SHA512 | b626405bcb8bbbe41f54bb5ea58b40bfbd3788b6e77f8212a152ef27b77199efa1b25a617e2afbedf4708aba0565cd12ad933fa1303f1920bcdb9b4e188b94cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Preferences
| MD5 | 052b0cd830a154a3d92a7de7bb3dd996 |
| SHA1 | 34d069c9ca972ae92498d091504362429240cbe8 |
| SHA256 | e9457865c93d03fc7eb8f5e156b8f0e9c1a7df99406c9ef16ee3870a60863d2b |
| SHA512 | 60abe168e77b9494d3338e8a9ceeceb0620cb3ec95b99640001933d3cc3ba1f3a2e399864bfe0b2466bb551c6987a21cc7c33f758346b7e2e7d5e84b8513fe00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2182fa14de785838b8a26d31b1e43687 |
| SHA1 | df08368b8f127b4fdcd4d67e57eca2a828bfd56e |
| SHA256 | c0f53f28532ab3c6253662b7f410fedaf2fad8428eac63374153108b3dd0f638 |
| SHA512 | 8abefafe5694a74811a87d1d2ad708eda8eead98bb29cbd8e7d29b081e3fa4a75d18cad6f2af165fc4fe5c0d9f6c4c2397c519c5be6c8281b95e5a0fbe17597a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 78c8a351a8617df43ac0422f13da45df |
| SHA1 | 1447a0361c742f97bd04cf5a2c6e28935ec8f29b |
| SHA256 | c88c46a667f2a8322412eb72989d453de0aeaa5d1089738666b190c4f3b85ce7 |
| SHA512 | 5209f1371f920ff5823e009ed32413b96e3fb62b020cc3a296792ec2addca5c71a2203b792569328e74c6b3113fc41ed3c935e2b39632fb31c3965c5835de4cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9ba50b172b90c8c0c88f102f14feab04 |
| SHA1 | 92a25147fc1a93d72c81e078c7d662aef9d2a4d5 |
| SHA256 | ccb95f9abfb80a56ec78633a86fe62b67fcac542defc225e99467fc62a6ad371 |
| SHA512 | e1db08c772132ed3c73878646661f7d6ca064ebf4fb1438bcda98f3d9a097dfd20689774c771b76680472404bcf10c872c555105273c98ec5d3084b1501d36a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5e48251368688764bc2c3adb23224818 |
| SHA1 | cfef04fd36d5a77159d709309b21af4989645a87 |
| SHA256 | d66371c142c13d9f4eb54bc937c891fb02e68d6a4b2f0b95e00bb71e2c8dce56 |
| SHA512 | f96874025655c63cfac055f596a5255ea86f1c6a5776deb13fa316b5a4f648b28c3e272776b590ee032aad7cb0f69fcbfcf42395cde1d7cf3cd666e0f575762c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a5d4abd98e94b9e1c14d822c31b66eb |
| SHA1 | 447ad7924749c378e7c09577a252a06d899e96b7 |
| SHA256 | 86e80757642d92d8101a02401e7a39a719ae536de314592a7bdd1f189ea73235 |
| SHA512 | b33497dc036523414a3e490e9e9d697da6cfb7303a72d210dcb7f558052ce6bb8ec8b1deb5a4e056f036b13dd36decba0832445f03774b02ed976b56fca7059b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | 4496a4adfcb2b23691e0c5d2144addc0 |
| SHA1 | fedde8fac19d2d7c77a0621677b79b9f448cc34f |
| SHA256 | 6267cbcbc8ff44d7c27d5ad6ddcf5e7e77cbcd5e6fe3cc7568fe9dfa19fde88d |
| SHA512 | 7f08f81ab3907de251e90b7b56dc7b837f19eceae4a9d6ce10524d07193e1146547a8d23e3dc4022d51c10f8cbfe0dd991b79532dce272b1c8f915a9e893eafc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 79d07d78416ef6408ff86b592f0d3abe |
| SHA1 | f4de576cfbacc78bbac0fa1a74656d9403f8a71b |
| SHA256 | e1c0914ee5dcef68dd36d40a3aad5260733871ff53bcc1dc754b3d7ce3bf11f3 |
| SHA512 | f1da0cedc05c0e3a04b5bf06435fa00abb3de71316ace5bd9049b75ef93d8b5ed2ee614bcb2a98e0c957559f67ca954b5245d98a87f891f413c0cef30e51f29d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 363005bf71e4552f8db48c1c4b33bd8c |
| SHA1 | e7d6df4ba52ba9f8605cf43537c3e281b3c8310a |
| SHA256 | bd3533518632c9248199219b4fa0c2beec289a440a77dbe78011f31494269d74 |
| SHA512 | 8c6329111c31d297426c8f3613ecce5e48985e7f0c5ac7b6bdbec3c3af438b4b61f8b98918644a314a4ad1dd22fcb92d9e8ddfe9e392cf8fce3ee1835cc6781b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\befcdf95-c4c3-4d1c-83d3-46b6db3d9d8d.tmp
| MD5 | 8ca16a3b1596535d9a10eb8123a157f9 |
| SHA1 | e3e3a26584874ca64cb2870a4fbd93ddc964fbfb |
| SHA256 | 08cf27eac7472ca910e304236d7c4e1cfb1917fcc1b73e7b40fb9b9feac708d6 |
| SHA512 | 97c725e5a54cd7e59cfa71e6266ca104f34ba980fcc8d6ce29698d83c590e7038888abb9e82a5b42ddf340e5d15e7c1b1d0895187e8e73e8a0be2afae257f3d0 |
C:\Users\Admin\Downloads\rkill.zip
| MD5 | d20211baa1392d26c733d02da058b3d5 |
| SHA1 | 977bbfedd9ab50bc30313ea86c8e170c66596beb |
| SHA256 | 34c1284289302d1ba612772176f7af6947225d742a2400edba54bc4ae7eabcb7 |
| SHA512 | 91138979d7bcff2bd9fae1b034130cd877dc4709064297d249d30c179b93b102261db5402f2a5fe0761d5a27e5bcbc89bedeb75a465fcbd2b1623d912dac649a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97114533aefcb78abde100e684344131 |
| SHA1 | 7070ebdd5e8d733390da1d5093513e50baf8455c |
| SHA256 | 6239118eebd41a8cd52626cd100606d9db9e3b5e6b10ed4a4d1f1b5aa9e34de8 |
| SHA512 | 5f318d883d9cc56a1ed41c13b0d97ec033fa13b53ad933f4f8458f26f19f93830e9c1d6cdcd6638391bf0e17e4536c4c5ddb78f9fc8ce0a71493d94c7de6370b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe56c8abdabbea824ceba09dbc1111fa |
| SHA1 | cc8e85f25d12b7ca47666b3ee4289f32d7611435 |
| SHA256 | d0f1b20fd3d0b78085af67aef938c0ac7eaf0b53a8686c8d11d2cca2d973e898 |
| SHA512 | 789ec2139256a60d7223bf300d86d23b8a68e3f179046b4248481e5289485b828e941c05dc16fae08d4ea3f275f70eccde23da04515a30da4e2382b3f052fe32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4880a1559d3abe4c72924445090281bf |
| SHA1 | e4ed36f6701a22a46d65cdbecffe0cc9c2dd45d1 |
| SHA256 | 41f10bdc5d4aa0d5432369b667b1f1250934fee4349a5c71d04018bd28a7e33d |
| SHA512 | 92f440034e9d2b1281d066e5998a124e0908f44e5217caaa4bacef2752fc7ac65df1aef8ecfb7e76c1b9bb3b7d28616da9f1286dae3425949eb9d4f05ddb693b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | aeaa6865f7a73818f460916dcabb8c40 |
| SHA1 | 1244cc0b76b819dc5ee37af60a656abf950cae16 |
| SHA256 | 91db71b8c7852fe1a10e82a3e8d30151e885c5504e26840eec3aca068915c065 |
| SHA512 | c6a25cec27a0c479f4a1a7a9da349eca18e7a07914812f9c1d60f1fed118406ece9b77b92f172100a13450091d317b1f8a7e41f22c1d3d0137e5bb89ef2281ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5aed6157a87f4151f0f9aeebace0533b |
| SHA1 | e5a158659bdba34ba6ff1052ddb22cd19ed2717d |
| SHA256 | cf7bec61d03a0f4ae2195ad10fe1dd2eff871a377f38191c931b16c7108f66e9 |
| SHA512 | 312ba6e6d35c5d7bce12d12bc541e1ca3630d191e1d112e84a3aecc12d66e8b427c57fe59b11db31b5d1fc1b80c965a190aaa23cc2b30dfec83db58a2fad6955 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f58397bd95b79493891abe0f86a461d |
| SHA1 | 54d19c29707f9c1551a0bb11218323224e7bbf62 |
| SHA256 | cfbd3c3bad994e2c89f1117dce8fbf0be9fe6d740ca82b23db4089078a1c5837 |
| SHA512 | a11d051c6e97f178319add71e89aa044ac3278aa48629aabb116e742ae449c90b4007da36e6ee22b919535333efaebf348594512a730ebe328c236e1b7076596 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 728d6f3b1c210d5d2cf20f4bd2f12c53 |
| SHA1 | 62613f7880e09f303cfe9374d32ca3833c8f9f77 |
| SHA256 | 22787eef35c2a15af9121c72b6dada380d32905f94329b8f27eed3ec8b5b2bea |
| SHA512 | 28c27b195d5206693199af77984fe7e7745d1975b9545289e8ae83094c925a811077ff4377c3267cb3d80bed3838f5d16d998b87fe89b072a682d28664861f2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | 40faa0c4150091170644046bbe98ca75 |
| SHA1 | d07b30afeaad31c52a1e9dcc2b5362065cc46625 |
| SHA256 | c3973eeb11e12431e06d1ef84661ade738e2f9d653e09bb1882dfdee5f887158 |
| SHA512 | afa3bf63f9211982ff39b058d0dc8b5ade5339ed68615df5f0c16477dac454897dc1d61e67d78ef1191c1f5859407828d297a5102ee7f28addd10449fd07c85d |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 0769ed5b3ca24be05aee974935ced6ef |
| SHA1 | e3d544235bc09430260c97e80c7c2d62562e28d3 |
| SHA256 | 078d3d5744e62dfc63c8767e96dbd3ad391b17c913240fbc083ca9b4b77bc114 |
| SHA512 | 5775af7ee50cf54679edb0fb426754feba75ae8f46b3882f892044fa573fbfca5683f49d82a18e38c312b26dc427f531adf47b56540fe8495b7427c53c22fffc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e623d5e2694b72720f65d20cc7be07d6 |
| SHA1 | 0ff3ebf8c40a89c9844ff8445e51fe66ec74d01b |
| SHA256 | 19bff8395bdbdba2b319912ffd061dd0b51b792af062a70b4a9496a61ff044f0 |
| SHA512 | 274bf1e8f53cd2d5eef83fd3d9748595ecd8c8dd733d5120999d5130ebf0b92836db1bd02e8994e9cae0a64b7b3e705b555610c1bc613c9224092a9f87499b19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 1cce98e0662e684f53cea868c8b9f1ba |
| SHA1 | 0418fd3d7b1f3bd5a6a590b4cf5db420a9c5ca0d |
| SHA256 | ea3124b0e74bef29104c230d66b7949c2d28b63c7c41c24a1c8407293ac5eb14 |
| SHA512 | 3da90b1a478d6d23bf869fca84fc7612198c47b7a40a2d97a3848e9f1c5c27de9e1da08c11230cb7fb83061dff5f9d5eddc4480c2ea3475a686491bf2c392d5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | 96405be748e727ba010e246c45d23d9d |
| SHA1 | d46d7a25ad38fc781ac63a20dee79dcc5779dc0e |
| SHA256 | 8c9e2f957d4215cf1b29d244cfbc665f62512fd2801737c13d934238a9758236 |
| SHA512 | 63584d27bdb82084d8eddbe4c74646e9554d970207019cf8941a679a2c40300eae217f9ff347fdf82d7a31c08aa8c618294b63ec7857a364bb1053c30ce69114 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c1289ab09a54b4f_0
| MD5 | 4a3ff688cd1d0e47d42b80ae18657b0f |
| SHA1 | 8501eb03b372aadea2560ae57ee071233c82b72c |
| SHA256 | ffcfae100c7638353a1c34ad77ce49c434c930f31ecc142c7e94795bc419f6c3 |
| SHA512 | 75ac7677fa1b2687175cba49f661ff07175c4243c4014849cfcea2194fcba209d5533a99640d548ba724638f4fa309355eca5b9204dc5acd6c5452229ed17f29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5da7548a92d3362f_0
| MD5 | a8cded00b73fc12172a32f33d6a98444 |
| SHA1 | 2b1769262dcbc54f73d1bb9ed711891144056d87 |
| SHA256 | f2ceb2c8cb5b956f75db7a04de3d8418a5cb5826e9b6d8dea2f8d46a82135f41 |
| SHA512 | 4a4d3bf1a6e70dc807bb03cd24da3d16313dcddb38d04b2759daead45c00029a98e31d5db139b8e20c06a9a39bc6bf6f79252741c5d33a4815250d16e94c2906 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2aaec76de5a0bcfc325f383023f6c459 |
| SHA1 | d52ca9ec0439a7b64ee55178ca8f02a2592d5259 |
| SHA256 | 8b1d3a9d4d6be653d8ea0855807261c2b71c100b3ddb7c5c16dcb9aa2c8e47e1 |
| SHA512 | ee05d9601c52125c52c5daec1d070de0afd2d8ce54113a0e9a83d4b84e8053faceb56034bf4fe8aea5c13d3a8d6484c968104005ae2b0a7a4ef275be2100083b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d4b7ed00b01a95f67fd7f5e5bdf94ec0 |
| SHA1 | 9e96755eff1cb1e7d234662dca039337ae35ee7b |
| SHA256 | 0ddcb6694b355c6e9cfa6bd488896df2c9aad0a88b309efed2f7dfe0d000d1cc |
| SHA512 | 75c6173f70c962c54c5998542ac464796121009b29f21b95c6d57f8b5781697880da589bb6ec42e5d65996e5d18c1523903a518066e3f433618be2a263697c67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 67e8e97e55347cbdf157e8ef2f4a56d4 |
| SHA1 | 5eb0cf42df997f4bbd311f4045ef8c35d9f0fa07 |
| SHA256 | 81d11713f236182f31c4752251a6941696e40245934add42e9673379deb8e3b7 |
| SHA512 | d662198d89344034bb6c78a9f28eeb692ee4967c1c5fb15b0566d227aad863977831ba51140604e087ac62a44258882cbcd263ca922e9b1f64358e41d2f2fbd7 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d74dc567b8ff8f00fb5a084a20c4e1d8 |
| SHA1 | df27f7544cda3fa03ac7e965ba0bd7fc59919654 |
| SHA256 | 0afe3b39d57e4d0967377c8e7e25491911702a0ae276d5b9dea29a34ead72fc4 |
| SHA512 | dfa0b8a7b551c09a43a8d30183297286b163ae663335d5afd153ec8340944fff8782fa5d7c9f869445f66711dbb380c2f2c69f1051995f1348e611fcb68f1644 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 47309d5768738efd0e082b86194ca9fd |
| SHA1 | 4ab1b620010fcc1d349b1d4b4771458fc34f3958 |
| SHA256 | aaf2ef00873faa2461b1d7101664023b52e26be91a3434e54897ac9b16369b89 |
| SHA512 | e031a0feaa37065b469526b586783d6fee58fca7b807cf8dbcf37da511e2f0df4f1a724a5aa0681c02e23867c7ce55c8661ff4fe18c728781e0bda20c06821ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 45b1dfac5c509c63a1517533d9970744 |
| SHA1 | b22508d94b65dca156533e1ded4a170803f5ef98 |
| SHA256 | 9de9f6f7799d7b690c06ef6150dda05d27b2bae003fc9cd957f875744ab58db1 |
| SHA512 | cb90dd37c3fecbc8447e17df1e92894465f48ddcb0bf3c8c2c8cfa2b15eaef8fd161c610033a2d8e09ae12abb3747c688e463896d10c02dcafcb7a37ba496d36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6365a080c26d08ed060b59351262547 |
| SHA1 | f655342fc52c454b81316d2a831b58938f547a6c |
| SHA256 | a98381a65596ab8a6d7887b5e04397996f66b2e05779931ef919e7a5423e56c3 |
| SHA512 | 2cac8e75bc17072aab4cffb9c877b750a17cbc0d27fed930cb6201350e97c14ab27d73bb4dcb0841a892fa93da1e69ce9f50cbc84dab88e1d7d0fca43b67ba33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cbf8471e183d865ab9fb2a035c10e6f0 |
| SHA1 | 66afb5e7cf7e13b41fa401f9dafd60145aee88bf |
| SHA256 | 80ea21018a4244b1b3c0c4ba30ca4aaf284f4e6aec484c054c577f8cc5069ac1 |
| SHA512 | cc11f3c625ff99e2018b0ed2d614369ba4b81effba0c9390c349ecc71d69236cd0bd6e428868ccd8b1eb8d5096c7b254b23e1f935f2886fcde7ab7d23c7549b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Network\Network Persistent State~RFe79d55c.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 366d3af1c2b5e722725f32bf2a33f9ed |
| SHA1 | 55839c2b1a2c65a7aad8f7992d58d501a14bb7c3 |
| SHA256 | 9d9fc357331ba4e77dfc9e425eaadd648b974ab2674d1dddb6966d9a6976f818 |
| SHA512 | af84ec431e80265c0a88038e67294441bb50ef19cb7c77ccfe12e95a087b826340c2304c17eac695fd30b1b06387effd3025d6840252a542ea2cfcac5213c91d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e69a2799e5874558957ed6272b57267 |
| SHA1 | fba5f9a5272bb6da8b60d407f60fb4616089e5d2 |
| SHA256 | 3b3209e9af0dab1cf8239be1cab37f38a02dfd06aedabed38cde6da0f0fa9054 |
| SHA512 | f719498e02a1a083170ac43b2f492c1a058057b925a8784aeb31d1cb3c0a68917705791f76225f9070430e491dbcc880b0aa5e8f8dad0b930dc193fa0a8ab131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e5a676d78a082c5c8f556d28a0492ce |
| SHA1 | f688d2560014966acfea917f5de9e8868e811552 |
| SHA256 | 329decd18141639fced2533d99ecb2efd9736db778f1c78df1bc3c6f76157f77 |
| SHA512 | 927a205dc47e9955bb57adcfc83e1bb362d5e046b6c2d0e4d9a25727f5672898b882c68f325a2bb1946b0b9a312153ddde151b8c23b86e7f5997c630ce8a5258 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 139d50440800b7ce072d85f9757c5dec |
| SHA1 | 7325f373d306a3c8530c041098070af6480f8155 |
| SHA256 | bea881db4305bd6170fa8a807094237fa0f53711c7920ce771dec2bab61f1be4 |
| SHA512 | c36a31a63ced29a65b903d86c455af6301531df07c5996cf2142841089922d8005e11732b0299340c1bf9226f9706cbbb0c08f1f45ccab39991d31dff771ab22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9765e240e4944daad4a624665c31422a |
| SHA1 | 6e0f9e8f799a31b2ef6ca6d638ef981a291279e0 |
| SHA256 | 1f42e6cb95a33248548808d9ee1812a090eab3dd8fa438764cd8e6a01dec451e |
| SHA512 | ad4264b74c20e4dc23c0824ff1fac783a5409e44d54c00b9c137bb1ec4cc15e1661d373b1d0710aaab6318b7f964ffae4435956364954cbd08a1227263e5b40e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abf642b514dea7959ea6012917944ad7 |
| SHA1 | e96e76ecf2fd11b782571bc889c347b8d88e3e35 |
| SHA256 | 5551b97fd2791a372f4cc53ff33565ca6c9bcfabf3013ff19e021793d6b6921f |
| SHA512 | 6af70c9d1820b83cda7e3337315e53c07d53338c8cdbb53cac237cc991ee70a4dcedc0a7e03cd0ba46a24175369f4393704f17f52dd80d41656760d485431d39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc3d49f4776e876dc80bfb03558e73c7 |
| SHA1 | 95707ead41e5ade5f40c1a317e5fa914bfa4574f |
| SHA256 | 8041a94f8fa9fead0160861f8571e46e96cf9b10b7dad8b65df444c96a5fe6cd |
| SHA512 | 3ae08e901136ed5d84e79b2afbfb384d5bcdf3f5172c1b78102b50870ee3366c137ef4fda9d689cdc6f78eaf5170220b00f595f92ef6eb1aeef6ddadf707bddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e54f60387fe6ead9097253ab8f2d0c5 |
| SHA1 | e98b3d929e71ef0bff7634bddbbe0455f78c79f0 |
| SHA256 | 1feae7913e23a7bf67d1786621509af0586778bae20c25cb25c0e4bd0cec977b |
| SHA512 | ac8b9e46b1ff0e797a2894948ce7ba17ba0ba361b0a39fc91d10aeb46516949b197b938db89ad0796d6991da85908e4f0a81da315b9bc9a6adfb402f8780475b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b1055d9403c4ee7183b306edb9501fb8 |
| SHA1 | 174dd19bbdd4428027c420de21c8e7f15c01b130 |
| SHA256 | ca285ab2ba5ec5e6895bbe7c9a9dad234e8444c5f7d277385ccaf453b62b0647 |
| SHA512 | 5618dabcf58cbb19b9e850c0dfded88f8ab19d6a1993d71c19263f7c4baace3b16ec94e4cd0f0f1dd2e606fd07ec9029383dd1ffc15174bf1d5b762767cd39b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef634d193abaab8caa302c565651bba1 |
| SHA1 | 3e4bde74c9f8a177210895c2f5f3562cfac549e6 |
| SHA256 | bd0b62fe54a8423b85910715d2adaab7e626211255bc18b7b000603232d1baaf |
| SHA512 | d0327bcef7a79ab07cc8ad601c086d21a37dec0f3416c77fcf1c1d9ef6efc6c7cac00a85ce9c8e1114ae918021435a3b42e1ab29cfd33766dd80c45d0f78fe20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 7dbe00add82df1226b6be3e483eff869 |
| SHA1 | 23bc4a324582277ce124868db7fdc520839d218b |
| SHA256 | 22ab787ec084e789354964ecc388a63611c1d0628b0e3d3ffbd77a2eed0d8d8a |
| SHA512 | 989a748f6a66251c3555861ef94eb5b588300b2bd11c0c49dec7c6714d38edfd434c9afbcdd907b88be03d4b1a350b130305082bd07e6f4d48c36629cf497a04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94f52a8dd9a5c867f54e03e7b0e4f500 |
| SHA1 | ce00e17204103fbd13cbce82f13737ce22fdb113 |
| SHA256 | 10ffd8db2ca77250c40adde8456208720b1933d331782943bf385171d0c7f24a |
| SHA512 | e22548e60eee7dda5ada1bec8e4bfb2e25ac027146b4e692577a51c75cc4086d7824dea244513bb8df7ad4ef1d5dd2496bf98b6a288ece2eab61cb277a5d7b91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\433666c5-30b7-4163-9370-f25c7a88e11d.tmp
| MD5 | bf4d8ecf576527e5e136cb3f2dcfbd84 |
| SHA1 | 85e7cf596bc908b7059e5edc50d3315069724de8 |
| SHA256 | bacf01d376bf27ab9fcfd101a40077055521f74e0e5388b1406d6f91f26287ab |
| SHA512 | 2cf698ce051befbf6669e5bd44603b002374658f7ca1bd8d736c9ae1d8375dea33ee14864ab2916db253b14c1e0aae21d1eb822185f14c7f913756ab6e1c1dc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | 182691ff5f5a2003ed1f996daa0de9f2 |
| SHA1 | a708db11e4d6b4095f2fec1e0bb8d496fa953cf9 |
| SHA256 | a621829bfcf3215dcdf5f6b1cb1f36b3ddeb2f6824b02b78e488345942419aeb |
| SHA512 | ba71e901dadc3ab1ef8247ebb54ab8f9a9a241a813e7b5dc4e6a71b93796db4a05adb93cc1c4fae862454e4a268ec167daaba672eedbca586ea6a159049f9db3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 46e6043b3a70e5986f0b72a748d9e3e2 |
| SHA1 | 5d3ac460401a49fb84286e0f8b9edf6167530fa6 |
| SHA256 | 171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005 |
| SHA512 | c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | a91c8acf084daefe905c538075d9e3ff |
| SHA1 | 398a0d67e3e87fb1f01a644a5b9820ab5d5d69b6 |
| SHA256 | 9901aba2e46fcf181f9b641590df7bba839243151e8747c1e6798703798bf4af |
| SHA512 | 2c0aaa2bd478af9cd3424bb483260dfe174f1c02ee1638565c6dfe43f7181e12e0788dfcd19316c6a884dbb02144ffb35fb886caedcf29f8a2c65ba70079fc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 985308a9f58da7b9e471804d14092bfc |
| SHA1 | 5d1c6c17bd35af97f3cee745e20cd33ad6079f5a |
| SHA256 | 96605c5fc2567d226615ba66a7c8e38a49996f429f91f70d2710b32176cb8db2 |
| SHA512 | 0fcec67a4120ad122ede155d3952c79eded6d2d0cab8161b6fe6da29de3a5d69fbf3bdd9153d53ba626d310e702c822ca2ac000d11c79e7877cde164570ef907 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc49bfb6162871030a2b9bb36f12f4b0 |
| SHA1 | 7db5407db230dac5ef7145f89038c808d4e530e2 |
| SHA256 | 22032a092cb28bcba5d74e4d1964aa3eaf649b3517591b38563fbdacc4e5bb79 |
| SHA512 | 588e7f7e0ab2781a1102b6a9a011a5ad6fdf98e5f7427834f337ec785875e3ee72da3d4247b43499ac7f24eeca8b4826f26ce80406b67cb0a5c8fd3cac58965f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5df542349381377af88b3b939810ec78 |
| SHA1 | 2776df6a3265ece034d15045ae7e1f8b03b8e00a |
| SHA256 | 084588648a628701b0a4e92791360e9a4d2bfb797504cfed1375f9062d51b02f |
| SHA512 | 8581d35bdcb53881ccd8ac4bf8385ae186de59184c8ad19de8b23dbeff823b11682bac488279fd2dfb4f622a732b82bb5ce2da59e996245a8c7495a9b7b53c30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37abf9cbb3bb96860f2e17b72bd19567 |
| SHA1 | f90b66d5277504e9bd885acd429abfda33a78d17 |
| SHA256 | 1104d14f22dfc31156eed1185844d8e71cbad2417c4dd36aa67fdae3b39df2e9 |
| SHA512 | fac362501240b0730ddf6ed91f9ae53e14625c320a5456bc652c162e4086c42a6ac912774693d4210288f7e0634db829fb01417ddf522cc089e469e30d6169cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1313098a3dc0e2773fd6609eb7ab140d |
| SHA1 | d6cc85a5fa50bf7351e05004139539365af2ef66 |
| SHA256 | 4ef6385b8681701ca53a6a2561678d1833b957860cc53985cdeb4b5ca9688ac4 |
| SHA512 | 3ac5bca9993e596d03307752aa2d87a3c23249854de8c27ae83965aa85c6da3563c74396bbf93685a96cece13364d9aded0524fc288ccb76f9fa6aa2017c5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2a80aab5025bf1279e5d8040b5d51fc |
| SHA1 | 6aa3cdd140e3280596353bbc9e9faeebf34ccbab |
| SHA256 | bf7f97ed29358f83635baa6ad95ba7a6a2ec441559ffb588b5ab841c2bd990d2 |
| SHA512 | 36d76247a423838f9f420c9ca0a3c10eed5b75bd60b495f4526bd54d0965bc375ff463c59e93b30370423eb1f1877a95d89750baf787681fa61698b79225bd7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7bb759a4d8d76b14b094935440717c10 |
| SHA1 | 63d1d0c821023c908affe689250218801f892e86 |
| SHA256 | 0ea0c09b8f8fe5582a94b44abd4b2a720eb79943439466d3df7788257440d5ce |
| SHA512 | 82fe55afb350ad9bf6f1450c9fb8c3666cbba3588bd6a6963a011807169b6e9658950de5a8e02c150a5ee370e6d5d42cfd91f37e3a9c09588d35e597a124cb1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 18a7eb8cca4f664a210b8720c36ad2aa |
| SHA1 | 3af8e5ba04e871b64d90dc1a76f23468d5431afd |
| SHA256 | 8dda8bcaa68646e69d5d48030d814f7f8b82f45817f4813978b8ceba127abaa0 |
| SHA512 | 65a149713ebd6dfef77179e9a6f4bfbafbe782d3a8cea34dee7425de63d19ea36362757c3c80df78dffc05b1e312f516c58f01151210aa08f627eae0984e7f23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8d4063e4ec006c8261a73720d80281a |
| SHA1 | 9992fbcb9f8aa4f514f791893cd2b914da615505 |
| SHA256 | 90fd0560fdc0b5f13fe828b560998ac601f936bcd08347db5d73bb308b637e08 |
| SHA512 | 74edbc50d14f3aa7fd78c269f4bceca15537523ece8d72487a277ef4185e4e699fdc7f47614813f8516619533e64bdf6e0dec3618390598e57e62696d18ae6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07fda88740fdaa50f7b19d7dc3b64c5f |
| SHA1 | 57b69e3147a6ec7e672e2db3fc15f5317a18f055 |
| SHA256 | 1657a49fc4bde6f4ffb6ae53bb326fe4e0c6b804775ca810b55bfaf4d29b7a44 |
| SHA512 | 6751bc270a49e6408c7b72d8f740a3d7e5f83d095c083527fa32161dcf707a58a2702cf25aa6c2ddd5c6586e4a6b21718103c5cd0501afcfce41fbef8330cce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 51e0210be7f2b978fdcd646a7d979ada |
| SHA1 | d9b72345eaae7b7c7493671d9742ef2c66535f87 |
| SHA256 | 388bc5180820588fe8dd8ca33988158b7f9ae0883a9a47275868789c726b9d85 |
| SHA512 | 480b1534a1729cc8b1130afca5cd4f41a6e052e813913164f4ddc0709e2c317881339f622fb6e5ec4fe5c0db5cee959d042bcb3a1d4497c8e3d39a6fc766d2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a468c12dc48b8990dc051d0cb01d64f |
| SHA1 | 3a75559c72235128e9b7860723c257cc3e322b3b |
| SHA256 | 86d7599f59bd06a56f8e703ab0ac2aa57d47804cb61eb92e347238d4993d07d6 |
| SHA512 | 20d15eb881d2a00b6d02fb2d0ed1a93999051080103f92ba65848b7174fb2c9685feeb24ac459605bc1a44c603d915bb8148fa9f4d7c62ece6f10418cf72bc40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 3bfae29547a46de41409c412f6261bc2 |
| SHA1 | 3dd8317320e9dfefb0893ec4bcda0998d98f28ed |
| SHA256 | 7aa2c6f4da8ee456f65b8594b2ecda649d2f8a0aa921953c3391b4e19417b3ea |
| SHA512 | aa881ce6b507ed5ae18c4b3d017b1ef76b7cc9bcaad2314613b0d5fbd4313084c131c98dac5f7935ce43ed21abd13ccfacf901f020a5011f478752e52a30cc8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1524c33c73c4b4a14fca5364a5c212ad |
| SHA1 | 1582ae4db8bb8088c71111631a5509351932abad |
| SHA256 | c9c47224850c3e71bdf54563093117eb7d633bd16ff870e2ace649118633ee1d |
| SHA512 | 043ba0c62488bfa3d52341ec1f66aed3c5544720325d66c9cef7bd8961767d3ab219215277a76f57132b2e6692632ae796781eeb8348db3c5e470fb866465bf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05f1b0909a7fef56bb86567e9556b6a1 |
| SHA1 | ac8aea5c2baeb1c0ebdad2ab4dc4ac21aca307fa |
| SHA256 | 1625f45d1eb4c594cea36f2a5e0b27731402fc3dda271da586336ec3c69eb217 |
| SHA512 | 708500a23509a192f27cf1ff99cdef23aedf93c99101d3617adc286af24e3eb5fd4f5d13ec3bfdfa99c63bc657a12bf8abaa1fd7fdb928e101fd5509031e66da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 62b6a82ce4f6370424da2cdde9001d85 |
| SHA1 | 6d8238440f16b7fcca05d4127597ec79d0e18898 |
| SHA256 | fab7fa2e7d778b6989fdfecc006c24c16a35921cf05deee29702492564395043 |
| SHA512 | e9a8f6f4ebef4493bb1b475242865fb191a84ef79a9454a0dc4f80353cfde71c93a80edfc218ebbe1b285a1a4eb223fac9f7b969927e7e4460b9d0ee9430ca75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 60b45939a7f6dfeedb47a6c8b44d56ac |
| SHA1 | 964ba569b55a245a81f502273ca8139b53773cb3 |
| SHA256 | 6230cd1d46a26a90ef324c218ee462fd72b0984f6597861d692be02346e3c59a |
| SHA512 | f623ad18a6ad984ec4d6de6a244707c15fd88ef066089e1cb65ddb246f356b3880430be33e2fe68888189676cef50051a465c1f848e81201288852e069ef82d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 107690a431751ccfb2be9c2e48f15a18 |
| SHA1 | 29d7ab2db4c6220b1076ad8121211df1eb0923b5 |
| SHA256 | 3465d5a4695ffc90520fc60e1d72f099a0464dad4ccb71cc7238d8a2c2e7e827 |
| SHA512 | 671468f2508b92ee031a8e38b39b67d6c0bc4742315a832fce2192a6c73a4bc7efb8dc26aca50ff63740db9fda74069ed19aeb0d2c62d52dee7f49649c9212b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abc2cb9dcaa79461dd88144faff48f1c |
| SHA1 | 9d107c5532fd9d405b81e75ca63744245e024f9b |
| SHA256 | 9e327bd36c8e53f4c27836b4221abf17555804f9ab5a28409dd9ba69c2501383 |
| SHA512 | 02ddc930e3ecf461532d2ab857799a44c86f168ab4f5d26e03f221b9e1cf60dfd9d6e07cbffdab0553bb6ef9cd6747dc3cd6e4629ba497171d3281307fbc8792 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 8f453619f44ecba059c2f709764daef7 |
| SHA1 | 56dd12870aa642904c09a4d7694dd2a9cad359ed |
| SHA256 | 96bdef013fb79e7d36f54609242be99a151ee07d1506ff9e20f6ee3f8a5176c6 |
| SHA512 | 3aaa6b62ba58fecec78986e62be2d1c3058150927fe4a830214ffe7705fd36d4ada5db103d1866ef1a3edc8a9da0e5b3b544dd3402c3b9e8b017f3fb7b65d6a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c416a957ec14eb6bee147ed58a50e717 |
| SHA1 | 15dc72a694eb764efb0478dc065d62cd95fe5146 |
| SHA256 | 8fa405c3c71f9327929b00122c666d969cb9b0e9485bfe14265e91257365fac7 |
| SHA512 | 77b745db2eae3562d59d41bc294ab30be2a4007ac789076d6f1311e1d8595a9a08e57d3dc5d954257f6a05a41a0b26d0e0e6d3ee77664e3c25006e6cdb6355dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 648922309a38b70f6f8f4ea62be36019 |
| SHA1 | 430084a3cea687c717931e4f7e4b2e85d769e807 |
| SHA256 | 935da9bcd679e851e4ca3a14838806b217f72562f8b8dcbfa47ec3af7e4a5bf0 |
| SHA512 | 41c675d31107910acf2439f27d0b3aaa88821530a756e697e077b3254bbc7c8a125a88d65b1828f3c7bcda6f3b15094a3ceab52758628705fe1942850198c103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa15838d7db26a5dd9ab86f29604aff1 |
| SHA1 | 4b20ea670b701fa7918c96a63459de717e2acf34 |
| SHA256 | d4d852544caccc7e7feb106a779bf7d158aba445ade7ffdae7586c858dbe3dc3 |
| SHA512 | b3d9df6c6e1552c79243f802e66c05bb80585f9ef63a56671cdaa333b308423bb189ef4648071b6ce75175880fbaf144ee8a5bc79208aa4f282d80d72b294354 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 35a98ee272adc61faca918d40378df69 |
| SHA1 | 10f9d5eb8c83579951937a11492f9f3f2a52d501 |
| SHA256 | ecd3d03028069dfc6d8d7ad82bcae8510109a1b5e458c6148417b9253709d24d |
| SHA512 | d52d63aeac796b347d8b9e0a125daeb528c90138fb679c4891123b1c1a82aaaa223274ace54a45b3951d1392eed90629828cf9fb8d000d8a0d171874ca2c04ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 7d611f8b5f275f8f29c5d4aadaa000e5 |
| SHA1 | 030531385bbc43a9a8b7a0fa026a3a56d097fcd6 |
| SHA256 | e6247b0e7dca2eb288cc659805f499546176018a5b08db01988da9ba49271133 |
| SHA512 | cc3cf2da52fd9b5543a1ecfb7c710e209248154f8b8586bef4ee861859485a3d06d21bbb0e464868a6ab5ee908d068c4c8f1f9652c5803cd3544cf17a1a34307 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cdd3822709e24e2c53bfaa90131976ef |
| SHA1 | baaa33dca854827fbb46170d81ecff3f727aaa86 |
| SHA256 | 34c146bef1e15ea0ea285d8456325aa8ad80a88bdb85281090cd77a0ce51fc95 |
| SHA512 | 3e74b31f051801dfe2d08c1d2b28f8479b3d53da05aebe80361f16921d93bff363b2ae755c15639e30a05e6d827c70cc5ea5762676e5a0c8f95fb3e4ccf97270 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12a67ebe12ebba5f9990fa0df4114481 |
| SHA1 | 8b64d824a52dcd0f164164fc2ae2c63e3b8ba669 |
| SHA256 | 98367372bf5b808671e7e97134cf57b009ac0f767248b37ef5d41b6f9ca651b3 |
| SHA512 | b829c8c56e385acb1af5c14cbca45889c77f97452f12e88175821032d6599da1449076e24ebde0677d1b215c73fa9a7ed5a8007ba020e5d3de65f0dd54166bd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | b16a46be426e149c5c3f12571d3ad3ff |
| SHA1 | c3a0194cb3c0d1532dc9b1af6599fe84395547e3 |
| SHA256 | ec2ef47af0318d06393db71ef494655d9613e999dfc785aaba5751872b7f44f9 |
| SHA512 | 4ff47721038f5b0636eaf0d03f185fd3bb378cf9d56dce5aeacaf993eeedd40d5e70befad726b851332de08ed3d2f83875f25f49ab0bf079af9c38c2b01bfbf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9303d3e23a7ee01db0006be5f901e3cd |
| SHA1 | ac7a826a0a73976fe14e4b7f2eee706ec47d44d4 |
| SHA256 | 998930acd6bd53824297db80300a6684fe000861a2b1dd0e31372cbf1df1746f |
| SHA512 | 29e4df727f18d2d53b2ea9f07ccec5810393afc39864f9ee9e79e111409e99ea3799f66b6190d2b343d59006e0168170b388c85d0de57c7e8ce679ce8759116e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfac496a05d5636ab37a264aa1182555 |
| SHA1 | 936e14da2e42475606c43ee0fd025470164f0f74 |
| SHA256 | 652622d88441b4d64b14780919a4f6d06f756509dd155bdbd6ec311e5a29df56 |
| SHA512 | a5cf60290c35ad7dec5b9e60fa9c421a69209a4f3d1c7947b07be4318e7034d8b98548c97c2cfc59b2aefd78aa9ee538e0b7794f8847de7141148774617c58ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 9647c2d9d443a86b4cbe51c57256be23 |
| SHA1 | 52445768c6f03df94b16a989140ac1162c760681 |
| SHA256 | 663644ecd607b9f52eb88cbbb74487b018da3196342ee48ac24e4a8c40892ea1 |
| SHA512 | fa2ece7558487ed05c5d6fb2a7aa39157c3d7bf775051871d6437d6c65409c70988fb25cb6898720561557d128e4a947c63355a9ab8119c3d952ea6b9b6fd280 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 46e206bf8138698a159ad81555ae96ef |
| SHA1 | 0b45f18569ee816bba4a7ab5ccab57985f6c4648 |
| SHA256 | 446fcf6f1682e8e818df124175d03db5f5b1778cad10ee0aabc49a7051867909 |
| SHA512 | 69a3f53900bdd9e7611826fd2cc92c4ade9ccac913fef9c2195c9a5492f28101fcc4f6efc2ec87e0710d5b4d53409b82be840934726d5aed26cb5f6453c10304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0b7baebeb14b1984aa2ac61450a9b2d5 |
| SHA1 | 87ea8c5b12e06e4e75d04032e8adab06ff7909dd |
| SHA256 | 50f16615b3ad66758e3344174496203389e95aae8983d53849526b3a03f7cb6b |
| SHA512 | c2b4d9285d1652169137468e6905eb692628ac3c3a6f7292709eb2fba68ff0eb8f695ac6ea9dd425815634d8f7af177a7dad7a7659964d569951fb2d80b00ab7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f52f481f09cf557fadd054c06030b6d |
| SHA1 | 4f4b6af4e2ec6eb92efac2aa5a31495661f82b4e |
| SHA256 | 6ca18044e139f9bff1010955c1d3a2121ad6aa5cfe2020e0f5fc5a45c5c959e8 |
| SHA512 | 6ad62d82539d83740146015c4431caf55e7127c59dce6ab9302f28713cefb91832fd2cc0a724739c2c46a6ed63ee4c2d5481a30cdbe98e31ffa7851bbe912386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 14faf3fa88ba2f3ca1d75219f00a7efd |
| SHA1 | 5377e073803095cc3660111baf89fcbb11160cd6 |
| SHA256 | 06bbfaf793b9061ba299146242120e0397a3c1d765c559bb6b80d0196883b125 |
| SHA512 | a80d4e119286c4bd9584dbaa3f55957cd01f9101a2660af48b438e7cfd14317a23ce9a2157c34f35b0390a7fa7d976b3a63dd2b0a38e97c9ef90992b94b746d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aa5328fa2f622ed769665eaf043310f8 |
| SHA1 | 35fc5c6fdc8eb03134f5d6a228770a42b69a7086 |
| SHA256 | 31adabe63dd633e34c7e8984f3990674b82448b1c328dedd5d8b06d028a72ea3 |
| SHA512 | 9dfcd8dfa93ac06cb0a5cf6fb8bcf7b4adf1d18ec644f7fcc23f0769d0db221c0e212a2f36fb122646c1efa698613f54ff28436bb13560e4ebed2eb232d6bcfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c21ef18503fbf61b373afb6767ef047 |
| SHA1 | fd3c4aeb5c41be2929705549c88e3db484afbaa5 |
| SHA256 | 653d1131f2938e192c0d051ce2eddbc8f04bcca8608dfa1c86c32e7a59bf7f4d |
| SHA512 | 395f442e4216dfbc9f49dd122bd152bf00d16d6103a47e9ea3f9e5f57aa35003c1c5baf0bd1c270b1d2643e945d605f941b062e91036b217dfcad048847f626d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d8fe46d15ecea85fce79411b41ac544c |
| SHA1 | b76781a34a3ad8e0f777e6cebb9f24b6f992810a |
| SHA256 | c05c80ee1659cb709f9ad22ac38da4d33efd4e6e6db9c4822943424637b122cd |
| SHA512 | 6fccd1111b5597997e3f60eb611f0150fdccf8ee8e5a4515336115496e8162c70e046ef7d5c731b0928c6d5423a693b4b967657b2655c55f6cce640ea751ab61 |
C:\Users\Admin\Desktop\Rkill.txt
| MD5 | bea2ed6c3dedfcfef0be2e715640ed84 |
| SHA1 | 12c934f0d147a4000ba04de0b39edb29e32ed57a |
| SHA256 | e7ba12ec724acc169f9b8d81f46d901506dae46ab21d5cbe3e9a671dd90d910a |
| SHA512 | 619be4c33846cee58c2085f8b062e9e9ef8685411e1fbf52907472de65d9439274f8a879d64f57079ea81b330060117d2151587cce2ce32e87bf2eaaa6f473ad |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | f131632ec565ec8b189633860be440cb |
| SHA1 | a5165df421401ee1d437088ac4a290ec954be7ab |
| SHA256 | 4f75bcd68b5b9ffb8ff22c0fa77ae96826047926d82d028b7a3d1166e544c88e |
| SHA512 | 8f0900059db4e59d3de0328064afc23616b0fe0c227c07f1db3c52a5b1fafbf2af4792e352e74f23b98e39ba77465f11f868fb0f7cf055d1cc00f4fc7f4ff63e |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\32de98fc-3673-11ef-b0e1-76d7d0441b5e.json
| MD5 | 57f366e1395c42c6fe506d0d5b75bb8d |
| SHA1 | 375f30579b23393e392707a577536985730bd603 |
| SHA256 | 594699c211055efe107d9bccf5a8b6fd66d31a622ad7a00405c85a238c0f7526 |
| SHA512 | afe3c567ddfb70940159d4a391110cb0a7b9fb056e69bb12ee132e8d4fcd9886e0817a234804b43e52fec7b4e5d86cc9be65d036276d0806dd2e31e5eff0f7d0 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | fe2be36ae0c3643d0c9d307b1ff67fc1 |
| SHA1 | 7f403c28269dc48bd196b5e641a5681c46fba5d3 |
| SHA256 | 02f54e482e77b1e1a3578b4471ce60812d2a1ddffdeacdab1fe070a7f943da44 |
| SHA512 | d22e26a88a8501b13652c36c7d3ca0eaced87258e083c7660bc715703140b688e109f08eea0099fe7dfb060bb913c6d64b4b0f6e6a7be5e27a16f14c11e6a2a1 |
C:\Windows\Temp\tmp6028gaaaaa
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f999b5be-3671-11ef-8650-76d7d0441b5e.quar
| MD5 | ff2f0822681632bb12d462458f44f118 |
| SHA1 | 7cbb42ea7044ec9b3ef5d7a6c64b24dd9b7b8107 |
| SHA256 | ac346fb3a9cfb7621940372d9c0abf1b62e35f76a70605c69e54cf40d84b5270 |
| SHA512 | 29d3f594fae6863fbcc71226bd55eeb94c3b7152b7160dd4972e3bc0eeca6e87f94ca7be92df3d560d503e67077c03583e58ab9a902c10c69d5140deac5e99c7 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8e6f6fe-3671-11ef-97ec-76d7d0441b5e.quar
| MD5 | 1b1d65910c0671406138ed8d585e9ab3 |
| SHA1 | d5d12e6b1a66fecbaf6682f480b6e0bda72b0d4e |
| SHA256 | 437d7fc922f5da47587f18fca9e0c1ef9853453b13a4103f3fe3adf186dc62ea |
| SHA512 | cb3b19f6b51f7316d4cdfad54985681fe47addf9eec26d6ba1275dc6168dbd28c40f6ac10b6f02cca99866e2396b22695de81b6f801c6cb614b5b6cc0d6ef1c7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_SecurityAdvisorSettings.json
| MD5 | 117955b4fbea67919853fe6fa335f7ff |
| SHA1 | 25832084e873aca9550c400bf6ba04fce70cfd7f |
| SHA256 | babf85efaad163cd387fa061358b1921b829ca946e20ab9f3cbd6c89176f3ad2 |
| SHA512 | 0f43315e1e4fd621f1daaecd84daac9dcb1105dd578cc3d2df4c202811741a405b8e65a8f931d6e49d9ca979584266499211d8760d05ee4f4d2e37c27ed3c9a1 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\161fa6e4-3672-11ef-9fc9-76d7d0441b5e.quar
| MD5 | ed6502b760d5608b96ff973c6330a902 |
| SHA1 | bd6977b6217c1958c3d41cb5088ed8723a123531 |
| SHA256 | a8178628c7baa5e0ad59c9eda97cb7cca5d1d66bf75079759b4b6cc5d9d4e3c7 |
| SHA512 | 292eb9a30d1322206997d548484645a8be2ed04a55415bd2bcb073fc5039b722ef30be916b756fafb29a34bdb6dbc0a224eea63846c7002f30dcc9f2ea92f587 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_DCountInfo.json
| MD5 | b5690e819e1716c0242d60dfebcd15dd |
| SHA1 | 6d4b046686b5f7a0567dcabdede4be291693d3ad |
| SHA256 | 109f5e86581a8215e9b32195a580ef069cc58b5361d0911403c72a453f1b20d7 |
| SHA512 | ed2f11f270f5f8b1dab1263c8bc3943835f96dcce42be9bb1b192c34903e9a59ad9b7f823ee326f8f78392e4d5ca41d1fc33ffa99cee83ec2cafbf34024c0f41 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fac8e6e4-3671-11ef-9ff1-76d7d0441b5e.quar
| MD5 | e569753e4b8c41158ad418963af2327b |
| SHA1 | cb0082879cfa3a9ee0e45f9673ed615cf22d509a |
| SHA256 | 2c31305a0e79aa064a969b9a3f81be7540c36eaafaaf5411aa143df1974510bd |
| SHA512 | a75b5d09c974bb6232947306dcf2937944aa015d954e346f252ff8b3402dd6bcd8f0d9d7af87ccc3a0c4991f54de4d11a6e6879b82d764a1ab7b2ee6c3eb79d7 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1116e4d2-3672-11ef-892e-76d7d0441b5e.quar
| MD5 | 572baa27ba3213aabf91899a2eb7628f |
| SHA1 | 629818ce22d0f6ce4c50243186f6a20cfbda957a |
| SHA256 | 89971e7f2df184ab3a15776bc68ebd6d2ea7f3cbd342db1880f26dcba91a4879 |
| SHA512 | cd5d2b487655773f64a99185c7b02042d61f234523e8b699ab96e216a355f718c97861a6abd1ece69c0acb99b4884978773b20a323352f54b96e3cc01683044f |
C:\ProgramData\Malwarebytes\MBAMService\AMECls
| MD5 | 1707970cd62170d965bc0a21a3d725d6 |
| SHA1 | 44ed43b1d737df6947d8dc49b2cc018697c22cdf |
| SHA256 | 8b7c6dc1bde70f0d1fdac97bbb8f682d830854d11b16c05359e05df2f40e9aea |
| SHA512 | 7d411393f8c5ace8926f108a74b1da60356809d925e046f690c96095c35f400c7a03cb205542510fc7c50da026eb7f930a3866814b83722b27a94110aecc6a38 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f90a5dce-3671-11ef-9418-76d7d0441b5e.quar
| MD5 | 3b724d85111cae73b0d281b50fa71369 |
| SHA1 | 74fa4c020b6f01ff9dad9c42eb0ecc45f3ba6f94 |
| SHA256 | ba68f2c520fbaa835715ebb6d0f04e833c355f461fd790de782a776f6d88aea5 |
| SHA512 | 500b158a7a53cabb13da6364c5e1f0ccad5967aade1fdbebcfb6a949cf04867c679f04efede737bc735fcda3012ee85733fbf031223cda507b9dcc1c3fa8c63a |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0a85122e-3672-11ef-81e8-76d7d0441b5e.quar
| MD5 | 247555dadb447b99d9f53e2c5cd38768 |
| SHA1 | cf7cfb38a99a833ed744d9c4a34865f4c621a1b9 |
| SHA256 | 9434251d8ce36e8513b89592062765267bf375413641c2534d1c79e86fa36634 |
| SHA512 | 1fdbc45476e5b4e64284f8921583f58a01037ae02b060b5cb72421c93b3a5facdac68860dc5d85de14de4c9c8d3b2eb3b142f6d79c4f3bafff40b798e8bb5dc2 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0bbe077c-3672-11ef-a647-76d7d0441b5e.quar
| MD5 | 4a485629bca4ae0a6dbc4322fca8ef7f |
| SHA1 | 58df0df0604e2ec01ad8d5bb45f807efe8e4b611 |
| SHA256 | 40a27d1c33ba314b46f9a78fc8f3915e8c4f3bdaf68ea7a280fc2b9cd2e82eb4 |
| SHA512 | 79b9c6cee3895add47ec29b6c13388be88e375eb31ad4e8f127827bdbdfdfb02cddaab06e574bd1e6b349afbe0484bc26743cba69b15a48006e2fd24c442d324 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_NotificationsSettings.json
| MD5 | 166a103c5f0ce890a043393e7634519f |
| SHA1 | d0cc989783ef61b2bfbf872f87fbed0add4d64f8 |
| SHA256 | 69b34fb6f4c3d668b5f9f1acc0ee87b082d997fe5a69550ffa486c1614a505f2 |
| SHA512 | 1898cca7dbff12b24d162ec790b4fe8903d0e4b2ab2525b75756d61da79b8dfe1453111bc627fad8bcba6aa3894d20c7ac5ed0950d04332b1da0524cbeeb0c3d |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f91b9b8e-3671-11ef-b9fc-76d7d0441b5e.quar
| MD5 | f3b327974995ca41a6cf651e77a404d4 |
| SHA1 | dc8f92a9f14386f37b19f3f56e9ff72211209a5f |
| SHA256 | 62ee1c4772d8f6a79b529e6b1312c624f0705f1a946ef39894fba987cf3462e9 |
| SHA512 | 998809cf5881fdb9f5d095e50a786f2344c0b10fc9a4d9c6f1cbb804df994aa98728dc73685a514f20967ac8ab1a9140b456529c26ac668f61245f86bb2872da |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f8a5f686-3671-11ef-9d4f-76d7d0441b5e.quar
| MD5 | fbbfb6fba07e7c14d701791d346b4076 |
| SHA1 | 7a408db8d7fba71d897c04688ee4a030d4e8ce0b |
| SHA256 | c0719b5eddb285e486662c6253aeca025b59cac17235654c35004efe421ceb90 |
| SHA512 | cb4c09ee54c7231da4ddc791bffda41ffd59293eadc0e503bd5d89d19d2187626b1ac7d177839797452a5e88eeea629c0b9af2df213e565fe42fa5e8a922ecbc |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\36c6cfd4-3673-11ef-8087-76d7d0441b5e.data
| MD5 | 575c94fc6b9e408e57302318f6970957 |
| SHA1 | da9025f3da4898313edc3a7bbbdc80d375e1556f |
| SHA256 | ad388b4fffe6ff4305906a482c8c84dfd3b3e3579c4776d4de51666ffa6bca6b |
| SHA512 | dfc5da2fc1a282d9753f15dbb1caa8b13bbf7a3718044456ceed5f33277cd879702d9ce9b7fbd57f7477923887117e85a9813a3f808940a758cbfb2174b475e9 |
C:\ProgramData\Malwarebytes\MBAMService\DDSCls
| MD5 | 8be99cc8dd94dbd5c573a0e21597c881 |
| SHA1 | 145959020f17d667988de4086deda712d8e552ad |
| SHA256 | a0a861ba160cfcc12281c10ce5756751268dc7aedab53317f9cba71f6f1d6157 |
| SHA512 | 4ac973c7b685b8b607ffef0cf8583ad2edc5d8404d2b9ba6ad012396cee2e8394c9644928e29767e1bb3253dc840dd34d4275cdbd617d2e9de0ead3c2bf70a95 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8eebbe680d1a4c9222552e601624e99c |
| SHA1 | e0ae88f24402c9751d2325a73f6030b18c8b2621 |
| SHA256 | bd3568d3b7eb1eb78eba1f6090897a4123afbad77d6b379073fb359bbaefd2d3 |
| SHA512 | 130ebb1c05b0e255a6f9887441c512a9041c55814a35765ee5ae93fdf1a1e3650115e22055f4e9a82957f9edef27bd0d69f1ef720ab0b27236a03c3502770868 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | bf9d5f10f9eba36252a1df5c1fe79883 |
| SHA1 | 72d015a879cd39d96e894ae28746e4a564922aba |
| SHA256 | 1317ee25dd8758514a3251fa36387d6b4cd0f504f931efad2f8aa1bf73406f2e |
| SHA512 | 1372b303ff345e112d793690afbc1855608f9b6df3c2dbf476bd6ceaa3cd774e7fb45509cbd583b3d35c9b704ead9d7ad77836119d85e585c3420d37916e4a7a |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 306db036e2db7b9c841457894f1a4718 |
| SHA1 | e7b0a9b7cdda3a3ed5a1c5c86e5c180015c9610b |
| SHA256 | f022f64880366218e7ce95bebeed4f2678d166a539d5f294021f30480063a9c7 |
| SHA512 | 759aaa96a8090d3fcc7a73810da7c35a070b53f30936eb0d6e5b34be661b9dd593ea6c13ca144ff9d4240ad1ee4330cd8179db2020e48d3977a2085444f64940 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0540f74ca185bc76db360d1174862051 |
| SHA1 | dcd99a52451d3f3f2499c183b87bdf7f6d233b15 |
| SHA256 | 9732a4d998fbbb8744519d40765d8977ccc2564ce25d1de1faeb97dba6c2705c |
| SHA512 | 555d7b0313c0d94c0120c7df8132df77bed7bc7d0f12dbf368d0faee9ff86dd8a7c3031e28a61c157546c9ffc327108c0d88941fda2ff58d73610392d67c33c6 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 88a12ed56b66fec83c0ee0aefad290cf |
| SHA1 | 72541a37e3845c0f2a65a94b8fc4aa31b3d71af7 |
| SHA256 | f3cac33adaef15250551d0775456506dd9c9bcff7ea679371f9b26a37b0b0c7c |
| SHA512 | 8428f691549b9655e3bde9787adf1dcecb68d509e02adbfe25bb19546f964231d828cd82b7221ae014dfe993941eecdba5a733e90e85fb597c4ecd6c036181ce |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c3a20e8d32f3aec89f60d3d66cc249cc |
| SHA1 | fdb91781af2724cac5625ff9f9ae9c2c9bcaa6f4 |
| SHA256 | fbf244bd148ba5babb5bca05e55b9d809e66d93415df90220555abce89d51f8c |
| SHA512 | 3393ba7eb6be149a0733e7bd384aaaf1e94a24794a6a815feb76324b9ce87eb314f6342a1610a98979a0c4ccd12740bfde2d7017b79bff5b0780c73f49a40f04 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | bfd3d845114df2c9543550d1b63aca23 |
| SHA1 | f8e1cf1d74379957c03c60e672b437ff5b0af3bf |
| SHA256 | 546c079b24418a5fae917894f7919868980b245137b032e1f9b725d2b902def2 |
| SHA512 | 7689aec701d9cdc10c19e73766f675c91fa8e4cb6bc36f7159b0944d7d4ceb6ae069bf10897161faa7fc821f51d041dc6318868340647e339ea54ac2773d3623 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7e154838-3674-11ef-9d65-76d7d0441b5e.json
| MD5 | 7164e2dbc6d0a2de30a65eeb5dceb2b0 |
| SHA1 | eedba5208c98b5ce016ecc1ef2569c81162b4c31 |
| SHA256 | 93c90857eb1d61ead589d5038067051b83796dcd9bb19e705f5c6552e9519a01 |
| SHA512 | 00f1da1f592ad8690e08b701e7ae7b5c81ee643f4ad9ce44711b397d8df6dff188c0f0bddcfbbb5b7c67145ecd244416477b09e59b686f408e6f96a9dca7d590 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-29 23:24
Reported
2024-06-29 23:54
Platform
win11-20240508-en
Max time kernel
1793s
Max time network
1181s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU3C56.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU3C56.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=5A382D815BE84808A5801F3AF1E878CA" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AC15A4D-46BC-4F90-BAC3-ABFFE481005B}\BGAUpdate.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU3C56.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU3C56.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\InGameMenu\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\sky\sky512_rt.tex | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\ImageSet\InGameMenu\img_set_1x_1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source5112_1727638614\msedge_7z.data | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Locales\lb.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetPreview\vote_down.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\is.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Trust Protection Lists\Sigma\Social | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeveloperStorybook\ToolbarIcon.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sky\cloudDetail3D.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\btn_removeEvent.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarEditorImages\Sliders\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Breakpoints\MoreButton.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\Auth\qqlogo.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\WidevineCdm\manifest.json | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\RobotoMono.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\particles\fire_sparks_main.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\common\robux.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Trust Protection Lists\Mu\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\heads\headK.mesh | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\msedge.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\VisualElements\Logo.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\en-GB.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Locales\pt-BR.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\9SliceEditor\Dragger2Left.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\RoactStudioWidgets\button_radiobutton_chosen.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetPreview\play_button.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Emotes\Large\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\addEvent_inner.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\CollisionGroupsEditor\checked-bluebg.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Sarpanch-Bold.ttf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\Guru.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\category\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\gd.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\msedge_100_percent.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeveloperFramework\PageNavigation\button_control_start.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Backpack\Backpack.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\PlayerList\OwnerIcon.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\resources.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\particles\forcefield_alpha.dds | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\shift.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Players\Unmute.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ViewSelector\front_hover.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\category\ic-top [email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-tip-right.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\sk.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\FredokaOne.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\Thumbstick1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\ButtonL1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\identity_proxy\win11\identity_helper.Sparse.Canary.msix | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Locales\hr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\pt-pt.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\icon_regions_move.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Input\DashedLine.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Radial\RadialLabel.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.81\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LoadUserSettings = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}\ = "ie_to_edge_bho" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDA3QUY3OUUtQjEyRS00MERCLUEzODctMjI4NERERjVGRDEzfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyOEI5MDIzRS0xMjcwLTRCRjMtQkY2MS0zM0MxOEM3RDNFNzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2MDUxOTkyMjciIGluc3RhbGxfdGltZV9tcz0iNjMxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{007AF79E-B12E-40DB-A387-2284DDF5FD13}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDA3QUY3OUUtQjEyRS00MERCLUEzODctMjI4NERERjVGRDEzfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNjAyNkEwQi0xRjExLTQ4N0YtQjA1Ri0yRDQ2OUFFNTBGNER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTYwODg0OTI5OCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A351579F-6438-4F4C-A9D2-5B9B5C3C9FE2}\EDGEMITMP_D3889.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff67687aa40,0x7ff67687aa4c,0x7ff67687aa58
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDA3QUY3OUUtQjEyRS00MERCLUEzODctMjI4NERERjVGRDEzfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1ODk1QzkyOC0yQUI5LTQyQzAtOTc3My1DMTg1ODFDMDk5NDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjI0MTY5MTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTYyNDI0OTMwMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY4NjMyNDkxNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzExMTBiZjYzLWM2Y2UtNDcxNC05NjliLWIzMDI4YjQ0MWM0Nz9QMT0xNzIwMzA4NDA0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUgwR1dQJTJmdFVXTzBWaGt3M0ZVVUFQclNKbHpNYU4yRnVwdEdzQ3VDNTdRM0RmREtQNXY4UEpIVzFhakNBOVJnWlgyJTJmTGZzYnJTUXViTldkTGU2UEs5USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzA4MjE2OCIgdG90YWw9IjE3MzA4MjE2OCIgZG93bmxvYWRfdGltZV9tcz0iMTE3NTE5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjg2MzM1OTI0NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY4NzY5NzkyMDciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjczMTgxNjkxNzciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4NTAiIGRvd25sb2FkX3RpbWVfbXM9IjEyMzg5MSIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDExOCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0AB75997-3C63-4549-BD02-49A019074A3B}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0AB75997-3C63-4549-BD02-49A019074A3B}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{AF0D4EDD-CAF5-4ED2-A7DB-6CFDC833B40E}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUYwRDRFREQtQ0FGNS00RUQyLUE3REItNkNGREM4MzNCNDBFfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyN0ZBQzRBQi05MTczLTRCMDEtOUU1RS1EOTM3QjZFMkUzNTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxNzAyNzgxNTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTE3MDI3ODE1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTczNjY4NDM4MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzIwMzA4NzU5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJpNHVmVlZHUGQ4eGdBajk1Rnc4Mk1WUXBWRU5GWTNkTHpsZ1VkbVR4cUxCdXYxVCUyZjZEaWN5eEZIYnZCczVZREs4YUllJTJiODRNSnl2MG1Bc29DcURzUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3MzY2ODQzODEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzIwMzA4NzU5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJpNHVmVlZHUGQ4eGdBajk1Rnc4Mk1WUXBWRU5GWTNkTHpsZ1VkbVR4cUxCdXYxVCUyZjZEaWN5eEZIYnZCczVZREs4YUllJTJiODRNSnl2MG1Bc29DcURzUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSI1MjIzNCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzM2ODQwODAyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NDE5OTY5OTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU5NjQ4MjgxNTE3ODUzMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0UxMTcxRjExLTBEQTktNEUzNi1BMDc2LUJEQzAwMTFDMjBDQn0iLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Temp\EU3C56.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU3C56.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{AF0D4EDD-CAF5-4ED2-A7DB-6CFDC833B40E}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUYwRDRFREQtQ0FGNS00RUQyLUE3REItNkNGREM4MzNCNDBFfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTE3MkExQjgtRDYyNS00RjM0LTg0ODUtRTlCQjFFQjgxQzdDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk3MDM2MDEiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MDQ0OTY4NDgiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM1ODY2MEMtQUU0OS00MTAzLUFCOUUtRkI0OEE0OUJEQ0ZDfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QzU1RjI5MDctMDBDQy00QTU2LUI3NzAtMUE3MEE1RTMzMDQ5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTUxNzQxNjMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1OTY0Njg0NTcxMDg4MzAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjgwNTQzNDIxNiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AC15A4D-46BC-4F90-BAC3-ABFFE481005B}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AC15A4D-46BC-4F90-BAC3-ABFFE481005B}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM1ODY2MEMtQUU0OS00MTAzLUFCOUUtRkI0OEE0OUJEQ0ZDfSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDNDY1NUY1Qy1CNzYxLTRDOEMtOURCRS03RjI5NzY4NkFENjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyODEyNDY1NzIxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4MTI2MjE4OTQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0NTM0MDMxMTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDMwOTEyMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1qVnJaNGZCeXNiWDBGQ0pPcExhMDNYekVRb3VpREQzNlVraVVXb0JMdmJCdXIlMmJtaTRYZ2g5NXVVVFhzc0VDWFBGRHRUcFhROUN3TGNYdEZWRHlWcVVRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQ1MzQwMzExNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MjAzMDkxMjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9alZyWjRmQnlzYlgwRkNKT3BMYTAzWHpFUW91aUREMzZVa2lVV29CTHZiQnVyJTJibWk0WGdoOTV1VVRYc3NFQ1hQRkR0VHBYUTlDd0xjWHRGVkR5VnFVUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjU5Njg4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0NTM0MDMxMTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQ1OTQ5NjkzMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNDYxMzcxNzg1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjY1IiBkb3dubG9hZF90aW1lX21zPSI2NDA0NyIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTcyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff78179aa40,0x7ff78179aa4c,0x7ff78179aa58
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff78179aa40,0x7ff78179aa4c,0x7ff78179aa58
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6b608aa40,0x7ff6b608aa4c,0x7ff6b608aa58
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6b608aa40,0x7ff6b608aa4c,0x7ff6b608aa58
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUVDMTM4QzYtQUZFMS00N0Q2LUFCMTQtMDhGRkQwM0E2Nzc5fSIgdXNlcmlkPSJ7M0UyODgwRjItRjI5Mi00MDlDLUJBNTYtQTVFMjYzREU5QkY5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntEQkM1ODJGQy1DRDcwLTREM0YtOEJENC05MjUxQUM4OTY2Mjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjcwIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzg5IiBwaW5nX2ZyZXNobmVzcz0iezZDRTUxMzIwLUQ0NjEtNDdGNS1CMkRDLTFCOTE4MTBBRkRCQn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTY0ODI4MTUxNzg1MzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzODc0NDk2OTE1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzODc0ODA5MjcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTAwMTIxNzY2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTEzMDkwODIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDI3NjIxNTU1OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcwMyIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzNjMxMiIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzODkiIHBpbmdfZnJlc2huZXNzPSJ7RjlBMEIyMkYtRTM1OS00RjhFLUIyMEUtNTVGN0Y2RkQ1Njg5fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgY29ob3J0PSJycmZAMC4yMCIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzg5IiBwaW5nX2ZyZXNobmVzcz0iezJCNTE5RkU1LTczRDktNEM1NC1CMDYxLTlDRjcwOUYwRDg1Rn0iLz48L2FwcD48L3JlcXVlc3Q-
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:49728 | tcp | |
| N/A | 127.0.0.1:49732 | tcp | |
| N/A | 127.0.0.1:49735 | tcp | |
| N/A | 127.0.0.1:49738 | tcp | |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 62.245.224.13.in-addr.arpa | udp |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 199.232.214.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:50168 | tcp | |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 143.191.67.13.in-addr.arpa | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 20.7.47.135:443 | msedge.api.cdp.microsoft.com | tcp |
Files
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 4fa63f4ccb9b1fca93ab82e51c6d4750 |
| SHA1 | 1f26018c15ed5e14140ed44c28cf52a7b892fc86 |
| SHA256 | 685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb |
| SHA512 | a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
| MD5 | b022682dd39d113f2d5a65a172dbd28f |
| SHA1 | aa874df3d3d0a9539c53a8a0c96c4c119bae2c52 |
| SHA256 | 47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3 |
| SHA512 | d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525 |
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ja.dll
| MD5 | b507a146eb5de3b02271106218223b93 |
| SHA1 | 0f1faddb06d775bcabbe8c7d83840505e094b8d6 |
| SHA256 | 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed |
| SHA512 | 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_mr.dll
| MD5 | 468a420700d239a0cd90b95896b0d6da |
| SHA1 | ce57e3abf57c7ae13e99546b2a5e19dec03cb9b7 |
| SHA256 | 24b304bd40f8e63848f8d2a1ca6ac8bc032b7a700161efad61ad445787650c87 |
| SHA512 | 604c4cc8132c520da70c4870514610364648ec6446afa47128ac3aa8a9157932705da93e8ed4e33d56f5191d611b26b76aeba1514e9dff1a13dd32693cfddb8b |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ms.dll
| MD5 | 51230a1b9ab0dad791e583b7ee57afe4 |
| SHA1 | 957ba3e5d9b2df16ea3e099aab5b7e74d2055e46 |
| SHA256 | a47fc6a9a75875e75f3415f068c357dd499e533849381b875272d5994c163670 |
| SHA512 | 5a3d754cefa1ab28748cb38021b5cbebd93fe513da0f4a7cbae98c0938acb10cdda939171d0842b09e97cb4c73f19272be665f767642ba1c5b25c709b5417edb |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ml.dll
| MD5 | 7e90d4306c5768dfd1160ad9e2168a19 |
| SHA1 | 4f7b17843ad226d51cfb0090235b55a29b5a674a |
| SHA256 | 8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c |
| SHA512 | f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_mk.dll
| MD5 | 064035858a1df697913f06c972461901 |
| SHA1 | b6be99ae8e55207949076955389bc8fec81937fd |
| SHA256 | 4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6 |
| SHA512 | 9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_mi.dll
| MD5 | 1866ddadd9397dbf01c82c73496b6bff |
| SHA1 | b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b |
| SHA256 | 9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17 |
| SHA512 | 76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_lv.dll
| MD5 | 30849a9c16061b9a46a66e8e7d42ff81 |
| SHA1 | 2d0e86535d964acce8912c6bef3cc12346b22a6c |
| SHA256 | b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9 |
| SHA512 | 298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_lt.dll
| MD5 | 7071c732cf3e4b3144cf07c49d8eb44f |
| SHA1 | 3800bf304b44d9d27ac26bed6ccc899669dc3b4f |
| SHA256 | 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6 |
| SHA512 | be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_lo.dll
| MD5 | 864edbc77831a64a3e3ab972291233bb |
| SHA1 | fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe |
| SHA256 | aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51 |
| SHA512 | 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_lb.dll
| MD5 | 269e84b82973e7b9ee03a5b2ef475e4d |
| SHA1 | 4021af3bfde8c52040ad4f9390eb29ae2a69104b |
| SHA256 | c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07 |
| SHA512 | db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_kok.dll
| MD5 | ca3465347e57624ee2a5dd2299d4f4cd |
| SHA1 | 551a151a8d49489c90400e18c34633aa2c2b8a4b |
| SHA256 | 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0 |
| SHA512 | a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_kn.dll
| MD5 | 60dfe673999d07f1a52716c57ba425a8 |
| SHA1 | 019ce650320f90914e83010f77347351ec9958ab |
| SHA256 | ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af |
| SHA512 | 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_km.dll
| MD5 | 2ea1200fdfb4fcc368cea7d0cdc32bc2 |
| SHA1 | 4acb60908e6e974c9fa0f19be94cb295494ee989 |
| SHA256 | 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3 |
| SHA512 | e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_kk.dll
| MD5 | bcb1c5f3ef6c633e35603eade528c0f2 |
| SHA1 | 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e |
| SHA256 | fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1 |
| SHA512 | ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ka.dll
| MD5 | 3bc0d9dd2119a72a1dc705d794dc6507 |
| SHA1 | 5c3947e9783b90805d4d3a305dd2d0f2b2e03461 |
| SHA256 | 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb |
| SHA512 | 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_iw.dll
| MD5 | 45e971cdc476b8ea951613dbd96e8943 |
| SHA1 | 8d87b4edfce31dfa4eebdcc319268e81c1e01356 |
| SHA256 | fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d |
| SHA512 | f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_it.dll
| MD5 | 497ca0a8950ae5c8c31c46eb91819f58 |
| SHA1 | 01e7e61c04de64d2df73322c22208a87d6331fc8 |
| SHA256 | abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7 |
| SHA512 | 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_is.dll
| MD5 | 5664c7a059ceb096d4cdaae6e2b96b8f |
| SHA1 | bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec |
| SHA256 | a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e |
| SHA512 | 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_id.dll
| MD5 | 03d4c35b188204f62fc1c46320e80802 |
| SHA1 | 07efb737c8b072f71b3892b807df8c895b20868c |
| SHA256 | 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95 |
| SHA512 | 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_hu.dll
| MD5 | f4976c580ba37fc9079693ebf5234fea |
| SHA1 | 7326d2aa8f6109084728323d44a7fb975fc1ed3f |
| SHA256 | b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791 |
| SHA512 | e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_hr.dll
| MD5 | 0b475965c311203bf3a592be2f5d5e00 |
| SHA1 | b5ff1957c0903a93737666dee0920b1043ddaf70 |
| SHA256 | 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0 |
| SHA512 | bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_hi.dll
| MD5 | 34cbaeb5ec7984362a3dabe5c14a08ec |
| SHA1 | d88ec7ac1997b7355e81226444ec4740b69670d7 |
| SHA256 | 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9 |
| SHA512 | 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_gu.dll
| MD5 | f9646357cf6ce93d7ba9cfb3fa362928 |
| SHA1 | a072cc350ea8ea6d8a01af335691057132b04025 |
| SHA256 | 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150 |
| SHA512 | 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_gl.dll
| MD5 | 84a1cea9a31be831155aa1e12518e446 |
| SHA1 | 670f4edd4dc8df97af8925f56241375757afb3da |
| SHA256 | e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57 |
| SHA512 | 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ko.dll
| MD5 | cf91a1f111762d2bc01f8a002bd9544d |
| SHA1 | db2603af55b08538a41c51fc0676bc0ed041d284 |
| SHA256 | baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75 |
| SHA512 | 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EUE838.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | b2238bec38c33767fff3c1709c23ea04 |
| SHA1 | c8868bdedd9fa2788ed79e6c98f360016e5ee0eb |
| SHA256 | b1975eeb95723b2d29473ee2e2579a048fe1cccb395a88b2647289279c627620 |
| SHA512 | 713a00c2248a66c70a43aad7b25950087c17098d15574d997240864435c94e7eb96d92c0344d51b0727515c842c92286700e91063b29ad828ad14c604c656b1f |
memory/4540-258-0x0000000000280000-0x00000000002B5000-memory.dmp
memory/4540-259-0x0000000073C40000-0x0000000073E50000-memory.dmp
memory/4540-266-0x0000000073C40000-0x0000000073E50000-memory.dmp
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | 2783a8e4ffab93b0ae89ec3be97b95a5 |
| SHA1 | df39ade30234382f06547225e8ca71e3a6d9071a |
| SHA256 | fa3eb3ab5e45a9d905592858e322852af0c9db8d608734be0b2117de6359de5d |
| SHA512 | d7bc0f6b18fc379d172880ce584e74752ad6e0efbd42c7e82ca52271fae203a0339886393ae9985c795201dd60fe691a358bf578057ee48fbcccb36f0bdac858 |
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
| MD5 | 7c44a5cba89f38d967b1f4e11225da0f |
| SHA1 | 44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd |
| SHA256 | a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706 |
| SHA512 | 25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99 |
memory/4540-324-0x0000000073C40000-0x0000000073E50000-memory.dmp
memory/4540-335-0x0000000000280000-0x00000000002B5000-memory.dmp
memory/1360-346-0x00007FF8D2150000-0x00007FF8D2180000-memory.dmp
memory/1360-349-0x00007FF8D21E0000-0x00007FF8D21E9000-memory.dmp
memory/1360-348-0x00007FF8D2150000-0x00007FF8D2180000-memory.dmp
memory/1360-347-0x00007FF8D2150000-0x00007FF8D2180000-memory.dmp
memory/1360-345-0x00007FF8D2150000-0x00007FF8D2180000-memory.dmp
memory/1360-344-0x00007FF8D2150000-0x00007FF8D2180000-memory.dmp
memory/1360-343-0x00007FF8D2100000-0x00007FF8D2110000-memory.dmp
memory/1360-342-0x00007FF8D2100000-0x00007FF8D2110000-memory.dmp
memory/1360-341-0x00007FF8D1FE0000-0x00007FF8D1FF0000-memory.dmp
memory/1360-340-0x00007FF8D1FE0000-0x00007FF8D1FF0000-memory.dmp
memory/1360-350-0x00007FF8D19E0000-0x00007FF8D19F0000-memory.dmp
memory/1360-357-0x00007FF8D1A90000-0x00007FF8D1AB0000-memory.dmp
memory/1360-359-0x00007FF8D1B80000-0x00007FF8D1B8C000-memory.dmp
memory/1360-358-0x00007FF8D1A90000-0x00007FF8D1AB0000-memory.dmp
memory/1360-356-0x00007FF8D1A90000-0x00007FF8D1AB0000-memory.dmp
memory/1360-355-0x00007FF8D1A90000-0x00007FF8D1AB0000-memory.dmp
memory/1360-354-0x00007FF8D1A90000-0x00007FF8D1AB0000-memory.dmp
memory/1360-353-0x00007FF8D1A70000-0x00007FF8D1A80000-memory.dmp
memory/1360-352-0x00007FF8D1A70000-0x00007FF8D1A80000-memory.dmp
memory/1360-351-0x00007FF8D19E0000-0x00007FF8D19F0000-memory.dmp
memory/1360-363-0x00007FF8CF640000-0x00007FF8CF650000-memory.dmp
memory/1360-368-0x00007FF8CF810000-0x00007FF8CF820000-memory.dmp
memory/1360-367-0x00007FF8CF810000-0x00007FF8CF820000-memory.dmp
memory/1360-366-0x00007FF8CF7F0000-0x00007FF8CF800000-memory.dmp
memory/1360-365-0x00007FF8CF7F0000-0x00007FF8CF800000-memory.dmp
memory/1360-364-0x00007FF8CF7F0000-0x00007FF8CF800000-memory.dmp
memory/1360-362-0x00007FF8CF640000-0x00007FF8CF650000-memory.dmp
memory/1360-361-0x00007FF8CF4D0000-0x00007FF8CF4E0000-memory.dmp
memory/1360-360-0x00007FF8CF4D0000-0x00007FF8CF4E0000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
| MD5 | a9ad77a4111f44c157a1a37bb29fd2b9 |
| SHA1 | f1348bcbc950532ac2b48b18acd91533f3ac0be2 |
| SHA256 | 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889 |
| SHA512 | 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
| MD5 | 3f208f4e0dacb8661d7659d2a030f36e |
| SHA1 | 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff |
| SHA256 | d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b |
| SHA512 | 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0893F61D-218D-4963-B124-2C3EA7A3B994}\EDGEMITMP_B1C59.tmp\SETUP.EX_
| MD5 | 33efe1418d476ff5d8eaffa404072360 |
| SHA1 | 0b24c3cf402737e23b509b7cd9c49761d2d6ea08 |
| SHA256 | caa9ce4d4a529b0a5e19c24a85cbe3bcd74b7d8bc5d3f946c909cf05deb16d10 |
| SHA512 | 0438c9b819a695edc549ea19419fab9b6f152d3e457c8f59418d1bbc409a80ca4988d1b6797d9b4c47aa79761074f5f9c36d96d131b72a64b45cf3bfb4b80c0b |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | ffca1f7c84a963b8348618cce82b8a89 |
| SHA1 | 786fc7f049930e11d89975c3895c3b4c38460bac |
| SHA256 | 2bdb14fea64cabb5bbf698a6aa1999b1ad511fbaf572b7b99eb828c35672d786 |
| SHA512 | ee6f8c014acefb3de391771ede38ac65630c459d807ab44f16aad659d39e1e59d3ab5d3a809e232eece244697fedd176641479777273b28a635b8735e6b10e8a |